Privacy Policy

1. Introduction

This privacy policy applies to justinbartak.ai (the “Site”), a personal portfolio and blog operated by Justin Bartak (“I,” “me,” “my”). This policy explains what information is collected when you visit the Site, how it is used, and your rights regarding that information.

By using the Site, you acknowledge that you have read and understood this policy. If you do not agree, please discontinue use of the Site.

2. Information Collected

Information collected automatically

When you visit the Site, the following non-personally identifiable information may be collected automatically through analytics services:

• Pages visited, time spent on pages, and navigation path
• Referring URL (the page that linked you to this Site)
• Browser type, version, and operating system
• Device type (desktop, tablet, mobile)
• Screen resolution
• Country-level geographic location (derived from IP address, which is not stored)
• Date and time of visit

Information not collected

The Site does not collect:

• Names, email addresses, or other personal identifiers through the Site
• Payment or financial information
• Precise geolocation data
• Information from minors (the Site is not directed at individuals under 16)

If you contact me via email, any information you provide is handled through standard email services and is not stored in any database connected to this Site.

3. Purpose and Legal Basis

Information is collected for the following purposes:

• Site improvement: Understanding which content is useful and how visitors navigate the Site.
• Performance monitoring: Identifying and resolving technical issues.
• Security: Detecting and preventing abuse or unauthorized access.

The legal basis for processing this data is legitimate interest (Article 6(1)(f) GDPR) in maintaining and improving the Site. No data is used for profiling, automated decision-making, or direct marketing.

4. Tracking Technologies

The Site does not set any cookies. Analytics operate in cookieless mode. Specifically:

• PostHog analytics (cookieless): PostHog runs in memory-only mode. No cookies are set, no data is persisted across sessions, and no personally identifiable information is collected. IP address collection is disabled.
• No advertising cookies: The Site does not use cookies for advertising, retargeting, or cross-site tracking.
• Vercel Analytics:The Site is hosted on Vercel, which processes request metadata (page path, timing, and anonymized IP) for performance and analytics purposes. Details are covered under Vercel's privacy policy linked in Section 5.
• No social media trackers: No Facebook, Twitter, or other social media tracking pixels are used.

No cookies are used on this Site. Disabling cookies in your browser will not affect any functionality.

5. Third-Party Services

The Site uses the following third-party services, each with their own privacy policies:

• Vercel— Hosting, edge delivery, and web analytics. Data processed in accordance with their privacy policy.
  vercel.com/legal/privacy-policy
• PostHog— Product analytics for understanding Site usage patterns. PostHog is configured to collect anonymous data only; person profiles are created only for identified users (none exist on this Site).
  posthog.com/privacy
• Inter (Typeface)— The Site's typeface (Inter) is self-hosted and served directly from this Site's infrastructure via Next.js font optimization. No font requests are made to Google servers by your browser.

No data is sold, rented, or shared with third parties for marketing purposes.

6. Data Retention

Analytics data is retained for a maximum of 12 months from the date of collection, after which it is automatically deleted. No personal data is retained, as none is collected.

7. Data Security

The Site implements industry-standard security measures including:

• HTTPS encryption for all connections (enforced via HSTS)
• Content Security Policy (CSP) restricting script sources to self and allowlisted analytics domains
• X-Frame-Options, X-Content-Type-Options, and Referrer-Policy headers
• No server-side databases or user data storage

8. International Data Transfers

The Site is hosted on Vercel's global edge network. Analytics data may be processed in the United States. Vercel and PostHog maintain appropriate safeguards for international data transfers in compliance with applicable regulations.

9. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Right of access: Request a copy of any data associated with your visit.
• Right to deletion: Request deletion of any data associated with your visit.
• Right to object: Object to the processing of your data based on legitimate interest.
• Right to restrict processing: Request that processing of your data be limited.
• Right to data portability: Request your data in a structured, machine-readable format.

For California residents (CCPA/CPRA)

You have the right to know what personal information is collected, request its deletion, and opt out of its sale. This Site does not sell personal information. To exercise your rights, contact me at the address below.

For EU/EEA residents (GDPR)

You have all rights listed above under the General Data Protection Regulation. You also have the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, contact me at legal@justinbartak.ai. I will respond within 30 days.

10. Children's Privacy

The Site is not directed at individuals under the age of 16. I do not knowingly collect information from children. If you believe a child has provided data through the Site, please contact me and I will promptly delete it.

11. Changes to This Policy

This policy may be updated to reflect changes in practices or legal requirements. Material changes will be indicated by updating the “Last updated” date at the top of this page. Continued use of the Site after changes constitutes acceptance of the updated policy.

12. Contact

For questions, concerns, or requests related to this privacy policy, contact:

Justin Bartak
legal@justinbartak.ai
justinbartak.ai