Skip to content
← Back to policies General site policy

Privacy Policy

How jlhernando.com handles web tools (Google OAuth, client-side data processing), Netlify Forms submissions, cookieless Plausible Analytics (legitimate interest, no cookie banner), security logs, and your privacy rights.

Last updated

Last updated: February 10, 2026

1. Who we are (controller)

Controller

Jose Luis Hernando (jlhernando.com), based in the EU. If you have questions, reach out using the contact details below.

2. Data we collect

I collect only what is needed to run the site and reply to you:

  • Contact details you share (name, email, company, project info, and any other information you choose to include) when you submit a form or email me directly.
  • Contact form data via Netlify Forms. Submissions are processed and stored by Netlify, which means Netlify receives the form fields plus basic metadata needed to deliver the service (submission time and anti-spam/diagnostic signals). Netlify’s infrastructure is primarily hosted in the United States.
  • Site interaction data via Plausible Analytics. I use Plausible Analytics, a privacy-friendly, cookieless analytics service. For each visit, Plausible processes the page URL you visit, the HTTP referrer, your browser and operating system, your device type (desktop/mobile/tablet), approximate location (country/region/city) derived from your IP address, and the date and time of your request. Plausible does not use cookies or local storage, does not create persistent identifiers, and does not store your IP address or full User-Agent string. Instead, it uses a daily rotating hash so that visits cannot be tracked across days or linked back to an individual, and the raw IP address and User-Agent are never written to disk. The analytics I see are aggregated and do not allow me to identify individual visitors.
  • Technical diagnostics needed to keep the site secure and reliable (e.g., error logs and IP addresses in server logs). These are used strictly for security and troubleshooting.

3. Web tools and client-side applications

Key point

All web tools on this site run entirely in your browser. Your data is never sent to or stored on any server I control.

Some pages on jlhernando.com host interactive web tools (e.g., the Free Bulk Google Index Inspect Tool). These tools have the following data practices:

  • Client-side only. All data processing happens in your browser. No URL lists, inspection results, or other tool data is transmitted to or stored on any server I own or operate. When you close the browser tab, all tool data is discarded.
  • Google sign-in. Some tools require you to sign in with your Google account via Google Identity Services. When you sign in, Google shares your name, email address, and profile picture with the tool so it can display your identity. This information is held in browser memory only and is not stored, logged, or sent anywhere.
  • Google API access. After signing in, the tool may access Google APIs (such as the URL Inspection API) on your behalf using an OAuth access token. This token is held in browser memory, is scoped to the minimum permissions needed (e.g., read-only access to Search Console), and is discarded when you close the tab or sign out.
  • Google’s privacy practices. When you use Google sign-in, Google may set its own cookies and collect data according to Google’s Privacy Policy. I have no control over Google’s data practices.
  • No server-side storage. I do not operate any backend, database, or API server for these tools. There are no server logs of your tool usage beyond standard Netlify CDN access logs (covered in Section 2 above).
  • Downloads. Any files you download from a tool (Excel, JSON) are generated entirely in your browser and are never transmitted through my servers.
  • To reply to inquiries and provide requested services (contract and/or legitimate interest).
  • To maintain and improve the site (legitimate interest), including understanding traffic patterns through privacy-friendly analytics.
    • For Plausible Analytics, I rely on my legitimate interest in basic reach measurement and site optimisation as the legal basis (Article 6(1)(f) GDPR).
  • To prevent abuse and keep services secure (legitimate interest), using short-lived security logs and anti-spam measures.
  • To comply with legal obligations (legal obligation), such as record-keeping or responding to lawful requests.

5. Cookies and analytics

  • I use Plausible Analytics to measure site usage. Plausible does not set cookies or use local storage, and does not rely on cross-site or cross-device identifiers; all measurement is based on anonymised, aggregated statistics processed on EU servers.
  • Google Identity Services. When you use a web tool that requires Google sign-in, Google may set its own cookies on the google.com domain to manage your authentication session. These cookies are controlled by Google, not by me. See Google’s cookie policy for details.
  • Apart from the above, jlhernando.com does not set any non-essential cookies. For this reason, no cookie consent banner is shown for analytics.
  • I do not use advertising pixels, cross-site trackers, or third-party ad networks.
  • If I ever add non-essential cookies or other tracking technologies (for example, for advertising or detailed profiling), I’ll update this policy and—where legally required—ask for consent using a cookie banner or similar mechanism.

6. Sharing and third parties

  • I do not sell or rent personal data.
  • Data may be shared only with essential processors under confidentiality and security obligations:
    • Plausible Analytics (analytics provider, EU-hosted).
    • Netlify (hosting and Netlify Forms for contact submissions).
    • Google (authentication and API access for web tools). When you sign in with Google to use a web tool, your browser communicates directly with Google’s servers. I do not act as an intermediary or store any data from this exchange.
  • I may disclose data if required by law, following due process.

7. Data retention

  • Contact records: kept as long as needed to respond and for reasonable business follow-up, then deleted or anonymized unless a longer retention is legally required.
  • Security logs: retained briefly for monitoring/troubleshooting, then removed or aggregated.
  • Analytics: stored in aggregated form by Plausible on EU-based servers, without storing raw IP addresses or full User-Agent strings. I keep analytics data only as long as needed for high-level traffic analysis and site optimisation and may delete or further aggregate it over time.

8. Security

  • I use encryption in transit (HTTPS), strong authentication on admin tools, and least-privilege access.
  • No system is perfectly secure; if a breach occurs, I will follow applicable notification duties.

9. International transfers

  • Plausible Analytics processes and stores analytics data in the EU (for example, on servers in Germany with a European CDN provider). Your analytics data does not leave the EU.
  • Netlify Forms may transfer and store form submissions in the United States. Netlify relies on appropriate transfer safeguards, including Standard Contractual Clauses in its DPA and relevant EU-US transfer frameworks.

10. Your rights (GDPR-style)

Your rights

You can request access, correction, deletion, restriction, objection, or data portability. You can also withdraw consent where applicable.

You have the right to:

  • access your data,
  • correct inaccurate data,
  • request deletion,
  • restrict or object to processing (including where I rely on legitimate interest, such as for analytics),
  • request portability,
  • withdraw consent at any time where processing is based on consent,
  • lodge a complaint with your local supervisory authority (in Spain, the AEPD).

To exercise these rights, contact me below. I may need to verify your identity before acting.

11. Contact

Contact

Email: hi@jlhernando.com. Please include enough detail for me to locate your data.

12. Children’s privacy

This site is not intended for children under 14. I do not knowingly collect data from children. If you believe a child has provided personal data, contact me and I will delete it.

13. Changes to this policy

I may update this policy to reflect site changes or legal requirements. The “Last updated” date shows the current version.