Skip to content
← Back to policies General site policy

Privacy Policy

How jlhernando.com handles Netlify Forms submissions, cookieless Plausible Analytics (legitimate interest, no cookie banner), security logs, and your privacy rights.

Last updated

Last updated: November 25, 2025

1. Who we are (controller)

Controller

Jose Luis Hernando (jlhernando.com), based in the EU. If you have questions, reach out using the contact details below.

2. Data we collect

I collect only what is needed to run the site and reply to you:

  • Contact details you share (name, email, company, project info, and any other information you choose to include) when you submit a form or email me directly.
  • Contact form data via Netlify Forms. Submissions are processed and stored by Netlify, which means Netlify receives the form fields plus basic metadata needed to deliver the service (submission time and anti-spam/diagnostic signals). Netlify’s infrastructure is primarily hosted in the United States.
  • Site interaction data via Plausible Analytics. I use Plausible Analytics, a privacy-friendly, cookieless analytics service. For each visit, Plausible processes the page URL you visit, the HTTP referrer, your browser and operating system, your device type (desktop/mobile/tablet), approximate location (country/region/city) derived from your IP address, and the date and time of your request. Plausible does not use cookies or local storage, does not create persistent identifiers, and does not store your IP address or full User-Agent string. Instead, it uses a daily rotating hash so that visits cannot be tracked across days or linked back to an individual, and the raw IP address and User-Agent are never written to disk. The analytics I see are aggregated and do not allow me to identify individual visitors.
  • Technical diagnostics needed to keep the site secure and reliable (e.g., error logs and IP addresses in server logs). These are used strictly for security and troubleshooting.
  • To reply to inquiries and provide requested services (contract and/or legitimate interest).
  • To maintain and improve the site (legitimate interest), including understanding traffic patterns through privacy-friendly analytics.
    • For Plausible Analytics, I rely on my legitimate interest in basic reach measurement and site optimisation as the legal basis (Article 6(1)(f) GDPR).
  • To prevent abuse and keep services secure (legitimate interest), using short-lived security logs and anti-spam measures.
  • To comply with legal obligations (legal obligation), such as record-keeping or responding to lawful requests.

4. Cookies and analytics

  • I use Plausible Analytics to measure site usage. Plausible does not set cookies or use local storage, and does not rely on cross-site or cross-device identifiers; all measurement is based on anonymised, aggregated statistics processed on EU servers.
  • At the time of writing, jlhernando.com does not set any non-essential cookies. For this reason, no cookie consent banner is shown for analytics.
  • I do not use advertising pixels, cross-site trackers, or third-party ad networks.
  • If I ever add non-essential cookies or other tracking technologies (for example, for advertising or detailed profiling), I’ll update this policy and—where legally required—ask for consent using a cookie banner or similar mechanism.

5. Sharing and third parties

  • I do not sell or rent personal data.
  • Data may be shared only with essential processors under confidentiality and security obligations:
    • Plausible Analytics (analytics provider, EU-hosted).
    • Netlify (hosting and Netlify Forms for contact submissions).
  • I may disclose data if required by law, following due process.

6. Data retention

  • Contact records: kept as long as needed to respond and for reasonable business follow-up, then deleted or anonymized unless a longer retention is legally required.
  • Security logs: retained briefly for monitoring/troubleshooting, then removed or aggregated.
  • Analytics: stored in aggregated form by Plausible on EU-based servers, without storing raw IP addresses or full User-Agent strings. I keep analytics data only as long as needed for high-level traffic analysis and site optimisation and may delete or further aggregate it over time.

7. Security

  • I use encryption in transit (HTTPS), strong authentication on admin tools, and least-privilege access.
  • No system is perfectly secure; if a breach occurs, I will follow applicable notification duties.

8. International transfers

  • Plausible Analytics processes and stores analytics data in the EU (for example, on servers in Germany with a European CDN provider). Your analytics data does not leave the EU.
  • Netlify Forms may transfer and store form submissions in the United States. Netlify relies on appropriate transfer safeguards, including Standard Contractual Clauses in its DPA and relevant EU-US transfer frameworks.

9. Your rights (GDPR-style)

Your rights

You can request access, correction, deletion, restriction, objection, or data portability. You can also withdraw consent where applicable.

You have the right to:

  • access your data,
  • correct inaccurate data,
  • request deletion,
  • restrict or object to processing (including where I rely on legitimate interest, such as for analytics),
  • request portability,
  • withdraw consent at any time where processing is based on consent,
  • lodge a complaint with your local supervisory authority (in Spain, the AEPD).

To exercise these rights, contact me below. I may need to verify your identity before acting.

10. Contact

Contact

Email: hi@jlhernando.com. Please include enough detail for me to locate your data.

11. Children’s privacy

This site is not intended for children under 14. I do not knowingly collect data from children. If you believe a child has provided personal data, contact me and I will delete it.

12. Changes to this policy

I may update this policy to reflect site changes or legal requirements. The “Last updated” date shows the current version.