Privacy Policy

Last updated on November 20, 2025

This privacy policy explains how I, Guido X Jansen, handle your personal information when you visit my personal website at gui.do.

Note: This is a personal website, not a commercial business. This policy has been prepared to be transparent about data practices and comply with applicable privacy laws.

Information I Collect

Information You Provide

This is a personal informational website. I do not collect personal information through forms or user accounts. However, if you contact me directly via email at x@gui.do, I may process:

• Your name
• Email address
• Message content
• Any information you voluntarily provide

This communication is processed based on my legitimate interest in responding to inquiries and is stored in my personal email system.

Automatically Collected Information

This is a static personal website with no analytics or tracking. I do not actively collect any information about your visits.

However, as with any website, my hosting provider (Netlify) may collect basic technical information in their server logs:

• IP address
• Date and time of access
• Pages requested
• HTTP response codes
• Browser user agent

This information is collected and retained by Netlify according to their privacy policy and is not accessible to me for analytics purposes.

Information I Do NOT Collect

To be clear about what I don’t collect:

• I do not collect financial or payment information
• I do not create user accounts or detailed user profiles
• I do not collect sensitive personal data (health, biometric, racial/ethnic origin, political opinions, etc.)
• I do not track users across other websites beyond this domain
• I do not collect information from children

How I Use Your Information

The minimal information I process is used only for:

• To operate and maintain this personal website
• To respond to your inquiries when you contact me via email
• To comply with legal obligations if applicable

I do not use your information for marketing, profiling, or any other purposes beyond what is stated above.

Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), my legal basis for processing personal information is:

• Legitimate Interest: I respond to your inquiries when you contact me directly, based on my legitimate interest in communication
• Legal Obligation: I may process data to comply with applicable laws and regulations if required

Since this site does not track users or collect data beyond direct email contact, no consent is required for cookies or analytics.

You have the right to object to processing based on legitimate interest at any time.

Analytics and Tracking

This website uses Umami, a privacy-friendly, open-source analytics tool that I self-host on my own infrastructure in the Netherlands. Umami is designed to be GDPR-compliant without requiring cookie consent because it:

• Does not use cookies - visitor identification uses a non-reversible hash
• Does not store IP addresses - IPs are hashed immediately and the original is discarded
• Does not track users across sites - each website has its own unique hash salt
• Does not collect personal data - no usernames, emails, or identifying information
• Is self-hosted - all data stays on my own servers in the EU

The analytics data collected includes:

• Page views and referrer information
• Browser and device type (aggregated, not individual)
• Country-level location (derived from IP hash, not stored)
• Custom events (like button clicks and navigation)

This data helps me understand how visitors use the website and improve the user experience. No consent banner is required because no personal data is processed or stored.

Cookies

I do not use cookies on this website. As a static website built with Astro, this site does not set any first-party or third-party cookies.

Third-party embedded content (such as YouTube videos or Spotify podcast players) may set their own cookies when you interact with them, but these are controlled by those services and not by me.

Third-Party Services

This website integrates with the following external services, which may collect data according to their own privacy policies:

Hosting and Infrastructure

Netlify: This website is hosted on Netlify’s content delivery network (CDN). Netlify may process technical information such as IP addresses and access logs. Their privacy policy: https://www.netlify.com/privacy/

Content Embeds

When you interact with embedded content (such as playing a video or podcast), these third-party services may collect data:

• YouTube: Video content embeds using privacy-enhanced mode (youtube-nocookie.com)
• Spotify: Podcast player embeds (https://open.spotify.com)
• Transistor.fm: Podcast hosting and player embeds (https://share.transistor.fm)

I have no control over data collection by these embedded services. Please review their respective privacy policies.

Podcast Feed Processing

I operate a serverless function that fetches and aggregates podcast episodes from Transistor.fm RSS feeds. This function:

• Does not collect user data
• Caches podcast metadata for performance (1 hour)
• Runs on Netlify’s secure infrastructure

International Data Transfers

This website is hosted on Netlify, which may process data in the United States and other countries outside the European Economic Area (EEA).

When you visit this website:

• Your data may be transferred to and processed in countries outside the EEA
• Appropriate safeguards are in place through Netlify’s compliance programs
• Netlify maintains certifications including SOC 2 Type II

For more information: https://www.netlify.com/gdpr-ccpa/

Data Retention

I retain personal information only as long as necessary for the purposes outlined in this policy:

• Server logs: Retained by hosting provider (Netlify) according to their policies
• Email communications: Retained as long as necessary to respond to inquiries and for record-keeping purposes

Your Privacy Rights

General Rights (All Users)

Regardless of your location, you have the following rights:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal obligations)
• Objection: Object to our processing of your personal information

EU/EEA Rights (GDPR)

If you are in the European Union or European Economic Area, you have additional rights:

• Right to Restriction: Request that we limit how we use your data
• Right to Data Portability: Receive your data in a structured, commonly used format
• Right to Object: Object to processing based on legitimate interest
• Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
• Right to Lodge a Complaint: File a complaint with your local data protection supervisory authority

EU Supervisory Authorities: If you believe your data protection rights have been violated, you can lodge a complaint with the supervisory authority in your country. Find your authority: https://edpb.europa.eu/about-edpb/board/members_en

California Rights (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Categories of Personal Information We Collect:

• Identifiers: Email address, name (when you contact us)
• Internet Activity: Browsing behavior, pages viewed, interaction with website
• Geolocation: Approximate location based on IP address (country/city level)

Your California Rights:

• Right to Know: Request details about personal information we’ve collected about you in the past 12 months
• Right to Delete: Request deletion of your personal information
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out of Sale/Sharing: We do NOT sell or share personal information for cross-context behavioral advertising
• Right to Limit Use of Sensitive Personal Information: We do not collect or use sensitive personal information
• Right to Non-Discrimination: I will not discriminate against you for exercising your privacy rights

Do Not Sell or Share My Personal Information: We do NOT sell personal information and have not sold personal information in the past 12 months. We do not share personal information for cross-context behavioral advertising.

How to Exercise Your Rights: Email us at x@gui.do with “California Privacy Rights” in the subject line. You may designate an authorized agent to make requests on your behalf by providing written authorization.

How to Exercise Your Rights

To exercise any of your privacy rights:

1. Email us at x@gui.do
2. Specify which right(s) you wish to exercise
3. Provide sufficient information for us to verify your identity
4. We will respond within the legally required timeframe (typically 30 days)

Security

We implement appropriate technical and organizational measures to protect your personal information:

• HTTPS encryption for all connections
• Content Security Policy (CSP) headers to prevent unauthorized scripts
• Secure hosting infrastructure with Netlify
• Regular security monitoring and updates
• Minimal data collection to reduce risk

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information using commercially acceptable means, we cannot guarantee absolute security.

Children’s Privacy

Our website is not directed at children under 16 years of age. We do not knowingly collect personal information from children under 16.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at x@gui.do. We will take steps to delete such information from our systems.

Third-Party Links

This website contains links to third-party websites not owned or managed by me. This privacy policy applies only to this website.

When you click a link to a third-party website, that website’s privacy policy applies. I have no control over and assume no responsibility for the privacy practices of third-party websites.

I recommend that you review the privacy policy of every website you visit.

Transfer of Ownership

If ownership of this personal website is transferred, any personal information (such as stored email correspondence) may be transferred as part of that process. You will be notified via email and/or a prominent notice on the website of any such transfer.

Changes to This Privacy Policy

I may update this privacy policy from time to time to reflect changes in practices, technology, legal requirements, or other factors.

When I make changes:

• I will update the “Last updated” date at the top of this policy
• For material changes, I may provide additional notice (such as a prominent notice on this website)
• Your continued use of this website after changes take effect constitutes acceptance of the updated policy

I encourage you to review this privacy policy periodically.

Data Controller Information

Website Owner: Guido X Jansen (individual, not a business) Location: Ouderkerk aan de Amstel, The Netherlands Email: x@gui.do Website: https://gui.do

Contact Me

For questions, concerns, or requests regarding this privacy policy or data practices:

Email: x@gui.do Subject Line: For privacy-related inquiries, use “Privacy Inquiry”

I will respond to your inquiry within 30 days.

Compliance

This personal website aims to comply with applicable data protection laws, including:

• EU General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
• Other applicable privacy laws and regulations

Given the minimal data collection practices (no tracking, no cookies, no forms), compliance is straightforward.

---

Note: This privacy policy reflects a good-faith effort to be transparent about data practices and comply with applicable laws for a personal website.