Privacy Policy

1. Scope and Application

This Privacy Policy governs how I, Krithiv, collect, use, and protect your personal information across all digital platforms and services under the JustKrith personal brand. JustKrith serves as my professional portfolio, showcasing my projects, technical expertise, and professional journey.

This policy applies to all interactions with:

• Portfolio — Main showcase of my work, projects, and professional experience (Netlify + Cloudflare CDN)
• Blog — Technical articles, tutorials, and insights from my development journey (Self-hosted in Germany + Cloudflare CDN)
• Resume — Professional credentials and career history (Netlify + Cloudflare CDN)
• Documentation — Technical guides and project documentation (Netlify + Cloudflare CDN)
• Links — Link aggregation and social media hub (Netlify + Cloudflare CDN)
• Status — Real-time service monitoring and uptime information (Self-hosted in US + Cloudflare CDN)
• Community Forum — Discussion space for developers and tech enthusiasts (Hosted via Freeflarum)
• Discord Server — Real-time community interaction and networking (Discord-hosted)
• Social Media — Official accounts on X (Twitter), Instagram, GitHub, and other platforms (Third-party hosted)

About JustKrith: This is a personal brand operated by me as an individual developer and creator. All platforms are designed to share knowledge, showcase technical work, and connect with fellow developers and potential collaborators or employers.

Data Controller: Krithiv, operating under the JustKrith brand, serves as the data controller for all personal information collected. For accessibility support, privacy questions, or data requests, contact [email protected].

2. Information We Collect

As a personal portfolio and professional showcase, I collect minimal information necessary to provide services and improve your experience.

2.1 Personal Information You Provide

When you interact with my platforms, subscribe to updates, or contact me directly, I may collect:

• Contact Information: Name, email address, and any message content when you use contact forms
• Account Information: Username, email, and password (securely hashed) if you create an account on the community forum
• Profile Details: Display name, bio, avatar, social media links, and professional information you choose to share
• Communication Data: Messages, comments, forum posts, and any content you share in community discussions
• Newsletter Subscriptions: Email address and preferences for blog updates and project announcements
• Professional Inquiries: Information shared when reaching out for collaboration, job opportunities, or project discussions

2.2 Automatically Collected Usage Data

To understand how visitors interact with my portfolio and improve the experience, I automatically collect:

• Browsing Information: Pages visited, time spent viewing projects, navigation patterns through my portfolio
• Technical Data: Browser type and version, operating system, device type, screen resolution
• Network Information: IP address, general geographic location (country/region), internet service provider
• Referral Data: How you found my site (search engines, social media, direct visits, other websites)
• Performance Metrics: Page load times, error logs, and technical issues for site optimization
• Interaction Data: Which projects you view, documentation pages accessed, blog articles read

2.3 Cookies and Tracking Technologies

I use various technologies to enhance your experience and gather insights:

• Essential Cookies: Required for basic functionality like login sessions, form submissions, and security
• Preference Cookies: Remember your theme choice (dark/light mode), language settings, and display preferences
• Analytics Cookies: Help me understand which projects and content are most interesting to visitors
• Performance Cookies: Monitor site speed and identify technical issues
• Local Storage: Store temporary data like form progress and user preferences

You have full control over cookie preferences through your browser settings. However, disabling certain cookies may limit some functionality of the portfolio site.

2.4 Third-Party Information

I may receive limited information from third-party services:

• Social Media: Public profile information if you connect or mention my work on social platforms
• GitHub Integration: Public repository information and contribution data for project showcases
• Analytics Services: Aggregated visitor statistics and demographic insights (anonymized)
• Email Services: Delivery confirmations and engagement metrics for newsletters

3. How I Use Your Information

As a personal brand focused on professional networking and knowledge sharing, I use your information transparently and purposefully:

3.1 Portfolio and Professional Services

• Showcase Projects: Maintain and improve project presentations, case studies, and technical demonstrations
• Professional Communication: Respond to inquiries about collaboration, job opportunities, or technical questions
• Content Delivery: Provide relevant project information, blog content, and documentation based on your interests
• Experience Optimization: Improve site navigation, project presentation, and overall user experience
• Professional Networking: Connect with fellow developers, potential employers, clients, or collaborators

3.2 Community and Engagement

• Forum Management: Facilitate community discussions, moderate content, and maintain a positive environment
• Content Creation: Understand which topics and projects interest the community to guide future content
• Newsletter Updates: Share project updates, new blog posts, and professional milestones (with your consent)
• Technical Support: Help community members with technical questions and project-related discussions

3.3 Site Maintenance and Security

• Performance Monitoring: Track site performance to ensure optimal loading and functionality
• Security Protection: Prevent spam, abuse, and unauthorized access to community features
• Technical Improvements: Identify and fix bugs, optimize code, and enhance site features
• Analytics Insights: Understand visitor patterns to improve content structure and navigation

3.4 Legal and Compliance

• Legal Obligations: Comply with applicable privacy laws and regulations
• Terms Enforcement: Ensure community guidelines and terms of service are followed
• Rights Protection: Protect intellectual property and maintain site integrity

3.5 Legal Basis for Processing (GDPR Compliance)

For visitors from the European Union, I process personal data based on:

• Legitimate Interest: Maintaining a professional portfolio, sharing knowledge, and professional networking
• Consent: Newsletter subscriptions, optional community features, and marketing communications
• Contract Performance: Providing requested services, responding to inquiries, and community participation
• Legal Obligation: Compliance with applicable laws and regulations

4. Data Sharing and Disclosure

I never sell your personal data. As an individual operating a personal brand, data sharing is limited and transparent:

4.1 Infrastructure and Service Providers

I work with trusted service providers who help maintain and improve the portfolio platforms:

• Netlify Hosting: Portfolio, docs, resume, and links services hosted via Netlify infrastructure
• Self-Hosted Infrastructure: Blog (Germany server) and status page (US server) on dedicated infrastructure
• Cloudflare CDN: Global content delivery, security protection, and performance optimization for all services
• Community Platform: Forum hosted via Freeflarum for small community management (subject to Freeflarum's privacy policy)
• Third-Party Platforms: Discord, X (Twitter), Instagram, GitHub - subject to their respective privacy policies
• Analytics Services: Privacy-focused analytics tools for site insights and performance monitoring
• Email Services: Transactional and notification email delivery for contact forms and updates

All service providers are carefully selected and contractually bound to protect your information according to applicable privacy standards.

4.2 Professional and Business Context

Information may be shared in professional contexts:

• Job Applications: When you inquire about opportunities, I may share relevant information with potential employers (with your consent)
• Collaboration Projects: Information shared for legitimate project collaboration or professional networking
• Professional References: Testimonials or recommendations you provide may be displayed publicly (with explicit permission)
• Open Source Contributions: Public contributions to projects may be highlighted in portfolio showcases

4.3 Legal Requirements

I may disclose information when legally required:

• Legal Process: In response to valid court orders, subpoenas, or legal proceedings
• Law Enforcement: To cooperate with legitimate law enforcement investigations
• Safety Protection: To protect the safety and rights of community members or prevent harm
• Terms Violations: To investigate serious violations of community guidelines or terms of service

4.4 Public Information and Community Content

Some information is made public by design:

• Forum Posts: Community discussions and posts are public by default
• Project Comments: Comments on projects or blog posts may be publicly visible
• Professional Profiles: Information you choose to display publicly in community profiles
• Testimonials: Reviews or testimonials you provide (only with explicit consent)

4.5 Business Transitions

In the unlikely event that JustKrith brand assets are transferred or sold, I will:

• Notify you in advance of any ownership changes
• Ensure the new owner commits to similar privacy protections
• Provide options for data deletion if you prefer not to transfer

5. Data Retention and Storage

I retain personal information only as long as necessary to fulfill the purposes outlined in this policy, maintain the portfolio's functionality, and comply with legal obligations.

5.1 Retention Periods by Data Type

• Portfolio Visitor Data: Basic analytics data is retained for up to 26 months for trend analysis
• Account Information: Community forum accounts remain active until deletion is requested
• Server and Access Logs: Automatically deleted after 90 days for security monitoring
• Contact Form Data: Inquiries and responses retained for 2 years for reference and follow-up
• Newsletter Subscriptions: Email addresses retained until you unsubscribe or request deletion
• Community Content: Posts and comments remain until you delete them or request account deletion
• Project Feedback: Comments and testimonials retained indefinitely (with your consent) to showcase work
• Professional Communications: Business inquiries retained for 3 years for potential follow-up

5.2 Data Deletion Process

When data reaches its retention limit or upon your request:

• Automatic Deletion: Server logs and temporary data are automatically purged according to schedules
• Secure Removal: Personal information is securely deleted from active systems
• Backup Cleanup: Data is removed from backup systems within 90 days
• Anonymization: Information that must be retained for business purposes is anonymized
• Confirmation: You'll receive confirmation when data deletion is complete

5.3 Data Subject Requests

Response Time: Requests for data deletion, modification, or access will be processed within 30 days of verification. Complex requests may require additional time, and you'll be notified of any delays.

Legal Retention: Some data may need to be retained longer due to legal obligations, ongoing disputes, or legitimate business interests. You'll be informed if any data cannot be deleted and why.

5.4 Storage Security

Your data is stored securely using industry best practices:

• Encryption: All data encrypted at rest using AES-256 encryption
• Secure Transmission: Data in transit protected with TLS 1.3 encryption
• Access Controls: Administrative access requires multi-factor authentication
• Geographic Distribution: Data stored across secure infrastructure in US (Netlify, status server), Germany (blog server), and globally distributed via Cloudflare CDN
• Regular Backups: Encrypted backups maintained for disaster recovery

6. Security Measures and Data Protection

I implement comprehensive security measures to protect your personal information. As a developer, I understand the importance of security and apply industry best practices to safeguard your data.

6.1 Technical Security Measures

• Encryption: All data encrypted using AES-256 at rest and TLS 1.3 for transmission
• Infrastructure Security: Netlify enterprise hosting, hardened self-hosted servers (Germany/US), and Cloudflare security protection
• HTTPS Enforcement: All traffic encrypted with HTTPS and HSTS headers enabled
• Access Controls: Role-based access with multi-factor authentication for administrative functions
• Database Security: Parameterized queries to prevent SQL injection attacks
• Input Validation: All user inputs validated and sanitized to prevent XSS attacks
• Regular Updates: Systems and dependencies updated regularly with security patches

6.2 Operational Security

• Monitoring: 24/7 automated monitoring for suspicious activities and security threats
• Backup Security: Regular encrypted backups stored in geographically distributed locations
• Incident Response: Documented procedures for handling security incidents and breaches
• Vulnerability Scanning: Regular security assessments and penetration testing
• Code Security: Secure coding practices and regular security audits of custom code

6.3 Your Security Responsibilities

Security is a shared responsibility. Here's how you can help protect your information:

• Strong Passwords: Use unique, complex passwords for your accounts
• Two-Factor Authentication: Enable 2FA when available for additional security
• Device Security: Keep your devices and browsers updated with latest security patches
• Safe Browsing: Be cautious about clicking links or downloading files from unknown sources
• Logout Practices: Always log out from shared or public computers
• Report Issues: Immediately report any suspicious activities or security concerns

6.4 Security Incident Response

In the event of a security incident that affects personal data:

• Immediate Response: Incident containment and impact assessment within 24 hours
• User Notification: Affected users notified within 72 hours when possible
• Authority Reporting: Relevant authorities notified as required by law
• Remediation: Immediate steps taken to prevent further unauthorized access
• Follow-up: Post-incident analysis and additional security measures implemented
• Transparency: Public disclosure of incidents that may affect user security

6.5 Limitations and Acknowledgments

No Absolute Security: While I implement robust security measures, no system is completely secure. I cannot guarantee absolute security and encourage you to take appropriate precautions with your personal information.

Third-Party Security: Security of third-party services (like Discord, GitHub, etc.) is governed by their respective security policies.

7. Your Privacy Rights and Controls

I respect your privacy rights and provide you with control over your personal information. Your rights may vary based on your location and applicable privacy laws.

7.1 Universal Rights

Regardless of your location, you have the following rights regarding your personal data:

• Access: Request information about what personal data I have about you and how it's used
• Correction: Update or correct any inaccurate or incomplete personal information
• Deletion: Request deletion of your personal data (subject to legitimate business needs and legal obligations)
• Data Portability: Receive your data in a structured, machine-readable format
• Communication Control: Opt-out of marketing communications and newsletter subscriptions
• Account Management: Update your profile information and privacy preferences

7.2 Enhanced Rights (GDPR/CCPA)

If you're located in the EU, UK, California, or other jurisdictions with enhanced privacy laws, you have additional rights:

• Right to Object: Object to processing based on legitimate interests for direct marketing or other purposes
• Restriction of Processing: Request limitation of how I process your data in certain circumstances
• Right to be Forgotten: Enhanced deletion rights with broader application and shorter response times
• Automated Decision-Making: Protection against decisions based solely on automated processing
• Data Protection Authority: Right to file complaints with your local data protection authority

7.3 How to Exercise Your Rights

To exercise any of these rights, follow these steps:

1. Contact Me: Send your request to [email protected]
2. Identity Verification: Provide sufficient information to verify your identity (for security purposes)
3. Specify Request: Clearly describe which right you want to exercise and any specific requirements
4. Response Timeline: I'll respond within 30 days (may be extended for complex requests)

7.4 Account Controls and Self-Service Options

Many privacy controls are available directly through your account or browser settings:

• Profile Management: Update your information, preferences, and privacy settings
• Content Control: Edit or delete your forum posts, comments, and contributions
• Communication Preferences: Manage newsletter subscriptions and notification settings
• Data Download: Export your personal data in common formats
• Account Deletion: Permanently delete your account and associated data

7.5 Cookie and Tracking Controls

You have several options to control cookies and tracking:

• Browser Settings: Configure your browser to block, delete, or notify about cookies
• Analytics Opt-out: Use privacy-focused browser extensions or opt-out tools
• Do Not Track: Enable "Do Not Track" settings in your browser (where supported)
• Private Browsing: Use incognito/private browsing modes for anonymous visits

Contact for Rights Requests: Email [email protected] with your request. Include your account information and clearly specify which right you'd like to exercise.

8. Children's Privacy Protection

I am committed to protecting the privacy of children and comply with applicable children's privacy laws, including COPPA (Children's Online Privacy Protection Act) in the United States.

8.1 Age Restrictions and Verification

• Minimum Age: My platforms are not intended for children under 13 years of age
• Age Verification: Community registration may include age verification to ensure compliance
• Parental Guidance: Users aged 13-17 are encouraged to obtain parental permission before engaging with interactive features
• Educational Content: While portfolio content is educational, it's designed for professional and academic audiences

8.2 Protection Measures

I do not knowingly collect personal information from children under 13. If I discover such collection has occurred:

• Immediate Deletion: The information will be deleted immediately upon discovery
• Parental Notification: Parents/guardians will be notified if contact information is available
• Account Suspension: Any accounts created by children under 13 will be suspended
• Enhanced Monitoring: Additional measures implemented to prevent future underage registration

8.3 Parental Rights and Controls

Parents and legal guardians have the right to:

• Review any personal information collected from their child
• Request deletion of their child's personal information
• Refuse further collection or use of their child's information
• Request information about data collection and usage practices
• Report concerns about children's privacy to [email protected]

Reporting: If you believe a child under 13 has provided personal information, please contact me immediately at [email protected].

9. International Data Transfers and Compliance

My services are available globally, and I process data in accordance with applicable international privacy laws and regulations.

9.1 Data Processing Locations

Your personal information may be processed in:

• Primary Locations: United States, European Union, India
• Service Providers: Various countries where trusted partners operate
• Data Centers: Geographically distributed for performance and reliability

9.2 Legal Frameworks

I comply with applicable privacy laws in all jurisdictions where I operate:

• GDPR: European Union General Data Protection Regulation
• CCPA: California Consumer Privacy Act
• PIPEDA: Personal Information Protection and Electronic Documents Act (Canada)
• LGPD: Brazilian General Data Protection Law
• PDPA: Personal Data Protection Acts in Singapore and other jurisdictions

9.3 Transfer Safeguards

When transferring data internationally, I implement appropriate safeguards:

• Standard Contractual Clauses: EU-approved data transfer agreements
• Adequacy Decisions: Transfers to countries with adequate protection levels
• Encryption: All international data transfers are encrypted
• Service Provider Agreements: Contractual obligations ensuring data protection

9.4 Jurisdiction-Specific Rights

Additional rights based on your location:

• EU/UK Users: Full GDPR rights including data portability and right to object
• California Users: CCPA rights including right to know, delete, and opt-out of sale
• Canadian Users: PIPEDA rights including access and correction
• Other Jurisdictions: Rights as provided under local privacy laws

10. Cookies, Analytics, and Tracking Technologies

10.1 Types of Cookies and Technologies

I use different types of cookies and similar technologies to enhance your experience:

Essential Cookies (Always Active)

• Authentication: Keep you logged in and secure your session
• Security: Protect against cross-site request forgery (CSRF) attacks
• Functionality: Remember your preferences and settings
• Load Balancing: Ensure optimal site performance

Analytics and Performance (Optional)

• Usage Analytics: Understand how visitors navigate and use the portfolio
• Performance Monitoring: Track site speed and identify technical issues
• Content Optimization: Identify popular projects and improve user experience
• A/B Testing: Test different features and improvements (when applicable)

10.2 Analytics Services

I use privacy-focused analytics tools to understand site usage while protecting your privacy:

• Google Analytics 4: Configured with privacy enhancements and IP anonymization
• Plausible Analytics: Privacy-first analytics that doesn't use cookies or track personal data
• Cloudflare Analytics: Server-side analytics for performance and security insights
• Ghost Analytics: Built-in blog analytics (anonymized and aggregated)

10.3 Third-Party Integrations

Some features may load content from third-party services:

• Social Media Embeds: YouTube videos, Twitter posts (privacy-enhanced modes when available)
• Code Repositories: GitHub gists and repository information
• Communication Tools: Discord widgets, contact forms
• Performance Tools: CDN services for faster content delivery

10.4 Your Control Options

You have multiple ways to control tracking and cookies:

• Browser Controls: Block, delete, or manage cookies through browser settings
• Privacy Extensions: Use tools like uBlock Origin, Privacy Badger, or Ghostery
• Analytics Opt-out: Google Analytics Opt-out Add-on
• Do Not Track: Enable "Do Not Track" preferences in your browser

11. Privacy Policy Updates and Notifications

I may update this privacy policy periodically to reflect changes in practices, services, or legal requirements. Here's how I handle policy changes:

11.1 Types of Changes

• Minor Updates: Clarifications, contact information updates, or formatting changes
• Material Changes: New data collection practices, changes to data sharing, or significant policy modifications
• Legal Updates: Changes required by new laws or regulations

11.2 Notification Process

When I update this policy:

• Effective Date: All changes include a new effective date at the top of this page
• User Notification: Material changes will be communicated via email to registered users
• Website Notice: Prominent notice displayed on the website for significant changes
• Advance Notice: 30 days advance notice for material changes when possible

11.3 Your Options

When policy changes occur, you can:

• Continue using services under the new policy
• Adjust your privacy settings to reflect your preferences
• Contact me with questions about the changes
• Delete your account if you disagree with the changes

Staying Informed: I recommend reviewing this policy periodically. The effective date at the top indicates when it was last updated.

12. Platform-Specific Privacy Practices

Each platform under the JustKrith brand has specific privacy considerations based on its functionality and purpose:

Portfolio — krithiv.dev

• Data Collection: Minimal visitor analytics and performance monitoring
• No Accounts: No user registration or personal data collection
• Cookies: Essential cookies only for functionality and basic analytics
• Contact Forms: Information provided voluntarily for professional inquiries

Blog — blog.krithiv.dev

• Content Management: Powered by Ghost CMS with secure data handling
• Subscriptions: Email addresses stored securely for newsletter delivery
• Comments: May require email verification for posting (if enabled)
• Analytics: Content performance tracking to improve relevance

Resume — resume.krithiv.dev

• Static Content: No dynamic data collection or user interactions
• No Tracking: Minimal analytics for performance monitoring only
• Professional Focus: Designed for recruiter and employer viewing

Documentation — docs.krithiv.dev

• Educational Purpose: Technical guides and project documentation
• Anonymous Analytics: Usage patterns to improve content organization
• Search Functionality: Local search without data transmission
• Preferences: Theme and display settings stored locally

Community — community.krithiv.dev

• Account Required: Username and email needed for participation
• Public Content: Posts and discussions are publicly visible
• Moderation: Content monitoring for community guidelines compliance
• Data Control: Users can edit/delete posts and request account deletion

Discord — discord.krithiv.dev

• External Platform: Governed by Discord's Privacy Policy
• No Additional Data: I don't collect data beyond Discord's standard practices
• Community Guidelines: Server rules and moderation practices
• Integration: May link Discord activity with community forum participation

13. Contact Information and Support

For any questions, concerns, or requests related to this privacy policy or your personal data, please don't hesitate to contact me:

Primary Contact

📧 Email: [email protected]
For privacy-related inquiries, data requests, and policy questions

General Inquiries

📧 Email: [email protected]
For general questions, collaboration opportunities, and technical discussions

Response Timeline

• Privacy Requests: Response within 30 days
• General Inquiries: Response within 3-5 business days
• Security Issues: Immediate attention and response within 24 hours

Additional Resources

• Terms of Service: krithiv.dev/terms
• Security Information: krithiv.dev/security
• Accessibility: krithiv.dev/accessibility

Professional Context: JustKrith is a personal brand operated by Krithiv, an individual developer. All communications are handled personally with care and attention to your privacy and professional needs.