Skip to main content
aitorevi.

— Legal —

Privacy Policy

Last updated:

This page explains what personal data is processed through aitorevi.dev, the purposes, the processors involved, and how you can exercise the rights granted by the General Data Protection Regulation (GDPR) and the Spanish Organic Law 3/2018 (LOPDGDD).

1. Data controller

  • Owner: Aitor Reviriego Amor.
  • Contact email: info@aitorevi.dev.
  • Activity: personal blog about software development.

2. Data processed and purpose

2.1 Contact form

When you submit the form, the following data is processed: name, email and message content. The purpose is to reply to your enquiry. Data is deleted when the conversation is no longer relevant, or whenever you explicitly request it.

2.2 Browsing and analytics

When you access the site, technical data such as IP address, browser type, pages visited and referrer is collected. Part of it is stored (anonymised) in Google Analytics 4 for statistical purposes. Analytics is only activated if you consent to analytics cookies via the banner shown on your first visit.

2.3 Abuse prevention (rate limiting)

The contact form applies a submission limit per IP to prevent spam and automated abuse. A hash of your IP is stored temporarily in Upstash Redis for up to 1 hour.

3. Legal basis

  • Contact form: your consent when submitting the message (GDPR art. 6.1.a).
  • Analytics: consent via the cookie banner (GDPR art. 6.1.a and LSSI-CE art. 22).
  • Rate limiting: legitimate interest in preventing abuse (GDPR art. 6.1.f).

4. Processors and recipients

The service relies on the following providers:

  • Vercel Inc. — hosting and performance analytics (Web Vitals). US-based; international transfer covered by Standard Contractual Clauses approved by the European Commission.
  • Google LLC — Google Analytics 4 (only with consent) and Google Search Console (aggregated indexing data only, no personal data). US-based, SCCs.
  • Resend, Inc. — transactional email sending (contact form confirmation). US-based, SCCs.
  • Upstash Inc. — ephemeral storage of IP hashes for rate limiting. US-based, SCCs.
  • GitHub, Inc. — source code and editable content storage (via Keystatic). US-based, SCCs.

No data is shared with third parties outside these processors except where legally required. No automated decision-making or profiling is performed.

5. Retention periods

  • Contact form messages: until they are no longer needed or you request deletion.
  • Analytics cookies: see the cookies policy (/en/cookies). Maximum 2 years.
  • Rate limiting: maximum 1 hour.

6. Your rights

As data subject you may exercise the following rights at any time:

  • Access to your data.
  • Rectification of inaccurate data.
  • Erasure ("right to be forgotten").
  • Restriction of processing.
  • Objection to processing.
  • Data portability.
  • Withdrawal of consent.

To exercise them, write to info@aitorevi.dev stating which right you wish to exercise. If you consider your request has not been properly handled, you may lodge a complaint with the Spanish Data Protection Agency (aepd.es).

7. Security

Reasonable technical and organisational measures are applied to protect your data: TLS-encrypted connections, providers with up-to-date GDPR policies, limited data access, and data-minimisation principles.

8. Changes to this policy

This policy may be updated to reflect legal or technical changes. The "last updated" date is shown at the top. Substantial changes will be announced on the site in advance.