Privacy Policy

Last Updated: February 13, 2026

Version: 1.0.0

Your Privacy Matters

This Privacy Policy explains how daltonousley.com ("we", "us", or "our") collects, uses, and protects your personal information when you use our website and contact form. We are committed to transparency and compliance with GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act).

What Data We Collect

When you submit our contact form, we collect the following personal information:

  • Name: Your full name or preferred name
  • Email Address: Your email address for communication
  • Company: Your company or organization name (optional)
  • Message: The content of your inquiry or message
  • Consent Record: Timestamp of when you agreed to this Privacy Policy
  • Technical Data: IP address (for verification purposes only)

We do not collect any other personal data through cookies, tracking pixels, or analytics tools. We only use essential session cookies required for website security and functionality.

Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

  • Consent: You explicitly consent to our collection and processing of your data by checking the consent checkbox before submitting the contact form.
  • Legitimate Interest: We have a legitimate interest in responding to your inquiries and maintaining records of our communications.

You have the right to withdraw your consent at any time by submitting a deletion request (see "Your Rights" section below).

Where We Store Your Data

International Data Transfer Notice: Your personal data is stored in AWS DynamoDB located in the us-east-1 region (Virginia, USA). If you are located in the European Union or European Economic Area, this means your data will be transferred from the EU to the United States.

We rely on your explicit consent as the legal mechanism for this international data transfer. By submitting the contact form and agreeing to this Privacy Policy, you consent to the transfer of your personal data to the United States.

Data Protection Measures:

  • All data is encrypted in transit using HTTPS/TLS
  • All data is encrypted at rest using AWS DynamoDB encryption
  • Access to data is restricted to authorized personnel only
  • We conduct regular security reviews and updates

How Long We Keep Your Data

We retain your contact form submission for 18 months from the date of submission. After 18 months, your data is automatically deleted using AWS DynamoDB's Time-to-Live (TTL) feature.

You can request earlier deletion of your data at any time by submitting a deletion request (see "Your Rights" section below).

Third-Party Services

We use the following third-party services to operate our website and contact form:

AWS (Amazon Web Services)

We use AWS DynamoDB to store contact form submissions. AWS is a trusted cloud provider with robust security measures and compliance certifications (SOC 2, ISO 27001, GDPR-compliant).

Cloudflare Turnstile

We use Cloudflare Turnstile for bot protection on our contact form. Turnstile may process your IP address and browser information to verify you are human. Cloudflare's privacy policy applies: cloudflare.com/privacypolicy

Resend

We use Resend to send email notifications when you submit the contact form. Resend processes your email address and message content solely for the purpose of delivering the email. Resend's privacy policy applies: resend.com/legal/privacy-policy

We do not sell, rent, or share your personal data with any other third parties for marketing purposes.

Your Rights Under GDPR

If you are located in the European Union or European Economic Area, you have the following rights under GDPR:

  • Right to Access: You can request a copy of all personal data we hold about you.
  • Right to Rectification: You can request correction of inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): You can request deletion of your personal data.
  • Right to Data Portability: You can request your data in a machine-readable format (JSON).
  • Right to Object: You can object to the processing of your personal data, including international transfers.
  • Right to Withdraw Consent: You can withdraw your consent at any time.
  • Right to Lodge a Complaint: You can file a complaint with your local data protection authority.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

Your Rights Under CCPA

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You can request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You can request deletion of your personal information.
  • Right to Opt-Out: You have the right to opt-out of the "sale" of your personal information. Note: We do not sell personal information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise any of these rights, please contact us at [email protected]. We will verify your identity and respond within 45 days.

Security Measures

We implement industry-standard security measures to protect your personal data:

Technical Measures:

  • HTTPS/TLS encryption for all data in transit
  • AWS DynamoDB encryption at rest (AES-256)
  • Bot protection via Cloudflare Turnstile
  • Regular security updates and patches

Organizational Measures:

  • Access controls limiting who can view stored data
  • Regular security audits and reviews
  • Data minimization practices
  • Incident response procedures

Data Breach Notification: In the unlikely event of a data breach that affects your personal information, we will notify you and relevant authorities within 72 hours as required by GDPR.

Cookie Policy

We use only essential cookies required for website security and functionality. We do not use analytics, marketing, or tracking cookies.

Essential Cookies We Use:

Cloudflare Turnstile Security Cookies

  • Purpose: Bot protection and spam prevention on contact form
  • Duration: Session (expires when browser closes)
  • Set by: Cloudflare (third-party service)
  • Cookie names: cf_clearance, __cf_bm

Next.js Session Cookies

  • Purpose: Framework-level session management and CSRF protection
  • Duration: Session (expires when browser closes)
  • Set by: Next.js framework (first-party)

Cookies We Do NOT Use:

  • Analytics cookies (Google Analytics, etc.)
  • Marketing or advertising cookies
  • Social media tracking cookies
  • Third-party tracking pixels
  • Preference or functional cookies

Why No Cookie Banner?

Because we only use essential cookies necessary for security and functionality, we do not require a cookie consent banner. Essential cookies are exempt from consent requirements under GDPR (Article 6(1)(f)), ePrivacy Directive (Recital 66), and CCPA regulations.

Note: If we add non-essential cookies in the future (such as analytics), we will implement a cookie consent banner and update this policy accordingly.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

Privacy Inquiries:

Email: [email protected]

We will respond to all privacy inquiries within 5 business days and fulfill data subject rights requests within 30 days.

Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make changes:

  • We will update the "Last Updated" date at the top of this page
  • We will maintain a version history of policy changes
  • For material changes (new data collection, new third parties, reduced user rights), we will notify users via email if we have their contact information

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

Terms of UseBack to Home