Privacy Policy

This is a personal portfolio and projects website operated by Zain ("I", "me", or "my"). It is not a commercial service or business. The site exists to showcase my projects, work experience, and technical writing.

If you have questions about this policy, contact me at zainm2k00@gmail.com.

I only collect data that is necessary to operate the site. Specifically:

• Account data — if you choose to register: your username, email address, and a bcrypt-hashed password. Passwords are never stored in plain text.
• Security data — login timestamps and IP addresses for security purposes (detecting suspicious logins). If you use MFA, your TOTP secret is stored encrypted.
• Content you submit — comments, questions, or messages you post on the site.
• Consent records — the date, time, and IP address at which you accepted this policy and the Terms of Use at registration, kept as a legal record.

I do not collect payment information, run advertising, use tracking pixels, or sell any data.

• Account management — to let you log in, comment, and interact with the site.
• Security — to detect and prevent abuse, brute-force attacks, and unauthorised access.
• Email communication — to send you a verification email when you register, and security alerts if something changes on your account (e.g. a password change). I will not send you marketing emails unless you explicitly opt in.

I do not sell your data. I share it only where operationally necessary:

• Resend / Amazon SES — your email address is passed to these services solely to deliver emails you requested (e.g. your verification email). They are contractually prohibited from using it for any other purpose.
• Cloudflare — all traffic passes through Cloudflare for security and performance. Your IP address and request data are processed by Cloudflare under their privacy policy.
• Hosting provider — server logs (containing IP addresses) are maintained by my hosting provider as part of normal server operation.

No data is shared with advertising networks, analytics platforms, or data brokers.

Your data is kept for as long as your account is active. If you delete your account:

• Your username, email, and profile are permanently deleted within 30 days.
• Comments you posted may remain but will be anonymised (username replaced with "Deleted User").
• Security and consent records may be kept for up to 2 years for legal compliance.
• Unverified accounts that are never activated are automatically deleted within 7 days of registration.

You have the right to:

• Access — request a copy of the data held about you.
• Correction — update your information via Account Settings at any time.
• Deletion — request that your account and personal data be deleted.
• Portability — request your data in a portable format.

To exercise these rights, email me at zainm2k00@gmail.com.

This site uses minimal cookies:

• Session cookie — a single essential cookie that keeps you logged in. It contains no personal data and is deleted when you close your browser.
• Trusted device cookie — if you choose to trust a device when using MFA, a long-lived cookie is stored. You can revoke this in Account → Security.

There are no advertising cookies, no analytics cookies, and no third-party tracking of any kind on this site.

If I make material changes to this policy, I will update the version number and effective date above, and notify registered users by email. Continued use of the site after changes are posted constitutes acceptance.