1. Introduction and Scope

This Privacy Policy ("Policy") constitutes a legally binding agreement between you ("User," "you," or "your") and Skillful Sardine ("we," "us," "our," or "Company"), governing the collection, use, and disclosure of information through the website skillfulsardine.com (the "Website").

By accessing or using this Website, you expressly consent to the data practices described in this Policy. If you do not agree with this Policy, you must immediately cease using this Website.

Governing Law: This Policy is governed by and construed in accordance with the laws of Portugal, without regard to its conflict of law provisions.

2. Data Controller

The data controller responsible for your personal data is:

Skillful Sardine
Email: legal@skillfulsardine.com

3. Information We Collect

3.1 Contact and Estimation Forms

When you submit a contact or estimation request form, we collect the following information:

  • Full name
  • Email address
  • Company name (optional)
  • Project details and description
  • Budget range and timeline preferences
  • Additional project requirements

Purpose: This information is collected solely to respond to your inquiry, provide project estimations, and facilitate business communication.

3.2 Article Comments

When you submit a comment on our articles, we collect the following information:

  • Comment text (required)
  • Name (optional - defaults to "Anonymous")
  • Email address (optional - never displayed publicly)
  • Website URL (optional)

Purpose: Comments are collected to facilitate discussion on articles. All comments are moderated before publication.

Privacy Features: We do not track IP addresses for comments. Email addresses, if provided, are used only for moderation purposes and are never displayed publicly or shared with third parties.

3.3 Information We DO NOT Collect

We explicitly DO NOT collect, store, or process any of the following:

  • Payment information (no e-commerce functionality)
  • Marketing preferences (no mailing lists exist)
  • IP addresses in identifiable form
  • Device identifiers or advertising IDs
  • Cross-site tracking data

3.4 Information We Collect via Umami Analytics

We use Umami, a privacy-focused, GDPR-compliant analytics platform that collects only anonymized, aggregated usage data. Umami operates without cookies and does not track users across websites.

Data collected by Umami (anonymized and aggregated only):

  • Page views and page URLs visited
  • Referrer source (where you came from)
  • Browser type and version
  • Operating system
  • Device type (desktop, mobile, tablet)
  • Screen resolution
  • Country/region (derived from anonymized IP address, immediately discarded)
  • Session duration and timestamp of visit

Umami's Privacy Guarantees:

  • No cookies are set on your device
  • No personal data is collected or stored
  • No cross-site tracking
  • IP addresses are anonymized and immediately discarded
  • Data is aggregated and cannot be used to identify individual users
  • Compliant with GDPR, CCPA, and PECR without requiring consent banners

3.5 Theme Preference (Local Storage)

If you change the Website's theme (light/dark mode), your preference is stored locally in your browser's localStorage. This data:

  • Is stored exclusively on your device
  • Is never transmitted to our servers
  • Can be deleted by clearing your browser's local storage

4. Legal Basis for Processing (GDPR)

Under the EU General Data Protection Regulation (GDPR), we process data under the following legal bases:

  • Consent (Article 6(1)(a) GDPR): When you submit a contact form, estimation form, or comment, you provide explicit consent for us to process your personal data to respond to your inquiry or publish your comment.
  • Legitimate Interests (Article 6(1)(f) GDPR): We have a legitimate interest in understanding how users interact with our Website to improve content quality, user experience, and Website performance through anonymized analytics.

5. Purpose and Use of Data

We use collected data exclusively for the following purposes:

  • Responding to contact form inquiries
  • Providing project estimations and consultations
  • Communicating about potential business opportunities
  • Publishing and moderating article comments
  • Measuring Website traffic and popularity of content (anonymized)
  • Understanding user behavior patterns (anonymized)
  • Improving Website design, content, and performance

We will never use data for:

  • Unsolicited marketing or advertising
  • Selling or sharing data with third parties
  • Profiling or behavioral targeting
  • Any purpose not explicitly stated above

6. Data Sharing and Third Parties

We do not sell, rent, or share your personal data with any third parties for marketing purposes.

Third-party services we use:

  • Umami Analytics: Self-hosted analytics platform. Data is stored on our own servers and is not accessible to external parties.
  • Infrastructure Providers: Our hosting infrastructure may process data as part of providing services, but they have no independent right to use your data.

Legal Disclosure: We may disclose information if required by law, court order, or governmental authority, or to protect our legal rights, safety, or property.

7. Data Retention

Contact and Estimation Requests: Personal data from contact and estimation forms is retained for up to 2 years for business communication purposes. You may request deletion at any time (see Section 8).

Article Comments: Published comments are retained indefinitely as part of the article's content. You may request deletion of your comments at any time.

Umami Analytics Data: Aggregated, anonymized analytics data is retained indefinitely for statistical and historical analysis purposes. Since this data is fully anonymized and cannot identify individuals, retention does not pose privacy risks.

Theme Preference: Stored locally on your device until you manually clear your browser's local storage.

8. Your Rights Under GDPR and CCPA

8.1 GDPR Rights (EU/EEA Users)

  • Right to Access: You have the right to access the personal data we hold about you.
  • Right to Rectification: You may request correction of inaccurate data.
  • Right to Erasure: You may request deletion of your personal data ("right to be forgotten").
  • Right to Restrict Processing: You may request limitation of how we use your data.
  • Right to Data Portability: You may request a copy of your data in a structured format.
  • Right to Object: You may object to analytics tracking or data processing.
  • Right to Lodge a Complaint: You may file a complaint with your local data protection authority.

8.2 CCPA Rights (California Users)

Under the California Consumer Privacy Act (CCPA), you have the right to:

  • Know what personal information is collected
  • Know whether your personal information is sold or disclosed (we do not sell data)
  • Request deletion of your personal information
  • Opt-out of the sale of personal information (not applicable as we don't sell data)
  • Non-discrimination for exercising your rights

8.3 Exercising Your Rights

To exercise your rights or ask questions, contact us at legal@skillfulsardine.com. We will respond within 30 days.

9. Data Security

We implement industry-standard security measures to protect data integrity and prevent unauthorized access:

  • HTTPS encryption (TLS 1.3) for all Website traffic
  • Content Security Policy (CSP) to prevent XSS attacks
  • Regular security updates and server hardening
  • Access controls and authentication for server infrastructure
  • Database encryption and secure credential management

Limitation of Liability: While we strive to protect data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

10. Opt-Out and Do Not Track

You may prevent analytics tracking using the following methods:

  • Enable "Do Not Track" (DNT) in your browser settings
  • Use browser extensions like uBlock Origin or Privacy Badger
  • Disable JavaScript (will affect Website functionality)

We honor DNT signals and will not track users who have enabled DNT.

11. Children's Privacy

This Website is not directed at individuals under the age of 16. We do not knowingly collect data from children. If we become aware that a child under 16 has provided personal information, we will take steps to delete such data immediately.

12. International Data Transfers

Our servers are located within the European Union. If you access this Website from outside the EU, your data may be transferred to and stored in the EU. By using this Website, you consent to such transfers.

13. Changes to This Privacy Policy

We reserve the right to modify this Policy at any time. Changes will be effective immediately upon posting. The "Last Updated" date at the top of this page will reflect the date of the most recent revision.

Continued use of the Website after changes constitutes your acceptance of the revised Policy. We encourage you to review this Policy periodically.

14. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or your data, contact us at:

Email: legal@skillfulsardine.com
Website: skillfulsardine.com

We will respond to all inquiries within 30 days.

15. Severability

If any provision of this Policy is found to be invalid or unenforceable, the remaining provisions shall remain in full force and effect.