Privacy policy
1. Data controller
- Owner
- Jesús Porres (natural person)
- Tax ID (NIF)
- 16569822R
- Postal address
- Avda. de la Constitución, 38, 46009 Valencia, Spain
- General email
- [email protected]
- Email for GDPR rights requests
- [email protected]
- Website
- https://jesusporres.com
This policy describes how personal data is collected, processed and stored on jesusporres.com and its subdomain taller.jesusporres.com. It complies with the EU General Data Protection Regulation (GDPR, Regulation EU 2016/679) and the Spanish Information Society Services Act (LSSI-CE 34/2002).
2. Data processed, purpose and legal basis
| Processing | Data collected | Purpose | Legal basis | Retention period |
|---|---|---|---|---|
| Contact form | Name, email, message | Reply to your enquiry | Explicit consent + pre-contractual measures (art. 6.1.b GDPR) | 1 year after last communication, or until deletion request |
| Newsletter subscription | Send monthly newsletter | Explicit consent with double opt-in (art. 6.1.a GDPR) | Until subscription cancellation | |
| Workshop login (magic link) | Email, login timestamp | Allow access to authenticated area | Contract execution (art. 6.1.b GDPR) | While account is active + 90 days after deactivation |
| Auth session cookie | Encrypted session ID | Keep your session active | Legitimate interest + contract execution | Session duration (30 days with sliding renewal) |
| Visitor cookie (anonymous) | Anonymous identifier, no PII | Detect visitor type to personalise content | Legitimate interest (art. 6.1.f GDPR) | 12 months |
| Visitor events | Pages visited, referrer, browser language | Analysis without PII, service improvement | Legitimate interest (art. 6.1.f GDPR) | 12 months; IP not stored |
| Umami analytics | Anonymous visit, page, referrer | Aggregated cookieless analytics | Legitimate interest, privacy-first analytics | 24 months aggregated |
| Tool access request | Email, reason, profession | Decide whether to grant access | Explicit consent | While request is open + 6 months |
| Technical errors (Sentry) | Stack trace, browser, page | Keep service operational | Legitimate interest (art. 6.1.f GDPR) | 90 days |
Special categories of data are not processed (racial origin, political opinions, health, biometrics, etc.).
3. Data processors (third parties processing data on the controller's behalf)
| Provider | Service | Location | Safeguards |
|---|---|---|---|
| Hetzner Cloud GmbH | VPS hosting | Germany (EU) | GDPR-compliant. DPA available |
| Cloudflare, Inc. | CDN, DNS, DDoS protection | USA with Standard Contractual Clauses (SCC) | DPA + SCC art. 46 GDPR |
| Resend, Inc. | Transactional email + newsletter | USA with SCC | DPA + SCC art. 46 GDPR |
| Turso (ChiselStrike, Inc.) | libSQL database | EU (region verified at contract time) | DPA available |
| Functional Software, Inc. (Sentry) | Error tracking | USA with SCC | DPA + SCC art. 46 GDPR |
| Backblaze, Inc. | Encrypted backups | EU (B2 region verified at contract time) | DPA available |
| Banahosting Inc. | Email of the domain (@jesusporres.com) | Canada (HQ) / USA (main datacenters) with SCC | Commercial agreement. DPA available on request |
Umami runs self-hosted on the Hetzner VPS — no additional third parties are involved for web analytics.
4. How data is protected
- Encryption in transit: all connections use HTTPS with TLS 1.2+ (certificate managed by Cloudflare).
- Encryption at rest: Turso database encrypts at rest. Backblaze B2 backups are encrypted with the controller's key.
- Restricted access: only Jesús Porres has administrative access. No employees or collaborators have access to personal data without a contract.
- No sale of data: data is never sold, rented or transferred to third parties for commercial purposes.
- No automated profiling with legal effects: visitor mode detection is aggregated and anonymous; it does not make automated decisions affecting users individually.
5. Your rights and how to exercise them
Under GDPR you have the right to:
- Access: know what data is processed and obtain a copy.
- Rectification: correct inaccurate or incomplete data.
- Erasure (right to be forgotten): delete your data when no longer needed.
- Restriction of processing: temporarily suspend the use of your data.
- Portability: receive your data in a structured, machine-readable format.
- Objection: object to processing based on legitimate interest.
- Consent withdrawal: at any time, without retroactive effect.
How to exercise them: send an email to [email protected] clearly stating which right you are exercising. As a default, it is enough to write from the email address registered on jesusporres.com — I will confirm by sending a one-time link back to the same address, similar to the login magic link. Only when there are well-founded doubts about identity or the request affects particularly sensitive data, may I ask for an image of your government-issued ID (DNI/NIE/passport) — you can blur out details not needed for verification. The image will be used exclusively for verification and deleted within 7 days.
Response deadline: at most one month from receipt (extendable to three in complex cases, with prior notification).
Complaints: if you believe your data has been mishandled, you can lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.
6. Minors
Services on jesusporres.com are aimed at professionals and business owners, not minors. Data is not knowingly collected from individuals under 14. If you discover a minor has submitted data, contact us for immediate deletion.
7. Changes to this policy
Any substantial change is notified on /changelog and, if affecting active accounts, by email. The «last updated» date in the header reflects the current version.
8. Contact
For any privacy or data processing matter:
- GDPR rights email: [email protected]
- General email: [email protected]
- Postal address: Avda. de la Constitución, 38, 46009 Valencia, Spain
This policy was originally drafted with AI assistance (Claude) on 2026-05-09 and reflects the actual project configuration on the effective date.