Privacy policy • Jethro Edwards' portfolio website

Last updated: January, 2026

Jethro Edwards ("I", "me", "my", or "JethroEdwards.com") operates the website https://jethroedwards.com (the "Site").

This privacy policy explains what personal information I collect from visitors to the Site, how I use it, who I share it with (if anyone), how long I keep it, and what rights you have regarding your data.

I am committed to protecting your privacy in line with applicable data protection laws, including the UK GDPR and the Data Protection Act 2018.

1. Information I collect

a) Information you voluntarily provide

When you contact me via email, contact form, or any messaging system on the Site, I may collect:

Your name
Email address
Any other information you choose to include in your message

b) Automatically collected information

When you visit the Site, I (and my service providers) may automatically collect:

Technical / device information: IP address, browser type & version, operating system, device type, language preferences, referring URL, pages visited, time/date of visit, time spent on pages
Cookies and similar technologies: See the Cookies section below

c) Information I do not collect

I do not collect:

Payment card details (I do not process payments directly on this site)
Precise geolocation data
Special category / sensitive personal data (health, race, religion, political opinions, etc.)

2. How I use your information

I use the information collected to:

Respond to your messages, enquiries or requests
Improve the Site's performance, security and user experience
Analyse general Site usage trends (in aggregated, anonymised form)
Protect against spam, abuse, and security threats
Comply with legal obligations

I do not use your personal information for automated decision-making or profiling that produces legal effects.

3. Cookies & similar technologies

This Site uses cookies and similar tracking technologies.

Essential / strictly necessary cookies
These are required for the Site to function (e.g. security, navigation). You cannot opt out of these.

Analytics cookies (e.g. Google Analytics and Hotjar)
These help me understand how visitors use the Site. Data is anonymised where possible (IP anonymisation enabled). You can opt out via your browser settings or tools provided by the analytics provider.

Third-party cookies
Some pages may include embedded content (e.g. YouTube videos, Twitter/X embeds, fonts from Google Fonts, etc.) which can set cookies. I have no direct control over these.

You can manage cookies via:

Your browser settings
The cookie banner (if present)
Opt-out tools of third parties (e.g. for Google Analytics)

4. Legal basis for processing (UK GDPR)

My processing is based on:

Legitimate interests — responding to enquiries, Site improvement & security (balanced against your rights)
Consent — where you explicitly agree (e.g. optional analytics cookies, newsletter sign-up if present)
Legal obligation — when required by law

5. Sharing your information

I do not sell your personal data.

I may share data with:

Hosting / infrastructure providers (e.g. Vercel, Netlify, Cloudflare, AWS, etc.)
Analytics providers (e.g. Google Analytics & Hotjar - anonymised)
Email service providers (if you contact me via form and I use a service like Web3Forms, Formspree, EmailJS, etc.)
Legal authorities — only if required by law, court order, or to protect rights/safety

All third parties are required to protect your data and process it only for the purposes instructed.

6. Data storage & international transfers

Data is stored primarily in the European Economic Area (EEA) or in countries with adequacy decisions.

Where data is transferred outside the EEA (e.g. to US-based providers), appropriate safeguards are in place, such as:

UK International Data Transfer Agreement / Addendum
Standard Contractual Clauses
Data Processing Agreements

7. How Long I Keep Your Data

Enquiry/contact form messages: kept for up to 12-24 months (unless longer retention is required for legal reasons)
Analytics data: retained for the period set by the provider (usually 14-26 months, anonymised)
Logs/security data: usually 30-90 days

I delete or anonymise data when it is no longer needed.

8. Your rights

Under UK GDPR you have the right to:

Access your personal data
Correct inaccurate data
Delete your data (erasure)
Restrict processing
Object to processing (especially based on legitimate interests)
Data portability (where applicable)

To exercise these rights, contact me through the contact form.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO): https://ico.org.uk/make-a-complaint

9. Security

I implement reasonable technical and organisational measures to protect your data (HTTPS, secure hosting, limited access, etc.). However, no method of transmission over the internet is 100% secure.

10. Children's privacy

This Site is not directed at children under 16. I do not knowingly collect personal data from children under 16.

11. Changes to this privacy policy

I may update this policy from time to time. The “Last updated” date at the top shows when changes were last made. Significant changes will be communicated via a notice on the Site.