Privacy & Cookie Policy for injoque.dev

Last Updated: May 6, 2025

1. Introduction

Welcome to the personal portfolio website of Fernando Injoque (injoque.dev). This Privacy & Cookie Policy explains how Fernando Injoque ("I", "me", "my") collects, uses, shares, and protects information obtained from visitors ("you") to this website.

Protecting your privacy is important to me. This policy outlines the types of data collected, including through our custom analytics system and third-party services, the purposes for processing that data, the legal basis for doing so, and your rights regarding your personal information.

By using this website after being presented with the cookie consent banner, you acknowledge the practices described in this policy.

2. Data Controller

The data controller responsible for the processing of personal data collected through this website is:

• Fernando Injoque
• Lima, Peru
• Contact Email: legal@injoque.dev

3. Information We Collect

I collect information to understand website usage, improve user experience, ensure security, and respond to inquiries. The types of information collected include:

a) Information Collected via Custom Analytics (Subject to Your Consent):

When you consent to analytics tracking via our cookie banner, the following information may be collected and processed:

• • Event Type: The specific action taken (e.g., page_view, section_view, click, hover).
• • Event Details (payload): Contextual data associated with the event, stored in a structured format (JSONB). This may include:
  • ◦ URL visited (location.href)
  • ◦ Page title (document.title)
  • ◦ Page pathname (location.pathname)
  • ◦ Section viewed (e.g., 'about', 'projects')
  • ◦ Element interacted with (e.g., identifier of a button or link)
  • ◦ Text content of the element interacted with
  • ◦ Target URL (href) of clicked links
  • ◦ UTM Parameters (utm_source, utm_medium, utm_campaign, utm_term, utm_content from the URL, if present)
  • ◦ Timestamp of the event
• • Session ID: A randomly generated unique identifier (sessionId stored in sessionStorage) used solely to link together events occurring during a single browsing session. This ID is temporary and is cleared when you close your browser tab/window.
• • IP Address: Your Internet Protocol address. This is collected to help identify unique visitors (approximately) and is used for GeoIP lookups (see below). We store the IP address associated with events.
• • User Agent: Information about your browser type, version, and operating system provided by your browser.
• • Referrer URL: The address of the webpage you came from before visiting this site, if provided by your browser.
• • Device Information: Screen width and height, browser viewport width and height.
• • Browser Information: Preferred language (navigator.language), inferred timezone (Intl.DateTimeFormat().resolvedOptions().timeZone).

b) Information Collected via Contact Form:

If you use the contact form, I collect:

• • Your Name
• • Your Email Address
• • Your Message Content

This information is processed via Formspree to deliver your message to me.

c) Information Collected for Security (reCAPTCHA):

This website uses Google reCAPTCHA v3 on the contact form to protect against spam and automated abuse. reCAPTCHA collects hardware and software information, such as device and application data, and sends it to Google for analysis to determine whether the visitor is likely human. This service operates under Google's Privacy Policy and Terms of Service.

4. How We Use Your Information

The information collected is used for the following purposes:

• • Website Analytics: To understand how visitors navigate and interact with the website, identify popular content and features, analyze traffic sources (referrers, UTM campaigns), understand general user demographics (browser, device type, approximate location via GeoIP), and generate aggregated statistical reports to improve the website's design, content, and performance.
• • AI-Driven Insights: Aggregated and anonymized analytics data (summarized metrics like total visits, top pages, top referrers, top countries etc., not individual event logs) may be sent periodically to the OpenAI API to generate high-level insights, trends, or summaries about website usage patterns. This helps in understanding the overall performance without analyzing raw individual data points manually.
• • GeoIP Location: IP addresses collected via analytics are used to determine the approximate geographical location (country, region, city) of visitors using the ipinfo.io service. This aggregated location data helps understand the global audience reach.
• • Security: To protect the website and its functionalities (like the contact form) from spam and automated abuse using Google reCAPTCHA v3.
• • Communication: To respond to inquiries submitted through the contact form.
• • Functionality: To ensure the website functions correctly.

5. Legal Basis for Processing (GDPR)

If you are accessing this website from the European Economic Area (EEA), the processing of your personal data is based on the following legal grounds:

• • Consent: For the collection and processing of analytics data described in section 3a (including associated cookies/storage like sessionId's purpose), the legal basis is your explicit consent, which you provide via the cookie consent banner. You can withdraw this consent at any time through the banner settings.
• • Legitimate Interests: For the use of Google reCAPTCHA v3, the legal basis is my legitimate interest in protecting the website and its contact form from spam and abuse. We ensure transparency about its use.
• • Contractual Necessity / Legitimate Interests: For processing data submitted through the contact form, the basis is taking steps at your request prior to potentially entering into a contract (if inquiring about services) or my legitimate interest in responding to your communication.

6. Cookies, Session Storage, and Similar Technologies

This website uses the following:

• • Cookies (reCAPTCHA): Google reCAPTCHA v3 sets cookies (e.g., _GRECAPTCHA) on your browser. These cookies are essential for its risk analysis function to distinguish between human users and bots. These are categorized as Strictly Necessary or Functional for security purposes and are loaded automatically. By using the contact form, you interact with this service. For more information, please review Google's Privacy Policy and Terms of Service.
• • Session Storage (sessionId): As part of our custom analytics (which requires your consent), we use browser sessionStorage to store a randomly generated sessionId. This is not a traditional cookie. Session storage is temporary and is automatically cleared by your browser when you close the browser tab or window where you viewed the website. It is used solely to link together the sequence of actions (page views, clicks, etc.) you perform during a single visit for analytical purposes. This storage is categorized under Analytics/Performance in our consent banner.

You can manage your consent preferences for non-essential technologies (like our analytics sessionId) through the cookie consent banner presented when you first visit the site. You can also typically control cookies through your browser settings.

7. Data Sharing and Third Parties

I do not sell your personal information. However, I share information with the following third-party service providers who assist in operating the website and processing data:

• • Supabase: Provides the backend infrastructure, including PostgreSQL database hosting for storing analytics data and Edge Functions (Deno runtime) for processing tracking events and generating automated reports. Data is processed according to their policies.
• • GitHub Pages: Hosts the static frontend files of this website. Data may be processed according to their policies.
• • Google (reCAPTCHA): Provides the reCAPTCHA v3 service for spam protection. Information collected by reCAPTCHA is subject to Google's policies.
• • Formspree: Processes submissions from the contact form to deliver them via email.
• • OpenAI: Aggregated, anonymized analytics data summaries (not individual event logs or personal data like full IP addresses) are sent to the OpenAI API to generate automated weekly insights.
• • Resend: Used to send the automated weekly analytics report email.
• • ipinfo.io: IP addresses collected via analytics are sent to ipinfo.io to obtain approximate geolocation data.

8. Data Retention

• Analytics Data: Raw event logs stored in the Supabase database, including associated IP addresses and session IDs, will be retained for a period of 12 months for analysis and reporting purposes, after which they may be deleted or fully anonymized. Aggregated statistical data (which does not identify individuals) may be retained indefinitely.
• Contact Form Submissions: Emails received via Formspree are retained as necessary to respond to inquiries and for record-keeping, typically for 24 months unless required longer for legal reasons.
• Session Storage (sessionId): Cleared automatically when you close your browser tab/window.

9. Data Security

I take reasonable technical and organizational measures to protect the information collected. This includes using reputable service providers like Supabase and GitHub Pages, utilizing secure connections (HTTPS), and managing access controls. However, no internet transmission or electronic storage is 100% secure, and I cannot guarantee absolute security.

10. Your Data Protection Rights

Depending on your location, you may have the following rights regarding your personal data:

• • Right to Access: You can request copies of your personal data.
• • Right to Rectification: You can request correction of inaccurate information or completion of incomplete information.
• • Right to Erasure: You can request the deletion of your personal data under certain conditions.
• • Right to Restrict Processing: You can request the restriction of processing your personal data under certain conditions.
• • Right to Object to Processing: You can object to the processing of your personal data under certain conditions (especially where based on legitimate interests).
• • Right to Data Portability: You can request the transfer of data collected to another organization, or directly to you, under certain conditions.
• • Right to Withdraw Consent: Where processing is based on consent (like analytics), you can withdraw your consent at any time via the cookie consent settings.

To exercise any of these rights, please contact me at legal@injoque.dev. I will respond to your request in accordance with applicable data protection laws. You may also have the right to lodge a complaint with a relevant data protection authority.

11. Children's Privacy

This website is not intended for use by children under the age of 16. I do not knowingly collect personal information from children. If you believe a child has provided me with personal information, please contact me, and I will take steps to delete it.

12. Changes to This Policy

I may update this Privacy & Cookie Policy from time to time. Any changes will be posted on this page with an updated "Last Updated" date. I encourage you to review this policy periodically.

13. Contact Information

If you have any questions about this Privacy & Cookie Policy or my data practices, please contact me at:

• Fernando Injoque
• Email: legal@injoque.dev