Table of Contents
- Introduction
- Scope of This Policy
- Information I Collect
- How Information Is Collected
- How I Use Your Information
- Legal Basis for Processing
- Information Sharing & Disclosure
- Third-Party Services
- Data Security
- Data Retention
- Cookies & Tracking Technologies
- Your Privacy Rights
- Children's Privacy
- International Data Transfers
- Do Not Track
- Changes to This Policy
- Contact & Complaints
1. Introduction
Welcome to the Privacy Policy for Sahin Enam ("I", "me", "my", or "the Developer"), a professional freelance web developer operating this portfolio website at sahinenam.com (the "Site"). This Privacy Policy is designed to help you understand how I collect, use, store, and protect your personal information when you visit this Site or engage me for web development services.
I am deeply committed to respecting and protecting your privacy. In an era where personal data has become an extraordinarily valuable commodity and digital privacy is under constant pressure, I believe in transparency, data minimization, and giving you genuine control over your information. This policy is written to be as clear and readable as possible — not hidden behind layers of legal jargon — because I believe you deserve to know exactly how your information is handled.
This Privacy Policy is informed by and designed to be consistent with internationally recognized privacy standards and best practices, including the principles set out in the General Data Protection Regulation (GDPR) applicable in the European Union and European Economic Area, the California Consumer Privacy Act (CCPA), and other applicable regional and national privacy legislation. Even if you are located in a jurisdiction without comprehensive data protection laws, I apply these high standards consistently to all users.
By using this Site, submitting a contact form, or engaging my professional services, you acknowledge that you have read, understood, and agree to the collection and use of your information as described in this Privacy Policy. If you do not agree with the practices described here, please discontinue use of the Site and do not submit personal information.
2. Scope of This Policy
This Privacy Policy applies to:
- All visitors to the Site, regardless of whether they contact me or engage my services.
- Individuals who submit inquiries or messages through the contact form on the Site.
- Clients who hire me for web development, design, or consulting services.
- Any person who communicates with me via email, social media, or other digital channels in connection with this Site or my services.
This policy does not apply to:
- Third-party websites, platforms, or services that may be linked to or from this Site. Each external website or service has its own privacy policy, and I encourage you to review those policies independently.
- Websites or applications that I develop for clients. Those sites are governed by the privacy policies established by each respective client.
3. Information I Collect
I follow a principle of data minimization — I collect only the information that is genuinely necessary for the purposes described in this policy. I do not collect sensitive personal data (such as payment card numbers, government ID numbers, health information, or biometric data) through this Site.
3.1 Information You Provide Directly
When you voluntarily contact me through the contact form or via email, you may provide:
- Name: Your first name, last name, or the name you prefer to go by, used to address you personally in correspondence.
- Email Address: Your email address, used to respond to your inquiry and communicate about potential or ongoing projects.
- Phone Number: If provided, used only for project-related communication if you prefer phone or video calls.
- Company or Organization Name: If relevant to your inquiry, to better understand the context of the project.
- Project Details & Message Content: Any description of your project requirements, questions, or other information you choose to share in your message. This may include budget information, timeline requirements, or technical specifications.
3.2 Information Collected Automatically
When you visit the Site, certain technical information is collected automatically by the hosting infrastructure and any analytics tools in use. This may include:
- IP Address: Your device's Internet Protocol (IP) address, which may indicate your approximate geographic location (typically at city or regional level, not precise street address).
- Browser & Device Information: The type of web browser you are using (e.g., Chrome, Firefox, Safari), the operating system, device type (desktop, mobile, tablet), and screen resolution.
- Pages Visited: Which pages on the Site you viewed, how long you spent on each page, and the order in which you navigated through the Site.
- Referring URL: The web address of the page that linked you to this Site (e.g., a search engine results page or a social media profile).
- Date & Time: The date and time of your visit to the Site.
- Session Data: General information about your browsing session used for analytics purposes.
This automatically collected technical information is used in aggregate and anonymized form to understand how the Site is being used and to make improvements. It is not used to identify you personally.
3.3 Client Project Data
When you engage me as a client, I may collect additional information necessary to complete your project. This can include:
- Business information, such as your company name, website URL, and industry.
- Access credentials for hosting accounts, content management systems, or other platforms (shared securely and deleted after project completion).
- Brand assets, including logos, images, and design guidelines you provide.
- Content you supply for inclusion in your project, such as text copy, photographs, or other media.
- Billing information such as invoice address (payment processing is handled via third-party platforms; I do not store payment card details).
4. How Information Is Collected
I collect your personal information through the following means:
- Contact Form: The primary method through which visitors submit inquiries on this Site. Form submissions are transmitted securely and stored in a backend database or email system.
- Direct Email Communication: When you send an email to my professional email address, that communication and its contents are received and stored in my email service.
- Cookies & Tracking Technologies: Automated data collection via cookies and similar technologies, as described in Section 11 of this policy.
- Analytics Services: Third-party analytics tools that process technical visit data to help me understand Site usage patterns.
- Project Collaboration: Information shared during the active delivery of web development services, such as content provided via email, file-sharing platforms, or project management tools.
5. How I Use Your Information
I use the personal information I collect for the following specific, legitimate purposes:
5.1 Responding to Inquiries
When you contact me through the form or via email, I use your name and contact details to send a personal response to your inquiry. I aim to respond to all inquiries within 1–2 business days. Your message content helps me understand your needs and give you a relevant, tailored response.
5.2 Providing Web Development Services
If you hire me for a project, I use the information you provide — including project requirements, content, access credentials, and communication history — solely to plan, develop, and deliver the agreed-upon services. All project-related data is used exclusively for the completion of your project.
5.3 Project Communication & Administration
Your contact information is used to communicate about project progress, share deliverables for review, request feedback, send invoices, and manage all other administrative aspects of our professional engagement.
5.4 Site Improvement & Analytics
Aggregated, anonymized technical data collected from Site visitors is analyzed to understand which pages are most valuable, how visitors navigate the Site, what devices and browsers they use, and where improvements can be made to the user experience and content.
5.5 Legal Compliance & Protection
In limited circumstances, I may use or disclose personal information as required by applicable law, court order, or regulatory authority, or to protect my legal rights, defend against claims, or prevent fraud or other illegal activity.
What I do NOT use your information for:
- Selling, renting, or trading your personal data to any third party for commercial purposes.
- Sending unsolicited marketing emails or newsletters (unless you explicitly opt in to such communications).
- Profiling you for targeted advertising purposes.
- Any purpose not described in this Privacy Policy without first obtaining your consent.
6. Legal Basis for Processing (GDPR)
If you are located in the European Union or European Economic Area, the General Data Protection Regulation (GDPR) requires that I have a lawful legal basis for processing your personal data. Depending on the purpose of processing, I rely on the following legal bases:
- Consent (Article 6(1)(a) GDPR): When you submit the contact form, you are voluntarily providing your information and consenting to me using it to respond to your inquiry. Where I use analytics cookies, I seek your consent where required by applicable law.
- Contractual Necessity (Article 6(1)(b) GDPR): When you hire me for services, processing your personal data is necessary to enter into and perform our contract, including delivering the agreed work and processing invoices.
- Legitimate Interests (Article 6(1)(f) GDPR): I rely on my legitimate interests to maintain and improve this Site, process basic analytics data, and protect my legal rights. These legitimate interests are balanced against your rights and do not override your fundamental privacy interests.
- Legal Obligation (Article 6(1)(c) GDPR): In some cases, I may be required to process or retain your data to comply with a legal obligation.
7. Information Sharing & Disclosure
Your privacy is important to me, and I do not share your personal information except in the limited circumstances described below.
7.1 No Sale of Personal Data
I do not sell, rent, trade, or otherwise commercially exploit your personal information. Your data is not a product.
7.2 Service Providers
I may share limited personal information with trusted third-party service providers who assist in operating this Site and delivering services. These providers are carefully selected and are only given access to the information they need to perform their specific functions. Examples include:
- Hosting providers that store website data and form submissions on secure servers.
- Email service providers used to receive and send professional correspondence.
- Analytics platforms that process anonymized Site usage data.
- Payment processors used to send or receive invoices (these services handle billing data under their own strict privacy and security standards; I do not store payment card numbers).
- Cloud storage and file-sharing services used to exchange project files with clients.
All service providers are required to handle your information securely, use it only for the purposes for which it was shared, and comply with applicable data protection laws.
7.3 Legal Requirements
I may disclose your personal information if required to do so by law, or in response to valid legal processes such as a court order, subpoena, or government request. Where legally permissible, I will attempt to notify you before complying with such a request.
7.4 Protection of Rights
I may disclose information where I believe it is necessary to: protect my legal rights; enforce my Terms of Service; prevent or investigate possible fraud or illegal activity; protect the safety or security of any person; or defend against legal claims.
7.5 Business Transfers
In the unlikely event that my business is sold, merged, or transferred to another entity, client information may be transferred as part of that transaction. You will be notified of any such change and your information will continue to be protected in accordance with this Privacy Policy.
8. Third-Party Services
This Site may use, link to, or integrate with third-party services. The following categories of third-party services may be involved:
- Firebase (Google): Used for backend services including data storage and contact form submissions. Firebase is operated by Google LLC and is subject to Google's Privacy Policy. Data processed by Firebase may be stored on servers in multiple countries.
- Google Fonts: This Site loads fonts from Google Fonts servers, which involves your browser making a request to Google's servers. Google may collect certain technical data associated with this request. See Google's Privacy Policy for details.
- Analytics Services: If analytics are enabled on this Site, visitor data is processed in aggregated, anonymized form to understand Site usage patterns.
- Social Media Platforms: My professional profiles on platforms such as LinkedIn, GitHub, and others are governed by those platforms' own privacy policies.
I encourage you to review the privacy policies of any third-party services before using them. I am not responsible for the privacy practices of third-party services.
9. Data Security
I take the security of your personal information seriously and implement a range of technical and organizational measures to protect it against unauthorized access, disclosure, alteration, or destruction.
9.1 Technical Measures
- HTTPS / TLS Encryption: This Site uses HTTPS with Transport Layer Security (TLS) encryption, ensuring that data transmitted between your browser and the Site is encrypted in transit.
- Secure Hosting Infrastructure: Site data and form submissions are stored on reputable, security-conscious hosting platforms with appropriate access controls and data protection measures.
- Access Controls: Access to systems and databases containing personal information is restricted to authorized individuals (in this case, primarily myself) and protected by strong, unique passwords and, where available, multi-factor authentication.
- Regular Updates: All software, plugins, and dependencies are kept up to date to minimize exposure to known security vulnerabilities.
9.2 Organizational Measures
- Credentials and sensitive client information shared during projects are stored securely and deleted promptly after the project concludes.
- I do not transmit sensitive access credentials via unencrypted channels.
- I regularly review my data handling practices to identify and address potential risks.
9.3 Limitations
While I strive to use commercially reasonable and industry-standard means to protect your personal information, no method of electronic transmission or storage is 100% secure. I cannot guarantee the absolute security of information transmitted over the internet. In the event of a data breach affecting your personal information, I will notify you as required by applicable law.
10. Data Retention
I retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Specifically:
- Contact Form Inquiries: Messages from individuals who do not become clients are typically retained for up to 12 months, after which they are deleted or anonymized unless a longer retention period is legally required.
- Client Project Data: Information related to completed client projects (including correspondence, project files, and invoices) is retained for a period of up to 5 years following project completion, primarily for accounting, legal, and dispute resolution purposes. After this period, data is securely deleted or anonymized.
- Access Credentials: Login credentials, API keys, and similar sensitive information shared by clients for project purposes are deleted promptly upon project completion.
- Analytics Data: Anonymized, aggregated analytics data may be retained indefinitely as it cannot be used to identify individuals.
You may request earlier deletion of your personal data at any time, subject to any legal obligations I have to retain certain records. See Section 12 for information on exercising your privacy rights.
11. Cookies & Tracking Technologies
11.1 What Are Cookies?
Cookies are small text files that are placed on your device by websites when you visit them. They are widely used to make websites function more efficiently, to remember your preferences, and to provide information to the owners of the site. Cookies are not harmful and do not contain personally identifiable information on their own.
11.2 Types of Cookies This Site May Use
- Essential / Functional Cookies: These cookies are necessary for the basic operation of the Site, such as maintaining session state or remembering preferences you set during a visit. Without these cookies, certain Site features may not function correctly. These cookies do not require your consent as they are strictly necessary.
- Analytics Cookies: These cookies help me understand how visitors interact with the Site by collecting anonymous information such as the number of visitors, which pages are visited most often, and how visitors navigate between pages. This data is used solely to improve the Site. Where consent is required, analytics cookies will only be set after you provide it.
- Third-Party Cookies: Certain third-party services embedded in or linked from the Site (such as Google Fonts) may set their own cookies. These are governed by the respective third party's cookie and privacy policies.
11.3 Managing Cookies
You have the right to accept or decline cookies. Most web browsers automatically accept cookies, but you can modify your browser settings to decline cookies if you prefer. You can also delete cookies that have already been set on your device. Please note that if you choose to block or delete certain cookies, some features of the Site may not function as intended.
Browser-specific instructions for managing cookies can typically be found in your browser's "Help" or "Settings" menu. Common browsers include:
- Google Chrome: Settings > Privacy and Security > Cookies and other site data
- Mozilla Firefox: Options > Privacy & Security > Cookies and Site Data
- Apple Safari: Preferences > Privacy > Manage Website Data
- Microsoft Edge: Settings > Cookies and site permissions
You can also opt out of analytics tracking services directly through their opt-out mechanisms, where available.
12. Your Privacy Rights
Depending on your location and applicable privacy laws, you may have certain rights regarding your personal information. I respect these rights and will respond to all valid requests promptly and within legally required timeframes.
12.1 Right to Access
You have the right to request a copy of the personal information I hold about you, including information about how it is being used and to whom it has been disclosed. I will provide this information in a clear, accessible format.
12.2 Right to Rectification
If any personal information I hold about you is inaccurate or incomplete, you have the right to request that it be corrected. Please contact me if you believe I have incorrect information about you.
12.3 Right to Erasure ("Right to Be Forgotten")
You have the right to request that I delete your personal information where it is no longer necessary for the purpose it was collected, where you withdraw consent, or where you object to processing and there are no overriding legitimate grounds. Please note that I may be required to retain certain data for legal or accounting purposes even after receiving an erasure request.
12.4 Right to Restriction of Processing
You have the right to request that I restrict the processing of your personal data in certain circumstances — for example, while you contest the accuracy of the data, or where you have objected to processing and I am verifying whether my legitimate grounds override your interests.
12.5 Right to Data Portability
Where processing is based on your consent or on a contract, and where processing is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
12.6 Right to Object
You have the right to object to the processing of your personal data where it is based on my legitimate interests. I will cease such processing unless I can demonstrate compelling legitimate grounds that override your interests, or where processing is necessary for the establishment, exercise, or defense of legal claims.
12.7 Right to Withdraw Consent
Where I process your personal data based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
12.8 Rights Under CCPA (California Residents)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected about you, the right to know whether your personal information is sold or disclosed (it is not sold), the right to opt out of the sale of personal information (not applicable, as I do not sell data), and the right to non-discrimination for exercising your privacy rights.
12.9 How to Exercise Your Rights
To exercise any of the rights described above, please contact me using the details provided in Section 17 of this policy. I will respond to all verifiable requests within 30 days (or within the legally required timeframe in your jurisdiction). I may need to verify your identity before processing certain requests to protect against unauthorized disclosure.
13. Children's Privacy
This Site and my professional services are intended for adults and business clients. I do not knowingly collect personal information from children under the age of 13 (or under the age of 16 where required by applicable law, such as under the GDPR). If you are a parent or guardian and believe that your child has submitted personal information through this Site without your consent, please contact me immediately so that I can take appropriate steps to delete that information.
If I discover that I have inadvertently collected personal information from a child below the applicable age threshold, I will delete such information promptly.
14. International Data Transfers
Personal information collected through this Site may be transferred to, stored in, and processed in countries other than the country in which you reside. In particular, many of the third-party service providers I use (such as cloud hosting and analytics platforms) operate servers in multiple countries, including the United States and countries within the European Union.
When personal data is transferred outside of the European Economic Area (EEA) or other regions with data protection laws governing such transfers, I ensure that appropriate safeguards are in place. These safeguards may include Standard Contractual Clauses approved by the European Commission, reliance on adequacy decisions, or other legally recognized transfer mechanisms.
By using this Site or engaging my services, you acknowledge that your information may be transferred to and processed in countries that may have different data protection laws than your country of residence. I take reasonable steps to ensure that any such transfers are conducted in compliance with applicable law.
15. Do Not Track
Some browsers have a "Do Not Track" (DNT) feature that sends a signal to websites indicating that you do not wish to be tracked across websites. Currently, there is no universally accepted standard for responding to DNT signals, and this Site does not currently alter its data collection and use practices in response to DNT browser signals. If an industry standard is adopted in the future, I will revisit this policy accordingly.
16. Changes to This Privacy Policy
I may update this Privacy Policy from time to time to reflect changes in my practices, the services I provide, or applicable legal requirements. When changes are made, the revised policy will be posted on this page and the "Last updated" date at the top of this document will be revised to reflect the date of the most recent update.
For material changes that significantly affect how your personal information is used or your rights, I will make reasonable efforts to provide more prominent notice, such as by posting a notice on the Site's homepage or, where I have your contact information from a project engagement, by sending a notification directly.
I encourage you to review this Privacy Policy periodically to stay informed about how I am protecting your information. Your continued use of the Site following the posting of changes constitutes your acceptance of such changes.
17. Contact & Complaints
If you have any questions, concerns, or complaints about this Privacy Policy or my data handling practices, or if you wish to exercise any of the privacy rights described in Section 12, please contact me directly. I am committed to resolving privacy-related questions and concerns promptly and transparently.
If you are located in the European Union and you are not satisfied with my response to a privacy complaint, you have the right to lodge a complaint with the relevant supervisory authority (data protection authority) in your country of residence or the country where the alleged infringement occurred.