Privacy Policy

Last updated: February 4, 2026

This Privacy Policy explains how information is collected, used, and protected when you visit krishsanghavi.dev (the "Website").

Definitions and Key Terms

• Website refers to krishsanghavi.dev
• User refers to anyone visiting or contacting through the Website
• Personal Data refers to information you voluntarily provide (name, email, message)

Information We Collect

We collect information only when you voluntarily submit it through the contact form, including:

• Name
• Email address
• Message content

Automatically Collected Technical Information:

• IP address (for rate limiting and spam prevention)
• Browser type and version
• Device type (desktop/mobile)
• Timestamp of form submission

We do NOT collect:

• Passwords or account credentials
• Payment information
• Social security numbers
• Location data (GPS)
• Browsing history or cookies

How We Use Your Information

The information you provide is used strictly to:

• Respond to your inquiries
• Communicate regarding your message
• Prevent spam and abuse

We do NOT:

• Send newsletters or marketing emails
• Share or sell your data
• Profile users for advertising
• Track your behavior across websites

Spam Prevention & Rate Limiting

To protect against spam and abuse, we implement:

• Rate limiting (maximum 3 contact form submissions per minute from the same IP address)
• Input validation and sanitization
• Server-side security checks

Your IP address may be temporarily stored for rate limiting purposes and is automatically deleted after 24-48 hours.

Cookies & Tracking Technologies

This Website does not use cookies for tracking, analytics, or advertising purposes.

Essential Functionality Only:

The Website may use browser storage solely for:

• Remembering form submission status (to show success/error messages)
• Preventing duplicate form submissions

This data is stored only in your browser and is never transmitted to our servers.

We do NOT use:

• Google Analytics
• Facebook Pixel
• Retargeting tools
• Advertising trackers
• Third-party cookies

Third-Party Services

This Website uses the following third-party services:

Hosting & Infrastructure

Vercel (https://vercel.com) - Website hosting and deployment

• Data processed: Request metadata and server logs
• Privacy Policy: https://vercel.com/legal/privacy-policy

Email Delivery

Resend (https://resend.com) - Contact form email delivery

• Data processed: Name, email address, message content
• Privacy Policy: https://resend.com/legal/privacy-policy

These services process data only as required to provide functionality and are bound by their respective privacy policies.

Data Security

We implement the following security measures:

Technical Protections:

• HTTPS/TLS encryption for all data transmission
• Server-side input validation and sanitization
• Rate limiting to prevent spam and abuse
• XSS (Cross-Site Scripting) protection
• CSRF (Cross-Site Request Forgery) protection

Organizational Measures:

• Access to submitted data limited to site owner only
• No sharing of data with third parties (except email service provider)
• Regular security updates and dependency audits

Important: No system can be guaranteed 100% secure. While we follow industry best practices, you should not submit highly sensitive information (e.g., passwords, financial data) through the contact form.

Data Retention

Contact Form Submissions:

• Retained for up to 12 months from submission date
• Retained longer only if ongoing correspondence is active
• You may request deletion at any time

Technical Logs (IP addresses, timestamps):

• Retained for 24-48 hours for spam prevention
• Automatically deleted after this period

Email Records:

• Emails sent via contact form are retained in email inbox according to standard email retention
• Subject to deletion upon request

Your Rights

You have the following rights regarding your personal data:

• Right to Access: Request a copy of the data we hold about you
• Right to Correction: Request correction of inaccurate information
• Right to Deletion: Request deletion of your data
• Right to Object: Object to processing of your data
• Right to Data Portability: Request your data in a portable format

To exercise these rights: Contact me with your request. I will respond within 30 days.

International Data Transfers (GDPR)

If you are located in the European Economic Area (EEA), please note:

• Your data may be transferred to and processed in the United States
• Data processing is based on your consent when submitting the contact form
• You have the right to lodge a complaint with your local data protection authority

Children's Privacy

This Website is not intended for children under 13. We do not knowingly collect personal information from children.

Changes to This Privacy Policy

This Privacy Policy may be updated occasionally. Changes will be reflected on this page with an updated revision date.

Contact

For questions regarding this Privacy Policy or to exercise your data rights, you may use the Website's contact form.

© 2026 Krish Sanghavi. All rights reserved.