Privacy Policy

This privacy notice for hermez.dev (“we,” “us,” or “our”) describes how and why we collect, use, and protect your personal information when you use our website and services. HERMEZ is a freelance software engineering and content creation practice operated as a sole proprietorship.

• Visit our website at hermez.dev, or any website of ours that links to this privacy notice
• Purchase web development services through our checkout system
• Submit a message through our contact form
• Engage with us in other related ways, including sales, marketing, or events

Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. You may contact us at any time at hermez.info@gmail.com.

1. What Information Do We Collect?

In Short: We collect personal information that you voluntarily provide to us through our contact form and checkout process. We do not create user accounts or require registration.

Contact Form. When you submit our contact form, we collect:

• Full name
• Email address
• Subject line
• Inquiry type (e.g., Services, Consulting, Hiring, etc.)
• Message content

Service Checkout. When you purchase a service, we collect:

• Full name
• Email address
• Project description (optional, limited to 200 characters)
• Selected service tier and add-ons

Payment Information. All payment processing is handled entirely by PayPal. We do not collect, store, or have access to your credit card numbers, bank account details, or PayPal login credentials. PayPal provides us only with your transaction ID and the payment amount upon successful completion.

Automatically Collected Information. When you visit hermez.dev, our hosting provider (Vercel) may automatically collect standard server log data, including your IP address, browser type, operating system, referring URL, and pages visited. This data is collected by the hosting infrastructure and is not accessed or analyzed by us for tracking purposes.

Sensitive Information. We do not collect or process sensitive personal information (e.g., racial or ethnic origin, health data, biometric data, or financial account numbers).

2. How Do We Process Your Information?

In Short: We process your information to deliver our services, respond to your inquiries, process payments, and send transactional emails. We do not use your data for marketing or advertising.

• To respond to inquiries. When you submit our contact form, your message is delivered to us via EmailJS so we can respond to your inquiry.
• To process payments. When you purchase a service, your order details are sent to PayPal for secure payment processing.
• To send transactional emails. After a successful payment, we send you a payment confirmation receipt via EmailJS containing your order summary, amount paid, and next steps.
• To deliver services. We use the name, email, and project description you provide to communicate about and deliver the service you purchased.
• To prevent abuse. We use an in-memory rate limiter on our payment API endpoints (not persisted, not logged) and a client-side cooldown on the contact form to prevent spam and abuse.

3. Third-Party Services

In Short: We share your information only with the third-party services necessary to operate the site and process payments.

We use the following third-party services that may receive or process your personal information:

• PayPal — Payment processing. When you make a purchase, your name, email, and order details are sent to PayPal to create and capture the payment. PayPal's handling of your data is governed by the PayPal Privacy Statement.
• EmailJS — Email delivery. Contact form submissions and payment confirmation receipts are delivered through EmailJS. Your name, email address, and message content are transmitted to EmailJS for delivery. See the EmailJS Privacy Policy.
• Google Fonts — Typography. We load the Playfair Display and JetBrains Mono typefaces from Google Fonts. When a page loads, your browser makes a request to Google's servers, which may log your IP address. See Google's Privacy Policy.
• Vercel — Hosting. hermez.dev is hosted on Vercel. Vercel collects standard server access logs (IP address, user agent, timestamp) as part of normal web hosting operations. See the Vercel Privacy Policy.
• Amazon Associates — Affiliate program. Our Gear page contains affiliate links to Amazon products. Clicking these links takes you to Amazon's website where Amazon's own tracking and cookies apply. We may earn a commission on qualifying purchases. See Amazon's Privacy Notice.
• Impact Radius (Razer) — Affiliate program. Our Gear page contains affiliate links to Razer products served through Impact Radius. A tracking pixel (display image) may be loaded on the Gear page, which transmits your IP address and user agent to Impact Radius servers. See Impact's Privacy Policy.

We do not sell, rent, or trade your personal information to any third party. We do not use any advertising networks, social media tracking pixels, or retargeting services.

4. Cookies and Local Storage

In Short: We do not set any browser cookies. We use localStorage for two functional purposes only.

hermez.dev does not set any browser cookies. We do not use cookies for analytics, advertising, or tracking. We use browser localStorage (which stays on your device and is never sent to our servers) for two purposes:

• Theme preference — Your light/dark mode selection is saved locally so it persists between visits.
• Contact form cooldown — A timestamp is stored locally to enforce a 5-minute cooldown between contact form submissions, preventing accidental duplicate messages.

You can clear this data at any time through your browser's developer tools or site data settings. Third-party services (PayPal, Google Fonts, affiliate links) may set their own cookies when you interact with them; please refer to their respective privacy policies listed in Section 3.

5. Analytics and Tracking

We do not currently use Google Analytics, Facebook Pixel, or any other analytics or tracking service on hermez.dev. If we implement analytics in the future, this privacy policy will be updated accordingly, and a cookie consent mechanism will be provided.

6. Affiliate Links

Our Gear page contains affiliate links to products we personally use and recommend. These links are part of the Amazon Associates Program and the Razer affiliate program (through Impact Radius). When you click an affiliate link:

• You are redirected to the retailer's website
• The retailer may use cookies to track that the referral came from hermez.dev
• If you make a purchase, we may earn a small commission at no extra cost to you

Affiliate links are disclosed on the Gear page. We only recommend products we personally use and believe in.

7. Data Retention

In Short: We do not operate a database. Your data exists only in transient emails and in PayPal's systems.

• Contact form submissions are delivered as emails to our inbox. They are not stored in any database. We retain these emails for as long as needed to respond to your inquiry.
• Payment confirmation emails are delivered via EmailJS and retained in our email inbox. PayPal retains transaction records per their own data retention policy.
• No database — hermez.dev does not operate a database. All content is static. We do not store customer data, form submissions, or user profiles on our server.
• Rate-limiter data (IP-based request counts) is held in server memory only, is not persisted to disk, and is cleared whenever the server restarts.

8. Data Security

We implement the following security measures to protect your information:

• All pages are served over HTTPS (TLS encryption in transit)
• Payment credentials (PayPal Client Secret, EmailJS Private Key) are stored as server-side environment variables and are never exposed to the browser
• Server-side price validation prevents manipulation of order totals
• Rate limiting protects payment API endpoints from abuse
• Contact form includes a honeypot field to prevent bot spam

However, no method of electronic transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

9. Your Privacy Rights

Since we do not maintain user accounts or a database of personal information, most traditional data rights (access, correction, deletion of account data) do not apply in the typical sense. However, you have the right to:

• Request information about what personal data we may hold about you (e.g., in email correspondence)
• Request deletion of any email correspondence we have from you
• Opt out of providing any personal information by choosing not to use our contact form or checkout
• Clear local storage at any time through your browser settings to remove theme preferences and cooldown timestamps

If you are a resident of the European Economic Area (EEA), United Kingdom, or California, you may have additional rights under GDPR, UK GDPR, or the CCPA. To exercise any of these rights, please contact us at hermez.info@gmail.com.

10. Do-Not-Track Signals

We do not currently respond to Do-Not-Track (DNT) browser signals because we do not use any analytics or tracking technologies. Since we do not track your browsing activity, enabling or disabling DNT has no effect on your experience with hermez.dev.

11. Children's Privacy

hermez.dev is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at hermez.info@gmail.com and we will promptly delete it.

12. Updates to This Policy

We may update this privacy notice from time to time. The updated version will be indicated by an updated “Last Updated” date at the top of this page. We encourage you to review this policy periodically. Your continued use of hermez.dev after any changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this privacy policy or your personal data, you may contact us at:

• Email: hermez.info@gmail.com
• Contact form: hermez.dev/contact