Privacy Policy
Effective date: March 16, 2026
Last updated: March 16, 2026
Quick Summary: I collect only what I need, I don't sell your data, I use reputable providers (Wix, Google Analytics) under contracts, and you can request deletion anytime.
────────────────────────────────────────
1. WHO IS RESPONSIBLE (DATA CONTROLLER)
Controller: Carlos A. Munoz, Cupertino, CA, USA.
Contact: mnzcrls15@gmail.com
If you are in the EEA/UK, I am the controller for your data collected through the Site. I do not currently appoint an EU/UK representative under GDPR Art. 27 because my processing is occasional and low-risk; if that changes, I will update this Policy.
────────────────────────────────────────
2. SCOPE
This Policy applies to personal information collected online via this Site, contact forms, and any embedded tools I operate. It does not apply to third-party websites, apps, or platforms that I link to (see §14).
────────────────────────────────────────
3. WHAT I COLLECT
I only collect information that is relevant to my Services.
A. Information you provide directly
- Contact & Identity: name, email, company, role, and message content (contact form, comments, replies).
- Consulting inquiries (optional): project details you share, meeting notes, and related files you attach.
- Surveys (optional): responses, ratings, testimonials.
B. Information collected automatically
- Technical/Usage data: IP address, device and browser type, pages viewed, referring/exit pages, timestamps, approximate location (city/country), scroll/click events (used to improve the Site).
- Cookies/Beacons/SDKs: described in §8 and the Cookie Table in Appendix A.
C. Information from third parties
- Analytics provider (Google Analytics) — traffic and engagement metrics.
Note: I do not intentionally collect sensitive categories of data (e.g., health information, government IDs). Please do not submit them.
────────────────────────────────────────
4. WHY I COLLECT IT (PURPOSES) & GDPR LAWFUL BASES
Provide and operate the Site
Examples: Load pages, remember preferences, maintain uptime.
Lawful Basis: Legitimate interests (running a functional website).
Communicate with you
Examples: Reply to messages; support; announcements.
Lawful Basis: Legitimate interests; Contract (when you ask for a service).
Analytics & improvement
Examples: Measure traffic, popular content, UX issues.
Lawful Basis: Legitimate interests (improving the Site).
Security & fraud prevention
Examples: Detect abuse, protect integrity, debug.
Lawful Basis: Legitimate interests; Legal obligation.
Compliance & recordkeeping
Examples: Keep records of consents, fulfill legal rights requests.
Lawful Basis: Legal obligation; Legitimate interests.
I will request consent where required (e.g., non-essential cookies).
────────────────────────────────────────
5. DO I SELL OR SHARE YOUR DATA?
I do not sell your personal information.
I also do not "share" personal information for cross-context behavioral advertising under the California CPRA. If this ever changes, I will update this Policy and provide a "Do Not Sell or Share My Personal Information" link.
────────────────────────────────────────
6. WHO GETS ACCESS (DISCLOSURES TO THIRD PARTIES)
I disclose data only to service providers that help me operate the Services, under contracts that limit how they may use your data:
- Hosting & site platform: Wix (site hosting, cookie banner functionality, performance).
- Analytics: Google Analytics (aggregated traffic insights; IP anonymization enabled).
- Productivity/Storage: Google Workspace/Drive (email, files).
- Professional advisors & legal: accountants, lawyers (only if necessary).
- Authorities: when required by law or to protect rights, safety, and security.
I require each provider to process data only to deliver their service to me, to keep it secure, and to delete it when no longer needed.
────────────────────────────────────────
7. INTERNATIONAL TRANSFERS
Data may be processed in the United States or other countries where providers operate. When transferring personal data from the EEA/UK to third countries, I rely on Standard Contractual Clauses (SCCs) or other lawful safeguards offered by providers. You can request more details by email (see §15).
────────────────────────────────────────
8. COOKIES, TRACKERS & YOUR CHOICES
Cookies and similar technologies store or access information on your device to run the Site, remember settings, and measure performance.
Types I use:
- Strictly necessary: security, load balancing, cookie consent state.
- Functional: remember preferences.
- Analytics: page views, time on page, referrers, device stats. Google Analytics is configured with IP anonymization enabled.
How to control them:
- Use the "Cookie Settings" link in the banner to accept or decline non-essential cookies.
- Browser-level controls: clear or block cookies and set tracking protections.
- Google Analytics opt-out: https://tools.google.com/dlpage/gaoptout
- Global Privacy Control (GPC): When technically feasible, I treat GPC signals as opt-outs for relevant jurisdictions.
Do Not Track: I currently do not respond to DNT signals due to the lack of a universal standard.
────────────────────────────────────────
9. HOW LONG I KEEP YOUR DATA (RETENTION)
I keep personal information only as long as necessary for the purposes described in §4, or as required by law, then delete or anonymize it:
- Contact form & business inquiries: up to 24 months after last interaction.
- Analytics logs: typically 14–26 months (provider defaults).
- Security logs: up to 12 months unless needed for an investigation.
- Contracts/invoices (if applicable): 7 years (tax/records).
────────────────────────────────────────
10. SECURITY
I use reasonable technical and organizational measures, including HTTPS/TLS, access controls, least-privilege access, provider due diligence, and deletion protocols. However, no method of transmission or storage is completely secure.
────────────────────────────────────────
11. YOUR RIGHTS
Your privacy rights depend on your location. I will honor applicable requests and will not discriminate for exercising them.
All users can:
- Unsubscribe from any communications via the link in those messages.
- Access, correct, delete, or export personal information I hold about you.
- Object or restrict certain processing where permitted.
- Withdraw consent (does not affect prior lawful processing).
How to exercise: Email mnzcrls15@gmail.com with the subject "Privacy Request." I may need to verify your identity. You may use an authorized agent where allowed by law.
────────────────────────────────────────
12. REGION-SPECIFIC DISCLOSURES
A) California (CPRA/CCPA)
- Categories collected in the last 12 months: identifiers (name, email, IP), internet/usage data, geolocation (coarse), professional info you share.
- Business purposes: service delivery, communications, analytics, security, compliance.
- Sale/Sharing: I do not sell or share your personal information for cross-context behavioral advertising.
- Sensitive personal information: not collected.
- Non-discrimination: I will not deny goods/services or charge different prices for exercising your rights.
- Shine the Light: I do not disclose personal information to third parties for their direct marketing.
- To submit a request: see §11.
B) EEA/UK (GDPR/UK GDPR)
- You have rights to access, rectification, erasure, portability, restriction, and objection (including to processing based on legitimate interests).
- You may withdraw consent at any time for non-essential cookies.
- You may lodge a complaint with your local supervisory authority (e.g., ICO in the UK or your EU DPA). I would appreciate the chance to address your concerns first.
────────────────────────────────────────
13. CHILDREN
The Services are not directed to children under 16. I do not knowingly collect personal information from children. If you believe a child has provided me personal information, contact me and I will delete it.
────────────────────────────────────────
14. THIRD-PARTY LINKS & EMBEDDED CONTENT
The Site may include links to third-party sites or embedded content. Those services are governed by their own privacy practices. Review their policies before interacting.
Some content linked from this Site is hosted on Medium.com, which operates under its own privacy policy. Visiting those articles is subject to Medium's terms and data practices.
────────────────────────────────────────
15. CHANGES TO THIS POLICY
I may update this Policy as the Site or laws change. I will post the new Policy with an updated "Last Updated" date. Material changes will be noted prominently on the Site.
────────────────────────────────────────
16. CONTACT
Controller: Carlos A. Munoz
Email: mnzcrls15@gmail.com
Mailing address: [Your PO Box — required for CAN-SPAM compliance]
────────────────────────────────────────
APPENDIX A — COOKIE & TRACKER TABLE
Cookie/Tracker: XSRF-TOKEN, hs, svSession, bSession
Provider: Wix
Purpose: Security, session integrity, site operation
Type: Strictly Necessary
Expiry: Session – 2 years
Cookie/Tracker: _ga, _gid, _gat (GA4 equivalents)
Provider: Google Analytics
Purpose: Site usage metrics — pages, time on site, referrers (IP anonymization enabled)
Type: Analytics
Expiry: 1 day – 2 years
Cookie/Tracker: cookieConsent / cookie_settings
Provider: Wix
Purpose: Stores your cookie preferences
Type: Functional
Expiry: 12 months
────────────────────────────────────────
APPENDIX B — DATA RETENTION MATRIX
Contact form | Name, email, message content | 24 months
Analytics | Aggregated metrics, device/browser stats | 14–26 months (provider default)
Security logs | IP, user agent, error logs | Up to 12 months
Contracts/invoices (if applicable) | Client details, invoice records | 7 years
────────────────────────────────────────
APPENDIX C — LAWFUL BASES MAPPING (GDPR)
- Consent: non-essential cookies.
- Contract: responding to service requests, delivering paid or quoted services if you engage me.
- Legitimate interests: site operation, analytics improvement, security, internal administration, responding to unsolicited inquiries.
- Legal obligation: tax/accounting records; responding to lawful requests.
────────────────────────────────────────
carlosamunoz.com — Privacy Policy — Last updated March 16, 2026