Privacy Notice
How this site handles visitor data, contact messages, and security-related logs.
This page explains how ericjingryd.com processes personal data collected through the site. The site is built to minimise collection, keep access restricted, and document the processing openly.
For ordinary browsing, the main personal data processed is your IP address and basic request context needed for security, abuse handling, and operating the site. If you contact me through the contact form, the data you submit is processed as well.
Why Data Is Processed
- Operate the website securely and keep public pages available.
- Detect repeated abuse, suspicious traffic, and contact-form misuse.
- Recognise trusted or known visitor IP addresses, including manually labelled entries such as my own VPN exit IPs.
- Troubleshoot incidents, investigate security events, and maintain auditability of administrative actions.
Visitor IP Tracking
- When you visit public HTML pages, the site may store your IP address, total visit count, first seen timestamp, last seen timestamp, and last requested path.
- Certain IP entries may also receive internal metadata such as a label, group name, note, and an internal category such as trusted or abuse review when needed for administration or abuse handling.
- Visitor IP data is processed on the basis of legitimate interests under Article 6(1)(f) GDPR for site security, abuse prevention, troubleshooting, and administration.
- Visitor IP data is not used for advertising profiling or sold to third parties.
Contact Form Data
- If you send a contact message, the site stores the name, email address, subject, message content, submission timestamp, and sender IP address.
- Contact form data is used to respond to your message, manage the inbox, investigate abuse, and maintain message history for administration.
- Contact form notifications may be sent through the configured email infrastructure, and message content is encrypted before email delivery when that feature is enabled.
Recipients and Processors
- Personal data may be processed by infrastructure providers involved in hosting, reverse proxying, database operation, backups, logging, and email delivery, but only where necessary to run the site.
- Visitor IP data is not published publicly and is intended for restricted administrative access only.
- If service providers process personal data on my behalf, they do so as processors or service providers under the applicable data-protection rules.
Retention
Visitor IP data is stored only for as long as it remains useful for security and administration. Automated cleanup removes expired records.
Ordinary Visitor IP Records
90 days
Standard visitor IP records are removed after this period, measured from the last recorded activity.
Trusted IP Records
180 days
Entries explicitly marked as trusted, such as your own current VPN exit IPs, are kept longer but still expire automatically.
Abuse Review IP Records
365 days
Entries kept for abuse handling or security review have the longest retention period and should be reviewed and deleted when no longer needed.
Security Measures
- Administrative pages require authentication and role-based access control.
- The site uses strict security headers, rate limiting, and server-side validation to reduce misuse and unauthorised access.
- Stored personal data is meant to be accessible only to authorised users and service components that need it.
- Retention limits are enforced automatically for visitor IP records, with separate review windows for ordinary, trusted, and abuse-review entries.
Your Rights
- Request information about whether your personal data is processed and receive a copy where applicable.
- Request rectification of inaccurate data.
- Request erasure when the data is no longer needed or otherwise must be removed under applicable law.
- Request restriction of processing in situations provided by law.
- Object to processing that is based on legitimate interests.
- Lodge a complaint with IMY, the Swedish Authority for Privacy Protection.
Cookies and Admin Sessions
This site does not use visitor analytics cookies for ordinary browsing. A short-lived authentication cookie is set only after admin login and is used solely to access protected admin pages.
Questions, Requests, and Complaints
For privacy requests or questions about how this site processes personal data, use the contact form and state that your request concerns privacy or data protection.
If you believe your personal data has been handled unlawfully, you can lodge a complaint with IMY (Integritetsskyddsmyndigheten), the Swedish Authority for Privacy Protection.