Privacy Policy

1. Introduction

Welcome to Gaurav Patil's Portfolio ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.gauravpatil.online.

By using our website, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide when using our services:

• Contact Forms: Name, email address, subject, message content
• Chat System: Messages, session information (handled via EmailJS)
• Bug Reports: Error descriptions, browser information, screenshots

2.2 Automatically Collected Information

We automatically collect certain information when you visit our website:

• Visitor Analytics: Browser type, device information, IP address, timezone, pages visited
• Firebase Services: Authentication data, session tokens, database interactions
• Performance Data: Page load times, API response times, error logs
• Security Data: Rate limiting metrics, spam detection data, ban information

3. How We Use Your Information

We use collected information for:

• Responding to your inquiries and communications
• Improving website functionality and user experience
• Monitoring and analyzing usage patterns and trends
• Detecting and preventing spam, abuse, and security threats
• Maintaining system performance and reliability
• Debugging errors and crashes

4. Third-Party Services

We use the following third-party services that may collect information:

• Firebase (Google): Firestore Database, Authentication, Storage, Cloud Functions
  Privacy Policy: https://firebase.google.com/support/privacy
• Vercel: Hosting and deployment services
  Privacy Policy: https://vercel.com/legal/privacy-policy
• EmailJS: Email delivery for contact forms
  Privacy Policy: https://www.emailjs.com/legal/privacy-policy/
• Cloudflare Turnstile: Bot detection and spam prevention
  Privacy Policy: https://www.cloudflare.com/privacypolicy/

5. Data Storage and Security

We implement enterprise-grade security measures to protect your information:

• Encryption: All data encrypted in transit (HTTPS/TLS 1.3) and at rest
• Access Control: Firestore Security Rules with role-based permissions
• 3-Layer Caching: Memory → Redis → Firebase architecture minimizes data exposure
• Rate Limiting: Multi-tier protection against abuse (20 msg/min chat, 3/hour forms)
• Bot Detection: Cloudflare Turnstile + behavioral analysis with 95% accuracy
• Request Deduplication: Prevents duplicate data transmissions
• Audit Logging: All admin actions logged with timestamps and IP addresses
• Automated Backups: Daily database backups with 30-day retention
• Security Monitoring: Real-time crash reporting and anomaly detection

While we employ industry best practices, no method of transmission over the Internet is 100% secure. We continuously improve our security posture.

6. Your Data Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your personal data
• Object: Object to processing of your data
• Portability: Request transfer of your data

To exercise these rights, contact us at: Contact Form

7. Cookies and Tracking

We use essential cookies and browser storage for:

• Session management and authentication
• Remembering user preferences
• Analytics and performance monitoring
• Security and fraud prevention

See our Cookie Policy for details.

8. Data Retention

We retain your information for as long as necessary to:

• Provide our services
• Comply with legal obligations
• Resolve disputes
• Enforce agreements

Chat sessions are preserved for 30 days. Deleted items in the recycle bin are permanently removed after 30 days.

9. Children's Privacy

Our website is not intended for children under 13 years of age. We do not knowingly collect information from children. If you believe we have collected data from a child, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

11. Changes to Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of our website after changes constitutes acceptance of the updated policy.

12. Contact Information

For questions about this Privacy Policy or our data practices:

• Website: www.gauravpatil.online
• Contact Form: www.gauravpatil.online/contact

13. GDPR Compliance (EU Users)

If you are in the European Economic Area (EEA), you have additional rights under GDPR:

• Right to be informed about data processing
• Right to restrict processing
• Right to data portability
• Right to object to automated decision-making
• Right to lodge a complaint with a supervisory authority

Our lawful basis for processing: Consent, Legitimate Interest, and Contract Performance.

14. Data Minimization

We follow the principle of data minimization:

• We only collect data necessary for service provision
• Anonymous visitor tracking does not require personal identification
• Chat sessions auto-expire after 30 days of inactivity
• Deleted content is permanently removed after 30 days in recycle bin
• We do not sell, rent, or trade your personal information

15. Automated Decision Making

Our systems may use automated processing for:

• Spam Detection: Automatic filtering of malicious content
• Bot Prevention: Behavioral analysis to identify automated access
• Ban Enforcement: Automatic temporary bans for policy violations

You have the right to request human review of any automated decision that affects you. Contact us to appeal any automated action.