Privacy Policy

1. Introduction

Welcome to devSteve.com ("Site", "we", "us", or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

This Site is operated by Steve Noll as a personal portfolio and blog. We are committed to protecting your privacy and being transparent about our data practices.

By using this Site, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Site.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide when you:

Contact Form Submissions:

• Name (required)
• Email address (required)
• Message content (required)

Blog Comment Submissions:

• Name (required)
• Comment text (required)
• Blog post identifier (automatically captured)

2.2 Automatically Collected Information

When you visit our Site, we automatically collect certain technical information:

Device Fingerprint (Client Identification):

For anti-spam purposes, we generate a non-persistent identifier based on browser information, screen properties, device capabilities, and system information. This fingerprint is hashed using SHA256 and does not personally identify you. It is used solely for our proof-of-work anti-spam system.

Request Information:

• IP address
• User agent string
• Browser language preference
• Device platform
• Timestamp of request
• Pages viewed (content identifiers)

Session Data:

We temporarily store encrypted session data in your browser's sessionStorage, including device fingerprint hash, proof-of-work challenge data, and form field cache. This data is automatically deleted when you close your browser tab.

2.3 Information We Do NOT Collect

We do not collect:

• Passwords or authentication credentials (we have no user accounts)
• Payment or financial information
• Precise geolocation data
• Social security numbers or government IDs
• Biometric data
• Third-party tracking data (we don't use Google Analytics or similar services)

3. How We Use Your Information

3.1 Contact Form Submissions

• To respond to your inquiries and requests
• To communicate with you about your submission
• To maintain records of correspondence

3.2 Blog Comments

• To display your comments on blog posts
• To moderate and prevent spam/abusive content
• To maintain blog community engagement

3.3 Device Fingerprinting

• To implement our proof-of-work anti-spam system
• To prevent automated spam and abuse
• To rate-limit API requests
• To block malicious actors

3.4 Analytics and Site Improvement

• To track page views (content identifiers only)
• To understand which content is most popular
• To improve Site performance and user experience

3.5 Security and Legal Compliance

• To protect against security threats
• To enforce our terms of service
• To comply with legal obligations
• To detect and prevent fraud or abuse

4. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), our legal basis for collecting and using your information depends on the data and context:

• Consent: When you submit a contact form or blog comment, you explicitly consent to our processing of that information.
• Legitimate Interests: We process device fingerprints and request data based on our legitimate interest in preventing spam, securing our Site, and improving user experience. These interests are not overridden by your privacy rights.

5. Data Storage and Security

5.1 How We Store Your Data

Contact Form and Blog Comment Data:

• Stored in encrypted JSON files on our server
• Encrypted using AES encryption
• Located in secure directories
• Protected by server-level access controls

Session Data:

• Stored temporarily in your browser's sessionStorage
• Encrypted using AES with client-side key derivation
• Automatically cleared when browser tab closes
• Not accessible to third parties

5.2 Security Measures

We implement industry-standard security measures to protect your information:

Technical Safeguards:

• HTTPS/TLS encryption for all data transmission
• HTTP Strict Transport Security (HSTS) with preload
• AES encryption for stored form submissions
• Content Security Policy (CSP) restricting unauthorized scripts
• Input validation and sanitization (XSS, NoSQL injection protection)
• Rate limiting and request throttling
• Request timeout limits
• Secure HTTP headers

Despite our security measures, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your information.

6. Data Retention

• Contact Form Submissions: Retained indefinitely until manually deleted. We keep this data to maintain records of correspondence and user inquiries.
• Blog Comments: Retained indefinitely to preserve blog post discussions and community contributions.
• Session Data: Automatically deleted when you close your browser tab.
• Server Logs: Retained according to standard server logging practices (typically 30-90 days, but may vary).

You may request deletion of your submitted data at any time (see Section 9).

7. Data Sharing and Disclosure

7.1 Third-Party Sharing

We do NOT share, sell, rent, or trade your personal information with third parties for their commercial purposes.

7.2 Service Providers

We do not currently use third-party service providers to process your data. All data processing occurs on our own infrastructure.

7.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal process (subpoena, court order, government request)
• Enforcement of our Site policies
• Protection of our rights, property, or safety
• Investigation of fraud, security issues, or technical problems

7.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information becomes subject to a different privacy policy.

8. Cookies and Tracking Technologies

8.1 Cookies

We do NOT use traditional HTTP cookies.

8.2 SessionStorage

We use browser sessionStorage (not cookies) to temporarily store:

• Encrypted application state
• Form field cache for user convenience
• Proof-of-work challenge data
• Client session identifier

SessionStorage data:

• Is stored only in your browser
• Is not sent to our server automatically
• Is deleted when you close the browser tab
• Cannot be accessed by other websites

8.3 Custom Headers

We use custom HTTP headers for request identification:

• Site-Client-Id: Your device fingerprint hash
• Proof-of-work verification headers (powc-chain, powc-timestamp, etc.)

8.4 Third-Party Analytics

We do NOT use:

• Google Analytics
• Facebook Pixel
• Third-party advertising networks
• External analytics services

We only track basic page views using our own minimal system (content ID and timestamp).

9. Your Privacy Rights

Depending on your location, you may have the following rights:

9.1 General Rights

• Right to Access: Request a copy of the personal information we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete information
• Right to Erasure: Request deletion of your personal information
• Right to Restrict Processing: Request limitation of how we process your data
• Right to Data Portability: Request transfer of your data in a structured format
• Right to Object: Object to our processing of your personal information
• Right to Withdraw Consent: Withdraw consent for data processing (where consent is the legal basis)

9.2 GDPR Rights (European Economic Area)

If you are in the EEA, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to lodge a complaint with your local data protection authority
• Right to not be subject to automated decision-making (we do not use automated decision-making)

9.3 CCPA Rights (California Residents)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect, use, and disclose
• Right to request deletion of your personal information
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

9.4 How to Exercise Your Rights

To exercise any of these rights, please contact us using the methods in Section 14. We will respond to your request within:

• 30 days for general requests
• 1 month for GDPR requests (may be extended to 3 months for complex requests)
• 45 days for CCPA requests (may be extended to 90 days)

We may request additional information to verify your identity before processing your request.

10. Children's Privacy

Our Site is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children.

If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

11. International Data Transfers

Our server is located in the United States. If you are accessing our Site from outside the United States, your information will be transferred to, stored, and processed in the United States.

By using our Site, you consent to the transfer of your information to the United States, which may have different data protection laws than your country.

For EEA users: We rely on your explicit consent for this transfer when you submit forms, and on legitimate interests for technical data collection.

12. Do Not Track Signals

Some browsers support "Do Not Track" (DNT) signals. Our Site does not respond to DNT signals because we do not track users across third-party websites. We only collect minimal data as described in this Privacy Policy.

13. Third-Party Links

This site may contain links to third-party websites, services, or content. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

14. Local Storage Data

This site uses browser localStorage (a client-side storage mechanism) to store information directly on your device, including:

• Site Preferences: Settings, preferences, and configuration options
• Form Data: Any information entered into a form (comment form, contact form, etc.)
• App Data: Data used by the sample web apps provided on this site

Important details about localStorage:

• This data is stored locally on your device only and is not transmitted to our servers
• The data persists even after you close your browser (unless you clear your browser data)
• You can delete this data at any time through your browser settings (Clear browsing data → Cookies and site data)
• This data is not accessible to other websites

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be effective when posted on this page with an updated "Last Updated" date.

Material changes will be communicated by:

• Posting a notice on our homepage
• Updating the "Last Updated" date at the top of this policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

16. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

• Email: Use the contact form at https://devsteve.com/#contact
• Website: https://devsteve.com
• Response Time: We aim to respond to all privacy inquiries within 5 business days

For privacy-related requests (access, deletion, etc.), please include:

• Your name
• Email address used for submission (if applicable)
• Specific request details
• Any relevant dates or submission information