Privacy Policy — MySite (my-personal.site)

Effective date: August 11, 2025

Last updated: August 11, 2025

1) Who we are (Data Controller)

MySite ("we", "us", "our") operates my-personal.site and related services that turn a résumé or LinkedIn profile into a personal website.

Controller: MySite

Email: admin@my-personal.site

We process personal data in line with the EU GDPR, UK GDPR, and provide the notices and choices required by applicable U.S. privacy laws (e.g., California CCPA/CPRA) where they apply.

2) What we collect (by context)

A. Wait-list (current phase)

  • Contact details: email (and optional name/LinkedIn URL if provided).
  • Referral info: UTM parameters captured in a cookieless way.
  • Communications: messages you send us (support, feedback, social DMs).

B. Early beta / previews (only if you opt in)

  • Content you upload: résumé/CV, portfolio items, links, avatar.
  • Account basics: display name; settings (theme, color, font); site text you edit.
  • Operational logs: publish events and error logs (non-sensitive).

C. Website visits

  • Cookieless analytics: page views, approximate region, device type, referrer/UTM, time on page. We use privacy-friendly analytics that do not set tracking cookies or build cross-site profiles.
  • Server logs: IP address and user-agent captured transiently for security/abuse prevention.

We do not intentionally collect special-category data (e.g., health, financial information). Please don't upload it.

3) Why we use your data (lawful bases)

PurposeExamplesLegal basis
Provide the service (wait-list/beta)Manage wait-list, invite to beta, generate site from résumé/LinkedInContract / pre-contract (GDPR Art. 6(1)(b))
Service operations & securityPrevent abuse, fix bugs, secure the serviceLegitimate interests (GDPR Art. 6(1)(f))
Product updates & tipsEmails about access, features, onboarding (only if you opted in)Consent (GDPR Art. 6(1)(a))
ComplianceRespond to lawful requests, recordkeepingLegal obligation (GDPR Art. 6(1)(c))

You can withdraw consent at any time (e.g., via unsubscribe).

4) How we use your data

  • Run the wait-list and notify you about access.
  • If in beta, generate draft copy/sections from your résumé/LinkedIn; let you edit visually.
  • Operate, protect, and improve our site; prevent fraud/abuse.
  • Communicate essential service notices; send optional product updates if you opted in.

We do not sell personal data.

5) Sharing & processors

We use vetted data processors under DPAs and only share what's necessary to operate the service (e.g., hosting/CDN, email/wait-list, cookieless analytics, cloud storage).

Request an up-to-date list: admin@my-personal.site.

6) International transfers

If data is processed outside the EEA/UK, we use appropriate safeguards, including EU Standard Contractual Clauses (and the UK IDTA Addendum where required).

7) Retention

  • Wait-list contact data: until you unsubscribe or 24 months of inactivity.
  • Beta content (résumé/portfolio): until you delete it or 12 months after beta inactivity.
  • Support emails: typically 24 months for security/audit.

Minimal records may be retained to meet legal obligations.

8) Security

Encryption in transit (HTTPS), least-privilege access, logging/monitoring, periodic reviews. No security is perfect; we act promptly to address issues.

9) Your rights (EU/UK)

You can access, rectify, erase, restrict, port, or object to processing, and withdraw consent anytime.

To exercise rights: admin@my-personal.site.

You may complain to your local supervisory authority (e.g., ICO in the UK or your EU DPA).

10) U.S. privacy notice (e.g., California CCPA/CPRA)

For residents of applicable U.S. states:

  • Right to know/access the categories and specific pieces of personal information we collect.
  • Right to delete personal information (subject to exceptions).
  • Right to correct inaccurate information.
  • Right to opt out of "sale" or "sharing" of personal information (we do not sell or share personal information as defined by CPRA).
  • Right to non-discrimination for exercising your rights.

Submit requests: admin@my-personal.site (we'll verify your request and identity).

Authorized agents may act on your behalf where permitted by law.

11) Cookies & similar technologies

  • We do not use tracking cookies.
  • We use cookieless analytics (no personal tracking, no cross-site profiling).
  • If we ever introduce optional analytics/marketing cookies, we'll show a consent banner (EU/UK opt-in) and update this policy.

See /cookies for details.

12) Children

Our services target professionals and are not intended for children under 16. If you believe a child provided data, contact us for deletion.

13) Third-party links & social

Links to third-party sites (e.g., LinkedIn) have their own privacy practices. Review their policies before providing data there.

14) Automated decision-making

We do not use automated decision-making that produces legal or similarly significant effects. Our AI generates draft website content for you to review and edit.

15) Changes to this policy

We may update this policy. The Effective date shows the latest version. For material changes, we'll provide a clear on-site notice and, where appropriate, email you.

16) Contact

Questions or requests: admin@my-personal.site