Privacy Policy
Last updated: July 6, 2026
Welcome to my website
I help businesses design and build better digital experiences. That includes websites, brand visuals, and digital products that make their online presence clearer, more modern, and easier to use.
The goal is simple: create digital work that looks good, feels right, and actually helps the business.
1. Introduction
This Privacy Policy explains how personal data is collected, used, and protected when you visit kevinmutay.com or interact with its services.
This website is operated by an independent creative developer based in Italy. The work behind this site focuses on designing and building digital experiences for businesses, combining design, development, and automation to help brands communicate more clearly, operate more efficiently, and grow through better digital systems.
This document is written to be transparent and practical. It avoids unnecessary legal complexity and aims to clearly explain what data is collected, why it is collected, and how it is handled.
By using this website, you agree to the practices described in this Privacy Policy.
2. Scope of this Policy
This Privacy Policy applies to:
- Visitors browsing kevinmutay.com
- Individuals submitting a contact form
- Individuals booking a call or consultation through Cal.com
- Any communication exchanged through email or integrated third-party services listed in this document
This website is intended for professional and business-related interactions. While the site is publicly accessible, it is not designed to target or knowingly collect data from children.
3. Data Controller
For the purposes of the EU General Data Protection Regulation (GDPR), the data controller is:
Kevin Mutay (Individual professional based in Italy)
Contact for privacy-related matters: 📩 hello@kevinmutay.com
All data processing activities described in this policy are carried out under the responsibility of the data controller above.
4. Information We Collect
We only collect personal data that is necessary to operate the website, respond to inquiries, and manage professional communication.
4.1 Information you provide directly
We collect information when you voluntarily submit it through:
Contact form
When you contact us via the website, we may collect:
- Name
- Email address
- Message content
- Any additional information you choose to include
This data is used solely to respond to your inquiry.
Booking a call (Cal.com)
When you schedule a meeting, we may collect:
- Name
- Email address
- Meeting availability preferences
- Any notes you provide during booking
This data is processed through Cal.com.
4.2 Information collected automatically
When you visit the website, certain technical data may be collected automatically, including:
- IP address
- Browser type and version
- Device type and operating system
- Pages visited and time spent on pages
- Referring website (if applicable)
This information is collected through infrastructure providers such as:
- Vercel (hosting and deployment)
- Cloudflare (security, DNS, and performance optimization)
This data is primarily used for security, performance monitoring, and basic analytics necessary to ensure the website functions correctly.
4.3 Payment-related information
If payments are required for services, transactions are processed through Stripe.
We do not store or directly process full payment card details. All payment data is handled securely by Stripe in accordance with their own privacy and security standards.
4.4 Email communication
Email communications may be processed through Resend, which allows reliable delivery of messages sent through the website.
Only the information necessary to send and receive emails is processed.
5. How We Use Your Information
Personal data is used strictly for the following purposes:
- Responding to inquiries and messages
- Scheduling and managing calls or consultations
- Providing requested services
- Maintaining website security and preventing abuse
- Improving website performance and user experience
- Managing basic operational communication
We do not sell personal data. We do not use personal data for unsolicited marketing campaigns.
6. Legal Basis for Processing (GDPR)
Under the General Data Protection Regulation (GDPR), we process personal data based on the following legal grounds:
- Consent: when you submit a contact form or book a call
- Contractual necessity: when processing is required to deliver services or respond to service requests
- Legitimate interest: for security, fraud prevention, and ensuring the website functions correctly
We ensure that all processing activities are limited to what is strictly necessary for these purposes.
7. Data Minimization Principle
We only collect data that is necessary for:
- Communication
- Service delivery
- Technical operation of the website
We intentionally avoid collecting unnecessary personal data.
8. Data Storage
Data is stored securely through the following systems:
- Hosting infrastructure: Vercel
- Security and caching: Cloudflare
- Communication systems: Resend
- Scheduling system: Cal.com
- Payment processing: Stripe
Each provider implements its own security and compliance measures to protect user data.
9. Data Retention
We retain personal data only for as long as necessary:
- Contact form submissions: retained for communication history and follow-up
- Booking data: retained for scheduling and service management
- Transaction data: retained as required for legal and accounting obligations
After these periods, data is deleted or anonymized where possible.
10. Security
Appropriate technical and organizational measures are in place to protect personal data against:
- Unauthorized access
- Loss or alteration
- Misuse or disclosure
However, no system is completely secure, and absolute security cannot be guaranteed when transmitting data over the internet.
11. International Data Transfers
Some service providers used (such as Stripe, Vercel, or Cloudflare) may process data outside the European Economic Area (EEA).
When this occurs, appropriate safeguards are applied, including:
- Standard contractual clauses approved by the European Commission
- Security and compliance frameworks provided by the respective vendors
12. Your Rights (GDPR)
If you are located in the European Union, you have the following rights:
- Right to access your personal data
- Right to rectify inaccurate data
- Right to request deletion of your data
- Right to restrict processing
- Right to data portability
- Right to object to processing in certain cases
Requests can be made at: 📩 hello@kevinmutay.com
13. Third-Party Services
We rely on third-party providers to operate the website efficiently. These include:
- Vercel (hosting)
- Cloudflare (security and infrastructure)
- Stripe (payments)
- Cal.com (scheduling)
- Resend (email delivery)
Each provider has its own privacy policy governing how data is processed.
14. Children’s Privacy
This website is not directed toward children under 16. We do not knowingly collect personal data from children.
If we become aware that such data has been collected, it will be deleted promptly.
15. Changes to this Privacy Policy
This Privacy Policy may be updated periodically to reflect:
- Legal changes
- Technical updates
- Changes in services or infrastructure
The updated version will always be published on this page with a revised “Last updated” date.
16. Contact
For any questions regarding this Privacy Policy or your personal data:
📩 hello@kevinmutay.com Website: kevinmutay.com
17. Cookies and Tracking Technologies
This website uses only strictly necessary cookies.
These cookies are essential for the website to function properly and cannot be disabled in our systems. They are typically set in response to actions made by you, such as:
- Navigating between pages
- Ensuring security and load balancing
- Maintaining session stability
- Protecting against malicious activity
We do not use:
- Advertising cookies
- Behavioral tracking cookies
- Retargeting technologies
- Third-party marketing pixels
No user profiling or cross-site tracking is performed.
Infrastructure providers such as Cloudflare and Vercel may set minimal technical cookies required for security, performance optimization, and traffic management.
18. Third-Party Services and Data Processing
To operate efficiently and provide services, we rely on trusted third-party providers. These providers may process personal data on our behalf under their own privacy policies and contractual obligations.
18.1 Infrastructure and hosting
- Vercel Used for hosting, deployment, and website delivery.
- Cloudflare Used for DNS management, security, DDoS protection, and performance optimization.
18.2 Communication
- Resend Used to send and receive emails from contact forms and system notifications.
18.3 Scheduling
- Cal.com Used for booking and managing consultations.
18.4 Payments
- Stripe Used for secure payment processing. We do not store full payment details.
Each third-party provider may process data outside the European Economic Area. In such cases, appropriate safeguards such as Standard Contractual Clauses are applied.
19. International Data Transfers
Your personal data may be transferred and processed in countries outside your country of residence, including countries outside the European Economic Area (EEA).
When this occurs, we ensure that:
- Data is transferred only to organizations that provide adequate protection
- Standard contractual clauses approved by the European Commission are in place where required
- Providers implement appropriate technical and organizational safeguards
We rely on globally distributed infrastructure providers, which may involve international processing by default.
20. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy.
Retention periods vary depending on the type of data:
- Contact form submissions: retained for communication continuity and business follow-up
- Booking data (Cal.com): retained as long as necessary for scheduling and client relationship management
- Email communications: retained for operational and historical reference
- Payment records (Stripe): retained as required for legal, accounting, and tax obligations
When data is no longer needed, it is securely deleted or anonymized.
21. Data Security
We implement appropriate technical and organizational measures to protect personal data, including:
- Encryption in transit (HTTPS/TLS)
- Secure infrastructure provided by trusted vendors
- Access control restrictions
- Monitoring for unauthorized access or abuse
- Regular updates of dependencies and systems
However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
22. Your Rights Under GDPR
If you are located in the European Union or the European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):
22.1 Right of access
You may request a copy of the personal data we hold about you.
22.2 Right to rectification
You may request correction of inaccurate or incomplete data.
22.3 Right to erasure
You may request deletion of your personal data, subject to legal obligations.
22.4 Right to restriction
You may request that we restrict processing of your data under certain conditions.
22.5 Right to data portability
You may request that your data be provided in a structured, commonly used format.
22.6 Right to object
You may object to processing based on legitimate interests.
To exercise any of these rights, contact: 📩 hello@kevinmutay.com
We may need to verify your identity before processing your request.
23. California Privacy Rights (CCPA/CPRA Notice)
If you are a resident of California, you may have additional rights under applicable U.S. privacy laws, including the California Consumer Privacy Act (CCPA), as amended by the CPRA.
These rights may include:
- The right to know what personal information is collected
- The right to request deletion of personal information
- The right to opt out of certain data sharing practices
- The right to non-discrimination for exercising your privacy rights
We do not sell personal data.
We do not share personal data for cross-context behavioral advertising.
Requests related to California privacy rights can be submitted to: 📩 hello@kevinmutay.com
24. Business-to-Business Context
This website primarily serves professional and business-related interactions.
In most cases, communications are initiated in a B2B context, meaning:
- Data is collected in relation to professional inquiries
- Processing is limited to business communication and service delivery
- No consumer marketing practices are used
25. No Automated Decision-Making
We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects.
26. External Links
This website may contain links to third-party websites.
We are not responsible for the privacy practices or content of external websites. We encourage you to review their privacy policies before providing any personal data.
27. Changes to This Policy
We may update this Privacy Policy from time to time to reflect:
- Legal or regulatory changes
- Technical updates
- Changes in service providers
- Operational improvements
When updates are made, the “Last updated” date at the top of the document will be revised accordingly.
Continued use of the website after changes implies acceptance of the updated policy.
28. Contact Information
If you have any questions about this Privacy Policy, or if you wish to exercise your data protection rights, you can contact:
📩 hello@kevinmutay.com 🌐 kevinmutay.com