← Back to home

Privacy Policy

Last updated: July 6, 2026

Welcome to my website

I help businesses design and build better digital experiences. That includes websites, brand visuals, and digital products that make their online presence clearer, more modern, and easier to use.

The goal is simple: create digital work that looks good, feels right, and actually helps the business.

1. Introduction

This Privacy Policy explains how personal data is collected, used, and protected when you visit kevinmutay.com or interact with its services.

This website is operated by an independent creative developer based in Italy. The work behind this site focuses on designing and building digital experiences for businesses, combining design, development, and automation to help brands communicate more clearly, operate more efficiently, and grow through better digital systems.

This document is written to be transparent and practical. It avoids unnecessary legal complexity and aims to clearly explain what data is collected, why it is collected, and how it is handled.

By using this website, you agree to the practices described in this Privacy Policy.

2. Scope of this Policy

This Privacy Policy applies to:

  • Visitors browsing kevinmutay.com
  • Individuals submitting a contact form
  • Individuals booking a call or consultation through Cal.com
  • Any communication exchanged through email or integrated third-party services listed in this document

This website is intended for professional and business-related interactions. While the site is publicly accessible, it is not designed to target or knowingly collect data from children.

3. Data Controller

For the purposes of the EU General Data Protection Regulation (GDPR), the data controller is:

Kevin Mutay (Individual professional based in Italy)

Contact for privacy-related matters: 📩 hello@kevinmutay.com

All data processing activities described in this policy are carried out under the responsibility of the data controller above.

4. Information We Collect

We only collect personal data that is necessary to operate the website, respond to inquiries, and manage professional communication.

4.1 Information you provide directly

We collect information when you voluntarily submit it through:

Contact form

When you contact us via the website, we may collect:

  • Name
  • Email address
  • Message content
  • Any additional information you choose to include

This data is used solely to respond to your inquiry.

Booking a call (Cal.com)

When you schedule a meeting, we may collect:

  • Name
  • Email address
  • Meeting availability preferences
  • Any notes you provide during booking

This data is processed through Cal.com.

4.2 Information collected automatically

When you visit the website, certain technical data may be collected automatically, including:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Pages visited and time spent on pages
  • Referring website (if applicable)

This information is collected through infrastructure providers such as:

  • Vercel (hosting and deployment)
  • Cloudflare (security, DNS, and performance optimization)

This data is primarily used for security, performance monitoring, and basic analytics necessary to ensure the website functions correctly.

4.3 Payment-related information

If payments are required for services, transactions are processed through Stripe.

We do not store or directly process full payment card details. All payment data is handled securely by Stripe in accordance with their own privacy and security standards.

4.4 Email communication

Email communications may be processed through Resend, which allows reliable delivery of messages sent through the website.

Only the information necessary to send and receive emails is processed.

5. How We Use Your Information

Personal data is used strictly for the following purposes:

  • Responding to inquiries and messages
  • Scheduling and managing calls or consultations
  • Providing requested services
  • Maintaining website security and preventing abuse
  • Improving website performance and user experience
  • Managing basic operational communication

We do not sell personal data. We do not use personal data for unsolicited marketing campaigns.

6. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process personal data based on the following legal grounds:

  • Consent: when you submit a contact form or book a call
  • Contractual necessity: when processing is required to deliver services or respond to service requests
  • Legitimate interest: for security, fraud prevention, and ensuring the website functions correctly

We ensure that all processing activities are limited to what is strictly necessary for these purposes.

7. Data Minimization Principle

We only collect data that is necessary for:

  • Communication
  • Service delivery
  • Technical operation of the website

We intentionally avoid collecting unnecessary personal data.

8. Data Storage

Data is stored securely through the following systems:

  • Hosting infrastructure: Vercel
  • Security and caching: Cloudflare
  • Communication systems: Resend
  • Scheduling system: Cal.com
  • Payment processing: Stripe

Each provider implements its own security and compliance measures to protect user data.

9. Data Retention

We retain personal data only for as long as necessary:

  • Contact form submissions: retained for communication history and follow-up
  • Booking data: retained for scheduling and service management
  • Transaction data: retained as required for legal and accounting obligations

After these periods, data is deleted or anonymized where possible.

10. Security

Appropriate technical and organizational measures are in place to protect personal data against:

  • Unauthorized access
  • Loss or alteration
  • Misuse or disclosure

However, no system is completely secure, and absolute security cannot be guaranteed when transmitting data over the internet.

11. International Data Transfers

Some service providers used (such as Stripe, Vercel, or Cloudflare) may process data outside the European Economic Area (EEA).

When this occurs, appropriate safeguards are applied, including:

  • Standard contractual clauses approved by the European Commission
  • Security and compliance frameworks provided by the respective vendors

12. Your Rights (GDPR)

If you are located in the European Union, you have the following rights:

  • Right to access your personal data
  • Right to rectify inaccurate data
  • Right to request deletion of your data
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing in certain cases

Requests can be made at: 📩 hello@kevinmutay.com

13. Third-Party Services

We rely on third-party providers to operate the website efficiently. These include:

  • Vercel (hosting)
  • Cloudflare (security and infrastructure)
  • Stripe (payments)
  • Cal.com (scheduling)
  • Resend (email delivery)

Each provider has its own privacy policy governing how data is processed.

14. Children’s Privacy

This website is not directed toward children under 16. We do not knowingly collect personal data from children.

If we become aware that such data has been collected, it will be deleted promptly.

15. Changes to this Privacy Policy

This Privacy Policy may be updated periodically to reflect:

  • Legal changes
  • Technical updates
  • Changes in services or infrastructure

The updated version will always be published on this page with a revised “Last updated” date.

16. Contact

For any questions regarding this Privacy Policy or your personal data:

📩 hello@kevinmutay.com Website: kevinmutay.com

17. Cookies and Tracking Technologies

This website uses only strictly necessary cookies.

These cookies are essential for the website to function properly and cannot be disabled in our systems. They are typically set in response to actions made by you, such as:

  • Navigating between pages
  • Ensuring security and load balancing
  • Maintaining session stability
  • Protecting against malicious activity

We do not use:

  • Advertising cookies
  • Behavioral tracking cookies
  • Retargeting technologies
  • Third-party marketing pixels

No user profiling or cross-site tracking is performed.

Infrastructure providers such as Cloudflare and Vercel may set minimal technical cookies required for security, performance optimization, and traffic management.

18. Third-Party Services and Data Processing

To operate efficiently and provide services, we rely on trusted third-party providers. These providers may process personal data on our behalf under their own privacy policies and contractual obligations.

18.1 Infrastructure and hosting

  • Vercel Used for hosting, deployment, and website delivery.
  • Cloudflare Used for DNS management, security, DDoS protection, and performance optimization.

18.2 Communication

  • Resend Used to send and receive emails from contact forms and system notifications.

18.3 Scheduling

  • Cal.com Used for booking and managing consultations.

18.4 Payments

  • Stripe Used for secure payment processing. We do not store full payment details.

Each third-party provider may process data outside the European Economic Area. In such cases, appropriate safeguards such as Standard Contractual Clauses are applied.

19. International Data Transfers

Your personal data may be transferred and processed in countries outside your country of residence, including countries outside the European Economic Area (EEA).

When this occurs, we ensure that:

  • Data is transferred only to organizations that provide adequate protection
  • Standard contractual clauses approved by the European Commission are in place where required
  • Providers implement appropriate technical and organizational safeguards

We rely on globally distributed infrastructure providers, which may involve international processing by default.

20. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy.

Retention periods vary depending on the type of data:

  • Contact form submissions: retained for communication continuity and business follow-up
  • Booking data (Cal.com): retained as long as necessary for scheduling and client relationship management
  • Email communications: retained for operational and historical reference
  • Payment records (Stripe): retained as required for legal, accounting, and tax obligations

When data is no longer needed, it is securely deleted or anonymized.

21. Data Security

We implement appropriate technical and organizational measures to protect personal data, including:

  • Encryption in transit (HTTPS/TLS)
  • Secure infrastructure provided by trusted vendors
  • Access control restrictions
  • Monitoring for unauthorized access or abuse
  • Regular updates of dependencies and systems

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

22. Your Rights Under GDPR

If you are located in the European Union or the European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

22.1 Right of access

You may request a copy of the personal data we hold about you.

22.2 Right to rectification

You may request correction of inaccurate or incomplete data.

22.3 Right to erasure

You may request deletion of your personal data, subject to legal obligations.

22.4 Right to restriction

You may request that we restrict processing of your data under certain conditions.

22.5 Right to data portability

You may request that your data be provided in a structured, commonly used format.

22.6 Right to object

You may object to processing based on legitimate interests.

To exercise any of these rights, contact: 📩 hello@kevinmutay.com

We may need to verify your identity before processing your request.

23. California Privacy Rights (CCPA/CPRA Notice)

If you are a resident of California, you may have additional rights under applicable U.S. privacy laws, including the California Consumer Privacy Act (CCPA), as amended by the CPRA.

These rights may include:

  • The right to know what personal information is collected
  • The right to request deletion of personal information
  • The right to opt out of certain data sharing practices
  • The right to non-discrimination for exercising your privacy rights

We do not sell personal data.

We do not share personal data for cross-context behavioral advertising.

Requests related to California privacy rights can be submitted to: 📩 hello@kevinmutay.com

24. Business-to-Business Context

This website primarily serves professional and business-related interactions.

In most cases, communications are initiated in a B2B context, meaning:

  • Data is collected in relation to professional inquiries
  • Processing is limited to business communication and service delivery
  • No consumer marketing practices are used

25. No Automated Decision-Making

We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects.

26. External Links

This website may contain links to third-party websites.

We are not responsible for the privacy practices or content of external websites. We encourage you to review their privacy policies before providing any personal data.

27. Changes to This Policy

We may update this Privacy Policy from time to time to reflect:

  • Legal or regulatory changes
  • Technical updates
  • Changes in service providers
  • Operational improvements

When updates are made, the “Last updated” date at the top of the document will be revised accordingly.

Continued use of the website after changes implies acceptance of the updated policy.

28. Contact Information

If you have any questions about this Privacy Policy, or if you wish to exercise your data protection rights, you can contact:

📩 hello@kevinmutay.com 🌐 kevinmutay.com