This site is operated from Italy and complies with the EU General Data Protection Regulation (GDPR). For questions, contact hello@francescobarbato.dev.
Overview
This Privacy Policy explains how Francesco Barbato ("I", "me", "my") collects, uses and protects any information you provide when you visit francescobarbato.dev (the "Site"). I take your privacy seriously. This policy is written to be readable — not to obscure anything in legal language.
Last updated: March 2025. This policy applies to all visitors, regardless of location.
What data I collect
I collect only what is strictly necessary to operate the Site and respond to enquiries.
Contact form submissions: When you fill in the contact or hire-me form, I collect your name, email address, the project type and budget range you select, and the message you write. If you tick the NDA checkbox, that preference is also stored.
Analytics: The Site may use privacy-respecting, cookie-free analytics (e.g. Plausible or Fathom) to understand aggregate traffic — pages visited, referral sources, approximate country. No personally identifiable data is stored in analytics.
Server logs: My hosting provider automatically records basic access logs (IP address, browser type, pages requested, timestamps). These are retained for up to 30 days and used solely for security and debugging.
Chatbot interactions: If you use the AI assistant embedded on the Site, your messages are sent to Anthropic's API to generate responses. Anthropic may process and store these messages in accordance with their own privacy policy. I do not store chatbot conversation history on my servers.
No cookies: I do not set tracking or advertising cookies. The Site may use a single session cookie strictly necessary for form functionality, which expires when you close your browser.
How I use your data
Contact form data is used exclusively to respond to your enquiry. I will not add you to any mailing list, share your details with third parties, or use your data for any purpose other than replying to you.
Analytics data is used to understand which content is most useful and how to improve the Site. It is never shared or sold.
Server logs are used to diagnose technical issues and detect security threats such as brute-force attacks. They are not used for profiling.
I do not sell, rent, lease or otherwise transfer your personal data to any third party for commercial purposes. Full stop.
Legal basis (GDPR)
If you are located in the European Economic Area, the United Kingdom or Switzerland, I process your personal data under the following legal bases as defined by the GDPR:
Legitimate interests (Article 6(1)(f)): Server logs and aggregate analytics are processed on the basis of my legitimate interest in maintaining and improving the security and performance of the Site.
Contract performance (Article 6(1)(b)): When you contact me about a project, processing your contact details is necessary to take steps at your request prior to entering a contract.
Consent (Article 6(1)(a)): Where I rely on consent — for example if optional analytics are introduced — I will ask for it explicitly and you may withdraw it at any time.
Data retention
Contact form submissions are retained in my email inbox and deleted within 24 months of the last communication, or sooner if you request deletion.
Server logs are retained for a maximum of 30 days.
Analytics data is aggregate and contains no personal identifiers; it is retained indefinitely as statistical data.
Chatbot messages are processed in real time via Anthropic's API. I do not retain them beyond the current session. Anthropic's own retention policies apply to messages processed by their infrastructure.
Third-party services
The Site relies on a small number of third-party services. Each processes data in accordance with its own privacy policy.
Vercel (hosting): The Site is hosted on Vercel's infrastructure. Vercel processes server logs as part of normal operations. Privacy policy: vercel.com/legal/privacy-policy.
Anthropic (AI chatbot): Messages sent to the AI assistant are processed via Anthropic's Claude API. Privacy policy: anthropic.com/privacy.
Google Fonts / Fontshare: Typography is loaded from these CDNs. Your browser may send a request to their servers when loading fonts, which may include your IP address.
I do not use Google Analytics, Facebook Pixel, or any advertising SDK on this Site.
Your rights
Under the GDPR and equivalent legislation, you have the following rights regarding your personal data:
Right of access: You may request a copy of any personal data I hold about you.
Right to rectification: You may ask me to correct inaccurate or incomplete data.
Right to erasure: You may ask me to delete your personal data. I will comply unless I am legally required to retain it.
Right to restriction: You may ask me to restrict processing of your data while a dispute is resolved.
Right to data portability: You may request your data in a commonly used, machine-readable format.
Right to object: You may object to processing based on legitimate interests.
Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, email me at hello@francescobarbato.dev. I will respond within 30 days. If you are unsatisfied with my response, you have the right to lodge a complaint with your national data protection authority (in Italy: Garante per la protezione dei dati personali, gpdp.it).
Security
As a cybersecurity professional, I take data security seriously. The Site is served exclusively over HTTPS with HSTS. Contact form submissions are transmitted via encrypted connections. I do not store payment data of any kind on this Site.
Despite these measures, no method of transmission over the internet is 100% secure. If you have sensitive information to share, I recommend reaching out to discuss a secure channel (e.g. encrypted email with PGP) before sending it.
Children's privacy
This Site is not directed at children under the age of 16 and I do not knowingly collect personal data from minors. If you believe a child has submitted personal data to me, please contact me immediately and I will delete it promptly.
Changes to this policy
I may update this policy from time to time. When I do, I will update the "Last updated" date at the top of this page. For significant changes, I may also add a notice on the homepage. Continued use of the Site after changes constitutes acceptance of the updated policy.
The canonical version of this policy is always available at francescobarbato.dev/privacy.
Contact
For any privacy-related questions, requests or concerns, please contact me directly:
Francesco Barbato hello@francescobarbato.dev Rome, Italy
I aim to respond to all privacy-related enquiries within 5 business days.