Privacy Policy
Last Updated: June 2026
This privacy policy explains how bengodfrey.dev (“we”, “our”, or “the website”) collects, uses, and protects your personal data when you use this website, in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. What Data We Collect
We aim to collect the absolute minimum data required to provide you with basic website functionality. We do not collect or store email addresses. The data we collect includes:
- Account Information: Your chosen username and password credentials when you register an account.
- User Content: Any text, markdown, or links you post within the public comment sections.
- Technical Logs: Your IP address and browser user-agent string, processed temporarily by our web server for security, logging, and abuse-prevention purposes.
2. How We Use Your Data
We process your data strictly under the lawful basis of Contractual Necessity (to provide the account and commenting features you request) and Legitimate Interests (to protect our server infrastructure from spam and malicious attacks).
- Your username and comments are publicly visible on the website to other visitors.
- We do not use your information for marketing or tracking purposes.
3. Cookies and Local Storage
We do not use any third-party tracking, advertising, or analytical cookies.
We use a single, Strictly Necessary functional cookie named auth_token. This cookie securely holds an encrypted JSON Web Token (JWT) locally in your browser so that our server can recognize your authenticated session as you navigate the site. Because this cookie is technically essential to provide the account service you explicitly requested, it does not require a cookie consent banner under UK law.
4. Data Storage and Security
Your data is stored securely within an isolated database on a virtual machine hosted by Google Cloud Platform (GCP). We implement standard server-level security practices, including:
- Forcing encrypted HTTPS connections across the entire site.
- Running backend processes under restricted, non-root system users.
- Running cryptographic password-hashing (Bcrypt) locally before saving passwords to our database.
We do not sell, rent, or share your personal data with any third-party corporate entities, networks, or advertisers.
5. Your Rights Under UK GDPR
As a UK/EU resident, you hold the following rights regarding your data under the UK GDPR:
- The right to access: You can request a copy of the data we hold attached to your username.
- The right to rectification: You can request that we correct inaccurate information.
- The right to erasure (“Right to be Forgotten”): You can request that we permanently delete your username account and your posted comments.
To exercise any of these rights, please contact the site administrator directly by emailing: benjamin.godfrey.dev@gmail.com.