Privacy

Data controller

The data controller responsible for this website is Gagan Malik. For questions about this policy or to exercise your privacy rights, contact getintouch@gaganmalik.io.

Activity

This website is hosted by Vercel, Inc. When you visit, Vercel collects data necessary to run the site and protect its platform, including:

• Information about your browser, network, and device
• Links you clicked to reach this site
• Pages you visit
• Your IP address

Vercel uses this data to operate the website and improve its services. Data is analysed in de-personalised form where possible. Legal basis (UK/EU): Legitimate interest (operating and securing the website). Retention: As described in Vercel's policy. See Vercel's privacy policy.

Cookies

This site uses cookies and similar technologies (small files or text stored on your device when you visit).

Functional and required

These cookies are always used so the site can function. They allow Vercel to serve the website securely. Legal basis (UK/EU): Legitimate interest (essential operation). See cookies Vercel uses.

Analytics and performance

Vercel Analytics and Vercel Speed Insights collect anonymous, aggregated data (page views, Web Vitals, device type, country) without third-party cookies or personal identifiers. Session data is discarded after 24 hours. Legal basis (UK/EU): Legitimate interest (analysing site performance). Retention: 24 hours for session data; aggregated data per Vercel's policy. See Vercel Web Analytics privacy and Speed Insights privacy.

Google Analytics 4 (GA4) may be used when enabled. GA4 uses cookies (e.g. _ga, _gid) for traffic analysis. Legal basis (UK/EU): Consent is required for non-essential cookies in the EU/EEA and UK. If GA4 is enabled without a consent mechanism, visitors in those regions may not have given valid consent. A cookie consent banner is recommended before loading GA4 for EU/EEA/UK visitors. See Google's privacy policy.

Local storage

The site stores your theme preference (light/dark mode) in your browser's localStorage. This is not sent to any server and is used only to remember your display preference. Legal basis (UK/EU): Legitimate interest (improving user experience).

Ask (AI chat)

The "Ask" page at /ask uses an AI assistant powered by OpenAI (via Vercel AI SDK). When you send a message:

• Your message content is sent to OpenAI for processing
• OpenAI may use this data in accordance with its policies
• Responses are streamed back to you in real time

Legal basis (UK/EU): Consent (by using the chat you consent to your messages being processed by OpenAI). Retention: Per OpenAI's policy; we do not store chat messages on our servers. Do not submit sensitive personal information (e.g. passwords, financial details, health data) in the chat. See OpenAI's privacy policy.

Payments

The Pricing page offers plans that redirect to Stripe Checkout for payment. When you complete a purchase:

• Payment and card data are collected and processed by Stripe
• This site does not store or handle your payment details
• Stripe processes data in accordance with its privacy policy

Legal basis (UK/EU): Performance of a contract (or steps prior to entering a contract). Retention: Per Stripe's policy and applicable financial regulations. See Stripe's privacy policy.

Contact

This site does not use a contact form. Contact options are mailto links (email) and links to LinkedIn, X, and YouTube. When you click these links, you leave this site. Those platforms have their own privacy policies. Email sent via mailto is handled by your email client and our inbox; we use it only to respond to your enquiry. Legal basis (UK/EU): Legitimate interest (responding to enquiries) or consent. Retention: We retain correspondence as needed to respond and for a reasonable period thereafter; you may request deletion.

Other

Fonts

This site uses Inter and Geist Mono fonts via Next.js's next/font. Fonts are self-hosted at build time; no request is made to Google when you load a page.

Embedded content

Some pages may link to external content (e.g. YouTube). This site does not embed third-party content (iframes) by default. If embedded content is added later, those providers may collect data when you view or interact with it. Refer to their privacy policies.

ElevenLabs voice agent (optional)

An optional voice agent (ElevenLabs Conversational AI) may appear when enabled. If present, voice interactions are processed by ElevenLabs. See ElevenLabs's privacy policy.

International transfers

Data may be transferred to and processed in countries outside your jurisdiction, including the United States, where our service providers (Vercel, Google, Stripe, OpenAI, ElevenLabs) operate. Transfers from the UK and EU/EEA are made using appropriate safeguards such as adequacy decisions, standard contractual clauses, or other mechanisms as described in each provider's privacy policy.

Children

This site is not directed at children under 16 (or 13 in the US). We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will delete it promptly.

Your rights

Depending on where you live, you may have rights to access, correct, delete, or restrict processing of your personal data. For example:

• UK / EU / EEA: Rights under the UK GDPR and EU General Data Protection Regulation (e.g. access, rectification, erasure, data portability, objection to processing, restriction). You also have the right to lodge a complaint with your local data protection supervisory authority (e.g. the ICO in the UK, or your national authority in the EU/EEA).
• California: Rights under the CCPA/CPRA (e.g. know what data we collect, delete, correct, opt out of sale or sharing). We do not sell or share your personal information for cross-context behavioural advertising.

To exercise your rights or ask questions about this policy, contact getintouch@gaganmalik.io. We will respond within the timeframes required by applicable law. For data held by third parties (Vercel, Google, Stripe, OpenAI, ElevenLabs), you may need to contact them directly or use their privacy tools.

Security and automated decision-making

We take reasonable steps to protect your data, including use of reputable hosting and service providers. We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

Changes

This policy may be updated from time to time. The "Last updated" date at the top will be revised when changes are made. Material changes will be noted; we encourage you to review this page periodically. Your continued use of the site after the effective date of changes indicates your acceptance of the updated policy, except where applicable law requires a different standard (e.g. fresh consent for expanded processing).