Privacy Policy

Last updated: February 5, 2026

1. Introduction

Vortex of a Digital Kind ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website.

We comply with the General Data Protection Regulation (GDPR), UK GDPR, the California Consumer Privacy Act (CCPA), and the Personal Information Protection and Electronic Documents Act (PIPEDA).

2. Information We Collect

Information you provide:

  • Newsletter subscription: Email address (encrypted at rest using Sodium encryption)
  • Contact form: Name, email address, and message content
  • Consent records: Your consent choices and the version of consent text presented

Information collected automatically:

  • IP address: Encrypted at rest, used for rate limiting and fraud prevention
  • User agent: Encrypted at rest, used for consent audit trail
  • Cookies: A single session cookie (PHPSESSID) for CSRF protection — strictly necessary, no consent required

3. Legal Basis for Processing (GDPR/UK GDPR)

  • Consent: Newsletter subscriptions require explicit consent via double opt-in
  • Legitimate interest: Contact form submissions for responding to enquiries
  • Legal obligation: Maintaining consent audit logs as required by regulation

4. How We Use Your Information

  • To send newsletter updates (only with your confirmed consent)
  • To respond to your contact form messages
  • To maintain a verifiable record of consent for regulatory compliance
  • To protect against abuse (rate limiting, bot detection)

5. Data Protection

All personal data is encrypted at rest using Sodium (XSalsa20-Poly1305) authenticated encryption. Email addresses are additionally hashed using SHA-256 for deduplication without requiring decryption.

We use HTTPS with HSTS preloading, strict Content Security Policy headers, and follow OWASP Top 10 security practices.

6. Data Sharing

We do not sell, rent, or trade your personal information to any third party.

We do not use third-party analytics, advertising networks, or tracking services. We do not share data with data brokers.

7. Data Retention

  • Subscriber data: Retained while your subscription is active, or for 365 days after unsubscription
  • Consent logs: Retained for 2190 days (6 years) for regulatory compliance
  • Contact messages: Retained for 730 days

8. Your Rights

Under GDPR / UK GDPR:

  • Right to access: Request a copy of your personal data
  • Right to rectification: Request correction of inaccurate data
  • Right to erasure: Request deletion of your data ("right to be forgotten")
  • Right to restrict processing: Request limitation of data processing
  • Right to data portability: Receive your data in a machine-readable format
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw consent at any time via the unsubscribe link

Under CCPA (California residents):

  • Right to know: What personal information is collected and how it's used
  • Right to delete: Request deletion of personal information
  • Right to opt-out: Opt out of the sale of personal information (we do not sell data)
  • Right to non-discrimination: We will not discriminate against you for exercising these rights

To exercise your CCPA rights, please contact us.

Under PIPEDA (Canadian residents):

  • Right to access: Access your personal information held by us
  • Right to challenge compliance: Challenge our compliance with PIPEDA
  • Consent: Your consent is obtained before collection, and you may withdraw at any time

9. How to Exercise Your Rights

  • Unsubscribe: Use the unsubscribe link in any email we send
  • Data erasure: Check the "delete my data" option on the unsubscribe page
  • Other requests: Contact us

10. Third-Party Services

All assets — including fonts and JavaScript libraries — are self-hosted. No third-party requests are made when you visit this website. We do not use any third-party analytics, advertising, or tracking services.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to subscribers via email. The "last updated" date at the top of this page indicates when the policy was last revised.

12. Contact

If you have questions about this Privacy Policy or your personal data, please contact us.