SR
LEGAL

Privacy policy.

What this site collects, why, and what you can do about it. Written in plain English, structured for UK GDPR.

Last updated

1. Who is responsible

This website is operated by Steven Richardson, trading as RichDynamix, based in the United Kingdom. For the purposes of UK GDPR and the Data Protection Act 2018, Steven Richardson is the data controller for personal data collected through this site.

You can reach the controller at [email protected].

2. What data we collect

This is a personal website. There's no account system, no comments, and no checkout. The data collected is limited to:

  • Usage data — pages visited, referrer, approximate location (country/region), device type, browser, and a coarse timestamp. Collected via Google Analytics 4 (loaded through Google Tag Manager).
  • Server logs — IP address, user agent, and request path, recorded by the hosting infrastructure for security, abuse prevention, and debugging.
  • Email — if you choose to contact us, the email address and message you send.

We do not collect special category data (race, religion, health, etc.) and do not knowingly collect data from children.

3. Why we collect it

  • To understand which articles are read and how readers find the site, so we can write more of what's useful.
  • To keep the site available, secure, and performant.
  • To reply when you get in touch.

4. Lawful basis

We rely on the following lawful bases under Article 6 of UK GDPR:

  • Legitimate interests for server logs and aggregated analytics — to run, secure, and improve the site.
  • Consent for any non-essential cookies, where required by the Privacy and Electronic Communications Regulations (PECR).
  • Legitimate interests for responding to emails you send us.

5. Cookies & analytics

The site loads Google Tag Manager, which in turn loads Google Analytics 4. These set first-party cookies (such as _ga) to count unique visitors and measure how content performs. IP addresses passed to Google Analytics are truncated at the network level before storage.

No advertising cookies, retargeting pixels, or social-network trackers are intentionally loaded. You can block analytics by using your browser's privacy settings, an ad/tracker blocker, or the Google Analytics opt-out add-on.

6. Sharing & processors

We don't sell or trade personal data. We do rely on a small number of processors to run the site:

  • Google Ireland Limited — Google Tag Manager & Google Analytics 4.
  • Hosting provider — server infrastructure, edge caching, and DDoS protection.
  • Bunny Fonts — privacy-friendly web font delivery (no tracking cookies).

Each processor handles your data under their own terms and applies appropriate safeguards. We may also disclose data where required by law, court order, or to protect our rights.

7. How long we keep it

  • Analytics data — retained per Google Analytics 4 defaults (currently 14 months) unless adjusted.
  • Server logs — typically retained for 30 to 90 days, then rotated.
  • Email correspondence — kept as long as it's useful for the conversation or any follow-up, then deleted.

8. International transfers

Some of our processors (notably Google) may process data outside the UK and EEA, including in the United States. Where this happens, transfers are protected by appropriate safeguards such as the EU-US Data Privacy Framework, UK International Data Transfer Agreement, or Standard Contractual Clauses.

9. Your rights

Under UK GDPR you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • request erasure ("the right to be forgotten");
  • restrict or object to processing;
  • data portability;
  • withdraw consent at any time where processing is based on consent.

To exercise any of these rights, email [email protected]. We aim to respond within one month.

10. Security

The site is served over HTTPS, with security headers (CSP, HSTS, X-Content-Type-Options, etc.) configured to reduce common attack vectors. No method of internet transmission or storage is 100% secure, but we take reasonable steps to protect the limited data we hold.

11. Children

This site is intended for a general audience of software professionals and is not directed at children under 13. We don't knowingly collect personal data from children. If you believe a child has provided personal data, please contact us so we can delete it.

12. Changes to this policy

We may update this policy from time to time. Material changes will be reflected in the "Last updated" date at the top of the page. Continued use of the site after a change means you accept the updated policy.

13. Contact & complaints

For privacy questions or data requests, email [email protected].

If you're not satisfied with our response, you can lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

Back to the homepage