Privacy Policy
Last updated: March 2026
1. Object
This website (svechnikovs.com) is operated by Dennis Svechnikovs, an EU-based independent UX & Product Design Consultant.
2. Data I Collect
A. Data you provide (contact form)
When you submit the contact form on this website, I collect:
- Full name (required)
- Email address (required)
- Phone number (optional)
- Company website URL (optional)
- Approximate project budget (optional)
- Project description / message (required)
B. Data collected automatically
The following data is collected automatically through the technical infrastructure and analytics tools deployed on this website:
- Browser type, operating system, device type (Google Analytics 4, Microsoft Clarity)
- Pages visited, session duration, scroll depth, click behaviour (Google Analytics 4, Microsoft Clarity)
- Referrer URL and UTM campaign parameters (Google Analytics 4)
- Session recordings and heatmap data (Microsoft Clarity)
All analytics data is pseudonymised and does not directly identify you. IP addresses are not stored by Google Analytics 4 (IP anonymisation is enabled).
C. Data processed via form submission (Resend API)
Contact form submissions are delivered using Resend (resend.com), a transactional email API provider. When you submit the form, the data you enter is transmitted to Resend's infrastructure to facilitate delivery to our email address. Resend acts as a data processor under our instructions. Data is transmitted over TLS and is not used by Resend for any purpose other than message delivery.
3. How I Use Your Data
- Responding to your enquiry and assessing project fit
- Scheduling and conducting an introductory consultation
- Communicating about a potential or active engagement
- Understanding how visitors use the website to improve content and UX (aggregated analytics only)
I do not use your data for unsolicited marketing, do not enrol you in mailing lists without explicit consent, and do not sell or rent your data.
4. Legal Basis for Processing (GDPR)
- Legitimate interest (Art. 6(1)(f)) — responding to a business enquiry you initiated; website security via Cloudflare
- Contractual necessity (Art. 6(1)(b)) — where processing is required to enter into or perform a contract
- Consent (Art. 6(1)(a)) — analytics cookies (Google Analytics 4, Microsoft Clarity) are activated only after you grant consent via the cookie consent banner
5. Third-Party Processors
| Processor | Country | Role | Safeguard |
|---|---|---|---|
| Cloudflare, Inc. | USA | CDN, DDoS protection | EU-US DPF certified |
| Google LLC | USA | Google Tag Manager & GA4 | EU-US DPF certified |
| Microsoft Corporation | USA | Microsoft Clarity | EU-US DPF certified |
| Resend, Inc. | USA | Contact form email delivery | Standard Contractual Clauses |
6. Data Retention
| Data | Retention Period |
|---|---|
| Contact form submissions | Duration of engagement; deleted within 12 months if no project results |
| Google Analytics 4 | 14 months |
| Microsoft Clarity session recordings | Up to 30 days (aggregated heatmaps retained longer in anonymised form) |
| Cloudflare logs | ~30 days |
| Resend email logs | Per Resend's retention policy |
7. Your Rights (GDPR)
Contact form submissions are received by email and are not stored in any database or CRM. If you'd like your message deleted or have any data-related request, simply contact and it will be handled promptly. For analytics data collected via Google Analytics 4 or Microsoft Clarity, you can withdraw consent at any time via the cookie settings link in the footer. You also have the right to lodge a complaint with your national data protection authority.
8. Security
The website is served over HTTPS/TLS. Form submissions are encrypted in transit. Cloudflare provides additional infrastructure-level security. I apply reasonable technical and organisational measures to protect personal data.
9. Changes to This Policy
This policy may be updated when the technical setup of the website changes. The version number and date at the top reflect the most recent revision.