Privacy Policy

I, Owughikem Nkemakolam (DevSammy), am committed to protecting your privacy. This Privacy Policy explains how I collect, use, and safeguard information when you visit devsammy.com ("the Website").

I follow a minimal data philosophy — I only collect information that is necessary to provide and improve the Website. I do not sell, trade, or rent your personal data to third parties.

By using this Website, you consent to the practices described in this policy. If you do not agree, please discontinue use of the Website.

Authentication Data: If you sign in via Google to leave comments, I receive your display name, email address, and profile picture from Google OAuth. I do not store your password.

Comments: When you post a comment on blog articles, I store your display name, profile picture, comment content, and timestamp.

Contact Form Submissions: When you submit the contact form, I store your name, email address, and message to respond to your enquiry.

Automatic Data: I automatically collect anonymised data such as browser type, device information, and page view timestamps for analytics purposes. IP addresses may be logged temporarily for rate limiting and security.

No Sensitive Data: I do not collect passwords, payment information, precise location data, or any special category data.

Comment System: Your authentication data is used to display your identity alongside comments you post. Your user ID enables you to manage (like or reply to) your own comments.

Contact Enquiries: Your name and email from contact submissions are used solely to respond to your message. I may send a follow-up if relevant to your enquiry.

Analytics & Improvement: Anonymised, aggregated analytics data is used to understand which content performs well and to improve the Website experience. No individual user profiles are created.

Security: Rate limiting and IP logging are used to prevent abuse, spam, and malicious activity.

Page View Tracking: I use a custom, privacy-friendly analytics system to track page views. Data is fully aggregated and contains no personal identifiers.

Privacy-First Approach: I do not employ any behavioural tracking tools. There are no third-party analytics scripts, pixel trackers, or user profiling mechanisms on this Website.

Cookies: The Website uses cookies for authentication (session management), theme preferences, and basic analytics. No third-party advertising cookies are used.

Opt-Out: You can block analytics cookies using your browser's privacy settings or any ad-blocking extension without affecting core Website functionality.

Google OAuth: Used for authentication. Only your basic profile information (name, email, avatar) is shared with the Website.

MongoDB Atlas: Database provider. Data is stored in encrypted databases with role-based access controls.

Vercel: Hosting provider. Standard HTTP request data (IP, user agent) is logged for security and performance purposes.

EmailJS: Used to deliver contact form notifications. Your name, email, and message content are transmitted securely.

Each third-party service has its own privacy policy governing their handling of your data.

Data Access: You may request a copy of any personal data I hold about you. Requests will be fulfilled within 30 days.

Data Deletion: You may request deletion of your data by contacting me via the contact page. I will process deletion requests within 30 days.

Data Correction: If any information I hold about you is inaccurate, you may request correction via the contact page.

Comment Deletion: Comments can be managed directly on the Website. For further assistance, contact me.

Encryption: All data is transmitted over HTTPS/TLS. Database storage is encrypted at rest.

Access Control: Administrative access is restricted to authorised personnel only, with role-based permissions enforced at the API level.

OAuth Security: Passwords are never shared with or stored by the Website. Authentication tokens are managed securely via NextAuth.

While I take reasonable measures to protect your data, no method of transmission or storage is 100% secure. In the event of a data breach, affected users will be notified promptly.

Age Requirement: This Website is not directed at individuals under the age of 13. If you are under 13, please do not submit any personal data.

GDPR (EEA Users): If you are located in the European Economic Area, you have additional rights including the right to access, rectification, erasure, and data portability under GDPR.

Data Retention: Comments are retained indefinitely unless you request deletion. Contact submissions are retained for business correspondence purposes. Analytics data is retained for up to 12 months.