Privacy Policy

Effective Date: October 2025

1) Scope

This policy describes how aleksaitcyber processes information on this website and in related infrastructure monitoring tools used for operational notifications and support.

2) Categories of Data

• Basic site telemetry (aggregated, non-profiling) such as page loads and error diagnostics.
• Communications you send to contact@aleksaitcyber.com.
• Operational metadata from systems we operate (e.g., timestamps, hostnames, status codes) strictly for internal reliability and security.

3) Purposes & Legal Bases

• Operate and secure services (availability, incident response, abuse prevention) — legitimate interests.
• Respond to inquiries you initiate — performance of a contract or pre-contractual steps.
• Compliance with legal obligations (e.g., security logging, fraud prevention) — legal obligation.

4) Email Practices

We use verified transactional email providers (currently Mailgun, previously AWS SES) for low-volume administrative notifications (e.g., server health, backups, security events). No marketing or newsletters. See our Email Sending Policy.

5) Data Sharing & Processors

We engage reputable processors to deliver our services:

• Mailgun (transactional email delivery).
• GitHub Pages (website hosting).
• ImprovMX / Gmail (inbound mail routing to contact@/alerts@).
• Cloud infrastructure providers for managed servers and security monitoring.

Processors act under contract and only process data on our documented instructions with appropriate security measures.

6) International Transfers

Where data is transferred outside Switzerland/EU, we rely on appropriate safeguards (e.g., SCCs or equivalent contractual protections) provided by our processors.

7) Security

• TLS for data in transit; hardened Linux baselines (UFW, fail2ban, SSH best practices).
• Authenticated email (SPF, DKIM, DMARC) under mail.aleksaitcyber.com.
• Principle of least privilege; access logging and monitoring; regular patching.

8) Retention

We retain only what is necessary for operations, troubleshooting, and compliance, then securely delete. Typical retention for routine operational logs is short-term and cyclical.

9) Your Rights

Subject to applicable law, you may request access, correction, deletion, restriction, or portability of your personal data, or object to processing. Contact: contact@aleksaitcyber.com.

10) Cookies & Tracking

We do not use advertising cookies or cross-site profiling. Any analytics we use is limited, aggregated, and operational.

11) Incident Response

In the event of a data incident impacting personal data, we will assess scope and impact, mitigate promptly, and notify affected parties and/or authorities where required by law.

12) Contact

Privacy inquiries: contact@aleksaitcyber.com

13) Changes

We may update this policy to reflect operational, legal, or provider changes. The latest version is published at this URL with an updated effective date.