Scope

This policy applies to:

  • The website at amireslampanah.com and its subpaths.
  • Any web applications, APIs, or downloadable software distributed from this domain.

It does not cover third-party services linked from the site (GitHub, LinkedIn, EONMUX LTD's separate site, external email providers). Those have their own policies, which apply when their content loads.

What is collected

Data collection is limited to what is necessary to operate the service and to defend it against malicious traffic. This is generally a subset of the following:

  • Standard request metadata — IP address, user agent, requested URL, HTTP status, response size, timestamp, referrer. These are written to access and error logs and are required for routing, rate limiting, debugging, and abuse mitigation.
  • Application telemetry — error traces, performance counters, queue depths, and similar operational signals that come from the application code itself, not from your identity.
  • Security signals — failed authentication attempts, malformed requests, exploit probes, and traffic anomalies. These are retained long enough to detect repeat actors and to block them.
  • Information you submit voluntarily — if you fill in a form, send an email through a contact link, or sign in to an application, the data you actually provide is processed for the specific purpose you provided it for.

What is not collected

  • No advertising, marketing, or behavioural tracking cookies.
  • No third-party analytics scripts (Google Analytics, Meta Pixel, Hotjar, etc.).
  • No cross-site identifiers, fingerprinting, or device-graph data.
  • No data brokers, ad networks, or affiliate networks have access to anything collected here.

Cookies and local storage

The site itself uses local storage for one purpose only: remembering your light/dark theme preference. That value never leaves your browser. Applications served from this domain may use cookies or local storage for session state when you sign in — those are strictly functional, not tracking.

Why this data is collected

Two reasons, and only two:

  1. To deliver the requested service. Serving a page, completing an API call, signing you in to an application, returning an error you can act on.
  2. To protect the service and its users. Detecting and blocking abuse — credential stuffing, scraping, exploit attempts, DDoS traffic, spam — and meeting basic operational security obligations.

Data is not used to build user profiles, score users, train external models, sell access, or for any purpose unrelated to operating the service.

Personal identifiability

The operational data collected (logs, telemetry, security signals) is not treated as personally identifiable. It is keyed to network artefacts (IP, request fingerprints, session IDs) rather than to your name, government identifiers, or any cross-service identity. Where you voluntarily provide identifying information — for example, by signing in or emailing — that information is processed only for the purpose you supplied it for, and is not joined to the operational logs to build a profile.

Sharing with third parties

Operational data, logs, telemetry, and any information submitted through this site or its applications are not sold, rented, traded, or otherwise disclosed to third parties. The only narrow exceptions are:

  • Infrastructure providers that physically host the service (server, CDN, DNS). They process traffic on instruction; they are not given the data for their own use.
  • Lawful legal process, where a valid order compels disclosure and there is no lawful basis to refuse.

No marketing partners, no analytics vendors, no data brokers.

Retention

Logs and security signals are retained only as long as they are operationally useful — typically days to weeks for routine traffic logs, longer where active abuse investigation requires it — after which they are rotated out and discarded. Information you voluntarily submit is retained for the lifetime of the purpose it was submitted for (e.g. an account exists, a conversation thread is ongoing).

Security

Access to data is restricted to the operator. Transport is encrypted (HTTPS / TLS). Stored credentials, where applicable, are hashed; sessions are scoped and expirable. No system is invulnerable, but the surface here is intentionally small: less collection means less to lose.

Your choices

  • Browser controls — you can clear local storage from your browser at any time, which removes the saved theme preference. You can block requests entirely with an ad blocker or DNS blocker; the site is built to degrade gracefully.
  • Access, correction, deletion — for any data you voluntarily submitted, you can request a copy, a correction, or deletion by emailing the contact below. Operational logs may not be individually addressable (they are not keyed to identity).
  • Do Not Track — respected by default, because no tracking happens regardless.

Children

This site and its applications are not directed at children under 13. No data is knowingly collected from them. If you believe a child has submitted information, contact the address below and it will be removed.

Changes to this policy

Updates will be published at this URL with the Last updated date at the top revised. Material changes will be reflected in that date; small clarifications may not be called out individually.

Contact

Privacy questions, access requests, or concerns: a.eslampanah@live.com.