Privacy policy.

Who is the controller

DIGITAL SPECIALISTS s.r.o., IČO 21669261, registered at Čujkovova 1714/21, 700 30 Ostrava-Zábřeh, Czech Republic. The beneficial operator is Norbert Kovalčín. Data-subject requests go to mail@nkovalcin.com.

What data is collected

Brief submissions

When you submit a brief via /contact or the homepage final CTA, we store: your name, email, selected project type, selected budget range, message text, submission timestamp, a SHA-256 hash of your IP address (never the raw IP), and the browser user-agent string. This data is processed on the basis of your explicit consent (GDPR Art. 6(1)(a)) and the pre-contractual interest (Art. 6(1)(b)) of evaluating a possible engagement.

Newsletter signup

When you subscribe via the footer or blog form, we store: your email, a hashed IP, and the source (which form triggered the signup). Double opt-in: we send a confirmation email with a token; we only mark you as active after you click the link. Legal basis: explicit consent (Art. 6(1)(a)). You can unsubscribe via the footer of every newsletter or by the link in the confirmation email.

Admin authentication

The /admin area uses a single encrypted HTTP-only session cookie (nk_admin_session) for Norbert's login only. No user accounts, no tracking. This cookie is strictly necessary and does not require consent under the ePrivacy Directive.

Analytics

At launch, nkovalcin.com ships with no third-party analytics. No Google Analytics, no Facebook Pixel, no Plausible, no PostHog. If a first-party analytics pillar (Conseto) is added post-launch, it will be documented here first and gated by an explicit cookie consent dialog — never rolled out silently.

Processors and sub-processors

• Vercel Inc. (USA, EU DPA, SCCs) — hosts the Next.js application. Does not receive form data beyond what every HTTP request exposes (IP → immediate hashing).
• Neon Database (fra1 region, Frankfurt) — Postgres for brief + newsletter data. EU-only storage.
• WEBGLOBE s. r. o. (Websupport) (Slovakia) — SMTP relay for mail@nkovalcin.com, processes email in transit only.

How long we keep it

• Brief submissions: retained indefinitely while the business relationship (or potential relationship) is active. On request, deleted within 14 days.
• Newsletter subscribers marked active: retained while you remain subscribed.
• Newsletter subscribers marked unsubscribed: retained for up to 30 days after unsubscribe for audit, then hard-deleted.
• IP hashes: stored alongside the row they protect. Never decoded into raw IPs because the raw IP was never captured.

Your rights

Under GDPR (EU 2016/679) you can request access, rectification, erasure, restriction, portability, and objection to processing. Email mail@nkovalcin.com and expect a response within one working day.

You also have the right to lodge a complaint with the Slovak supervisory authority (Úrad na ochranu osobných údajov, dataprotection.gov.sk) or the Czech authority (Úřad pro ochranu osobních údajů, uoou.gov.cz), whichever fits your jurisdiction.

International transfers

The database (Neon fra1) and SMTP relay (Websupport) both live inside the EU. Vercel infrastructure is US-based but covered by standard contractual clauses and the EU-US Data Privacy Framework. No client data is deliberately moved to a third country.

Changes to this policy

Changes get a fresh Last updated date below and a short note in the page history (kept at the repository level on GitHub). Material changes to purpose or processors will be emailed to active newsletter subscribers.