Security Policy

This page outlines the security and privacy practices for jahnavimehta.com.

GDPR Compliance

This website is fully compliant with the General Data Protection Regulation (GDPR).

As a purely static website with no data collection mechanisms, we inherently comply with GDPR requirements:

• ✅ Minimal data processing: We store only a single non-personal preference value in your browser (see Local Storage below)
• ✅ Transparent analytics: We use privacy-friendly, cookieless analytics (Plausible) that collects only aggregated, anonymous data
• ✅ No consent required: No personal data is collected or processed
• ✅ Right to access: No personal data is held about visitors
• ✅ Right to erasure: No personal data to erase; your language preference can be cleared via your browser’s local storage settings
• ✅ Data portability: Not applicable, as no personal data is collected
• ✅ Privacy by design: The site architecture ensures privacy by default through its static nature

Site Architecture

This website is a purely static site with the following characteristics:

• No cookies: We do not use cookies of any kind
• Local storage (language preference only): We store one item in your browser’s local storage — the key lang-preference with a value of either en or de. This records your chosen display language so we can show the site in your preferred language on your next visit. It contains no personal data and is never transmitted to any server. You can clear it at any time via your browser’s developer tools or site settings.
• No session storage: We do not use session storage
• Privacy-friendly analytics: We use cookieless, privacy-friendly analytics (see below)
• No user accounts: There are no login systems or user accounts
• No forms: We do not process or store form submissions on our servers
• No databases: This is a static site with no backend database

Website Analytics

We use Plausible Analytics, a privacy-friendly, cookie-free web analytics service, to understand how visitors use our website and improve the user experience.

What Plausible collects (anonymously and without cookies):

• Page URLs visited (without sensitive query parameters)
• HTTP referrer (where visitors came from)
• Browser type (e.g., Chrome, Firefox)
• Operating system (e.g., Windows, macOS)
• Device type (desktop, mobile, tablet)
• Approximate location (country, region, city derived from IP address)

Privacy protections:

• ✅ No cookies: Plausible does not use cookies or persistent identifiers
• ✅ No personal data: IP addresses and User-Agent strings are never stored
• ✅ No cross-site tracking: Data is isolated to this website only
• ✅ No cross-day tracking: Visitor identifiers are reset daily
• ✅ Aggregated data only: All metrics are aggregated; individual visitors cannot be identified
• ✅ GDPR compliant: Fully compliant with EU privacy regulations
• ✅ No consent required: Because no personal data is collected, no cookie banner or consent is needed
• ✅ EU-hosted: Analytics data is processed and stored within the European Union
• ✅ Open source: Plausible is fully open source and independently auditable

How it works:

Plausible generates a daily anonymous identifier using a cryptographic hash:

hash(daily_salt + website_domain + IP_address + user_agent)

The salt is rotated every 24 hours, and raw IP addresses and User-Agent data are immediately discarded after hashing. This prevents tracking across days or websites.

Learn more:

• Plausible Data Policy
• Plausible Privacy Policy
• Plausible GDPR Compliance

Data Collection

We collect anonymous, aggregated website analytics data via Plausible Analytics (see “Website Analytics” section above). No personal information that could identify individual visitors is collected, stored, or processed.

The only data stored locally in your browser is your language preference (lang-preference: en or de), which is purely functional and contains no personal information.

Third-Party Services

This website may load resources from the following third-party content delivery networks (CDNs):

• Bootstrap CSS and JavaScript
• Font Awesome icons
• Google Fonts
• Masonry layout library
• Plausible Analytics (self-hosted)

Plausible Analytics: We use a self-hosted instance of Plausible Analytics for privacy-friendly website analytics. Unlike the third-party CDNs above, this service is under our direct control. Plausible does not use cookies, does not collect personal data, and is fully GDPR compliant. See the “Website Analytics” section for full details.

GDPR Note: These third-party services are loaded solely for functional and design purposes. They may have their own privacy policies and could collect technical data (such as IP addresses) according to their terms. We recommend reviewing their privacy policies:

• Google Fonts Privacy Policy
• Bootstrap Privacy Information
• Font Awesome Privacy Policy

We have no control over and assume no responsibility for the privacy practices of these third-party services.

Security Contact

If you discover a security vulnerability on this website, please report it to us:

• Email: [email protected]
• Security.txt: /.well-known/security.txt

Response Timeline

We will acknowledge security reports within 48 hours and provide updates on the resolution timeline.

Scope

Security issues relevant to this static website include:

• Vulnerabilities in third-party libraries or dependencies
• Content security issues
• Configuration problems that could affect security
• Cross-site scripting (XSS) possibilities

Last updated: April 24, 2026

Changelog:

• April 24, 2026: Added disclosure of Plausible Analytics usage
• March 29, 2026: Initial security policy published