Privacy Policy | Abdallah Halawa - Technical Project Manager & AI Innovator

Introduction

This Privacy Policy explains how Abdallah Halawa ("I", "me", or "my") collects, uses, and protects your personal data when you visit this portfolio website. I am committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Your Privacy Matters: I only collect minimal, anonymous data to understand how visitors use this site. No marketing, no selling data to third parties, no intrusive tracking.

Data Controller

Name: Abdallah Halawa

Contact Email: abdoo182@gmail.com

Website: abdallahhalawa.com

What Data We Collect

I collect minimal, anonymous data about your visit to improve the website experience. Below is a complete list of data collected:

Data Type	Purpose	Legal Basis	Retention
Page views, clicks, tab switches	Understand visitor behavior	Consent (Analytics Cookies)	90 days
Browser type, device type, screen size	Ensure site works on all devices	Consent (Analytics Cookies)	90 days
Country (via IP address)	Understand geographic audience	Consent (Analytics Cookies)	90 days
Language preference	Display content in your language	Consent (Functional Cookies)	12 months
Session ID (anonymous)	Track single visit sessions	Consent (Analytics Cookies)	90 days
Referrer URL	Understand traffic sources	Consent (Analytics Cookies)	90 days

What We DO NOT Collect

❌ No names, email addresses, or contact information (unless you submit contact form)
❌ No IP addresses stored in our database
❌ No user accounts or passwords
❌ No financial information
❌ No location data beyond country-level
❌ No cross-site tracking or fingerprinting

How We Use Your Data

I use the collected data for the following purposes:

Website Analytics: Understand which pages are popular, how visitors navigate the site, and identify technical issues.
User Experience Improvement: Ensure the site works well on all devices and browsers.
Performance Optimization: Identify slow pages and optimize loading times.
Content Strategy: Understand which content resonates with visitors to create more relevant content.

I do NOT use your data for:

Marketing or advertising
Selling or sharing with third parties (except analytics processors listed below)
Profiling or automated decision-making
Any purposes beyond analytics and user experience improvement

Cookies & Consent

This website uses cookies only with your explicit consent. You can manage your cookie preferences through the cookie banner that appears on your first visit.

Cookie Categories

Essential Cookies: Required for basic site functionality (e.g., cookie consent preferences). Always active, no consent needed.
Analytics Cookies: Track page views, clicks, and visitor behavior via Google Analytics 4 and custom analytics. Requires your consent.
Functional Cookies: Remember your language preference and other settings. Requires your consent.

You can withdraw your consent at any time by clicking the "Cookie Settings" link in the footer or clearing your browser cookies.

Third-Party Data Processors

I use the following trusted third-party services to process analytics data:

Service	Provider	Purpose	Data Location
Google Analytics 4	Google LLC	Website analytics	EU/US (with EU-US Data Privacy Framework)
Cloudflare Web Analytics	Cloudflare Inc.	Server-side analytics (cookie-less)	EU (GDPR-compliant)
Cloudflare D1 Database	Cloudflare Inc.	Custom analytics storage	EU (GDPR-compliant)

Data Processing Agreements (DPAs)

I have verified that all third-party processors comply with GDPR through the following agreements:

Google Analytics: Google Ads Data Processing Terms
Cloudflare: Cloudflare Data Processing Addendum

Data Retention

I retain your data only as long as necessary for analytics purposes:

Custom Analytics (D1 Database): Automatically deleted after 90 days via daily cleanup job.
Google Analytics 4: Configured to retain data for 14 months.
Cloudflare Web Analytics: Retained for 6 months (Cloudflare default).
Cookie Consent Preferences: Stored locally in your browser (no expiration unless you clear browser data).

After these periods, data is permanently deleted and cannot be recovered.

Data Security

I implement industry-standard security measures to protect your data:

HTTPS Encryption: All data transmitted between your browser and our servers is encrypted using TLS 1.3.
Rate Limiting: Prevents abuse of analytics endpoints (100 requests per minute per IP).
XSS Protection: Input sanitization prevents malicious scripts.
SQL Injection Protection: Parameterized database queries prevent SQL injection attacks.
IP Anonymization: Google Analytics anonymizes IP addresses before storage.
Access Controls: Analytics data accessible only via authenticated API endpoints.

Your Rights Under GDPR

You have the following rights regarding your personal data:

1. Right to Access (Article 15)

You can request a copy of all data I have collected about you.

2. Right to Rectification (Article 16)

You can request correction of inaccurate data (though I collect minimal identifiable data).

3. Right to Erasure / "Right to be Forgotten" (Article 17)

You can request deletion of all your data at any time.

4. Right to Data Portability (Article 20)

You can request your data in a machine-readable format (CSV or JSON).

5. Right to Object (Article 21)

You can object to data processing by withdrawing cookie consent.

6. Right to Lodge a Complaint

You can file a complaint with your local data protection authority if you believe your rights have been violated.

How to Exercise Your Rights:

Email me at abdoo182@gmail.com with subject: "GDPR Data Request"
Specify which right you wish to exercise (access, deletion, export, etc.)
Provide approximate dates of your visits (helps me locate your session data)
I will respond within 30 days as required by GDPR

Note: Since I don't collect email addresses or usernames, I cannot verify your identity beyond the information you provide. Your session data is anonymous, so I'll need you to specify visit dates or session IDs (visible in browser console: window.Analytics.getSessionStats()).

International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA):

Google Analytics: Data may be transferred to the United States under the EU-US Data Privacy Framework, which provides adequate protection equivalent to GDPR.
Cloudflare: Data is primarily stored in EU data centers. Cloudflare is GDPR-compliant and provides DPA protection.

All international transfers are protected by appropriate safeguards (Standard Contractual Clauses or adequacy decisions).

Children's Privacy

This website is not directed at children under 16 years of age. I do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided data to this site, please contact me to have it deleted.

Changes to This Privacy Policy

I may update this Privacy Policy from time to time to reflect changes in data practices or legal requirements. When I make significant changes, I will:

Update the "Last Updated" date at the top of this page
Notify you via a banner on the website (if changes affect your rights)
Request renewed consent if required by law

I recommend reviewing this Privacy Policy periodically to stay informed about how I protect your data.

Contact & Questions

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact me:

Email: abdoo182@gmail.com
Subject Line: "Privacy Policy Question" or "GDPR Data Request"
Response Time: I aim to respond within 48 hours (GDPR requests within 30 days)

Supervisory Authority:

If you are located in the EU/EEA and wish to raise a concern about how I handle your data, you have the right to lodge a complaint with your local data protection authority. You can find your authority here: European Data Protection Board Members

Effective Date: February 14, 2026
Version: 1.0
Compliance: GDPR (EU Regulation 2016/679)