This page describes what personal data Devmindset.dev collects, why, on what legal basis, how long it’s retained, and what rights you have. The document complies with GDPR (Regulation EU 2016/679 of 27 April 2016) and the Polish Personal Data Protection Act.
Data controller
The controller of your personal data is the owner of Devmindset.dev. Contact: contact@devmindset.dev.
The site isn’t required to appoint a Data Protection Officer (DPO) under GDPR Article 37 — it doesn’t conduct large-scale regular monitoring of individuals and doesn’t process special categories of data within the meaning of Article 9.
What data we collect
We collect only the data needed for specific features. We don’t buy datasets, scrape profiles from other sources, or build shadow profiles.
| Data source | Data collected | Required |
|---|---|---|
| Comments | Nickname, email, optional URL, content, IP | Email + nickname |
| Contact form | Name/nickname, email, message content | All |
| Server logs | IP, user agent, timestamp, request path | Automatic |
| Analytics | Anonymized navigation events | After consent |
| Advertising | Advertising cookie identifiers, ad interaction data | After consent |
| Newsletter |
Comments
When you post a comment, we ask for a nickname (or first name) and email. The email is not displayed publicly — we use it only for moderation and optionally to display an avatar from Gravatar (after accepting the relevant cookie). The commenter’s IP is logged for spam protection and abuse prevention.
Contact form
Messages sent through the contact form are forwarded to the administrator’s email via the WPForms plugin. Data isn’t kept in the site database longer than necessary to respond.
Server logs
Every HTTP request is logged by the server (hosting provider). Logs contain IP address, browser user agent, response code, and timestamp. We use them for technical diagnostics and protection against attacks (rate limiting, WAF, fail2ban).
Analytics
The site uses Google Analytics 4 (ID G-WHZK1NNHVE) deployed via the MonsterInsights plugin. Analytics fires only after consent is given through the consent banner. Data is anonymized at the plugin configuration level (IP truncation).
Google Analytics is provided by Google LLC — data is transferred to the USA. Details in the Transfers outside the EEA section below.
Newsletter
If you subscribe to the newsletter, we collect only your email address. You can unsubscribe at any time using the link in the footer of each message — no need to contact the administrator.
Purposes and legal basis
| Purpose | GDPR legal basis |
|---|---|
| Publishing comments and moderation | Art. 6(1)(a) — consent |
| Responding to contact form messages | Art. 6(1)(b) — contract / pre-contractual steps |
| Technical logs and security | Art. 6(1)(f) — legitimate interest |
| Traffic analytics | Art. 6(1)(a) — consent |
| Serving personalized advertising | Art. 6(1)(a) — consent |
| Newsletter | Art. 6(1)(a) — consent |
| Compliance with legal obligations | Art. 6(1)(c) — legal obligation |
Data recipients
Your data may be processed by the following entities (processors):
- Hosting provider — for server logs and database storage
- Google LLC — for Google Analytics 4 and Google AdSense (after your consent)
- Google advertising partners — third-party ad technology vendors involved in serving ads (after your consent)
- Automattic Inc. — for the Gravatar service (after accepting the relevant cookie)
- Security providers — for protection against attacks (Wordfence Security and others)
- Government authorities — only based on a legal obligation, on request of an authorized authority
We don’t sell data and we don’t share it with data brokers.
Retention periods
| Data category | Period |
|---|---|
| Comments | Indefinite, until deletion request |
| Contact form messages | 12 months from last correspondence |
| Server logs | 14–30 days (per hosting provider policy) |
| Analytics data (aggregated) | 26 months |
| Advertising cookies | Per the lifespan of each cookie (up to 24 months) |
| Newsletter subscriptions | Until unsubscribe |
| Data required by law | Per legal obligation |
After the period expires, data is deleted or permanently anonymized.
Your rights
Under GDPR you have the following rights:
- Right of access (Art. 15) — request a copy of your data
- Right to rectification (Art. 16) — have inaccurate data corrected
- Right to erasure (Art. 17) — the right to be forgotten
- Right to restriction of processing (Art. 18)
- Right to data portability (Art. 20) — in a machine-readable format
- Right to object (Art. 21) — to processing based on legitimate interest
- Right to withdraw consent at any time — without affecting the lawfulness of processing prior to withdrawal
- Right to lodge a complaint with the Polish Data Protection Authority (UODO) (uodo.gov.pl)
To exercise any of these rights — email contact@devmindset.dev. You’ll get a response within 30 days (GDPR Art. 12(3)).
Transfers outside the EEA
Some services (Google Analytics, Google AdSense, Gravatar) are operated by entities based in the United States. Transfers happen under:
- Data Privacy Framework (DPF) — for providers certified under the EU–US agreement of July 2023
- Standard Contractual Clauses (SCC) — for non-certified providers
- Other mechanisms defined in GDPR Chapter V
Data is transferred only after consent to the relevant cookie category.
Data security
We apply the following technical and organizational measures:
- TLS 1.3 for all HTTP traffic (HSTS enabled)
- Updates to the WordPress core, plugins, and theme on a maximum 14-day cycle
- WAF (Web Application Firewall) and rate limiting at the application layer
- Password hashing (bcrypt) in the database
- Backups daily with 14-day retention, on separate storage
- 2FA for administrative accounts
- Security event logging and monitoring of anomalous activity
Despite these measures — no system is 100% secure. In the event of a data breach, we’ll notify the supervisory authority within 72 hours per GDPR Art. 33, and the affected individuals (Art. 34) if the risk level requires it.
Profiling and automated decisions
The site does not make automated decisions producing legal effects or significantly affecting data subjects within the meaning of GDPR Art. 22. Personalized ads served by Google AdSense may rely on marketing profiling performed by Google and its partners — this happens only after consent and produces no legal effects for you.
Advertising (Google AdSense)
The site uses or plans to use the Google AdSense advertising system provided by Google LLC. As part of this service, Google and its advertising partners (third-party vendors) may use cookies and similar technologies to display ads tailored to your interests based on your prior visits to this and other sites.
Google uses cookies — including Google’s advertising cookie — to personalize ads. Personalized ads are served only after you give consent through the consent management platform (a consent banner compliant with the IAB TCF). Without consent, ads may be served in a limited (non-personalized) mode or may not be served at all.
You can manage your advertising preferences or opt out of personalization at any time:
- in Google Ad Settings — myadcenter.google.com,
- at youronlinechoices.eu — bulk opt-out for vendors operating in the EU,
- at aboutads.info/choices — the Digital Advertising Alliance initiative.
You can review and change the full list of third-party vendors and the scope of your consent at any time in the consent management panel displayed on the site. Data processed within AdSense may be transferred to the United States under the terms described in the “Transfers outside the EEA” section.
Google’s data processing is described in the Google Privacy Policy (policies.google.com/privacy) and the document “How Google uses information from sites or apps that use our services” (policies.google.com/technologies/partner-sites).
Cookies
For detailed information about cookies — categories, purposes, lifespan, and how to manage them — see the Cookies Policy.
Contact
For matters related to personal data processing: contact@devmindset.dev
You can also lodge a complaint with the supervisory authority — the President of UODO (ul. Stawki 2, 00-193 Warsaw, Poland, kancelaria@uodo.gov.pl).
Policy changes
This policy may be updated — for example after adding new tools, infrastructure changes, or regulatory changes. Every modification is marked with a date below. For material changes, additional information will be shown on the homepage and — for changes requiring consent — the consent banner will be displayed again.
Last updated: May 29, 2026