Privacy Policy
Last updated: 19 April 2026
Jonathan Castro ("we", "us", "our") operates the website jonathancastro.ai (the "Site"). This Privacy Policy explains how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Spanish data protection law (Ley Orgánica 3/2018, LOPDGDD).
1. Data Controller
The data controller responsible for your personal data is:
- Name: Jonathan Castro
- Email: privacy@jonathancastro.ai
- Website: jonathancastro.ai
2. Data We Collect
We collect the following personal data:
| Data | Purpose | Legal Basis |
|---|---|---|
| Email address | Newsletter subscription | Consent (Art. 6(1)(a) GDPR) |
| IP address | Rate limiting, security | Legitimate interest (Art. 6(1)(f) GDPR) |
| Usage analytics | Site improvement | Consent (Art. 6(1)(a) GDPR) |
3. Newsletter Subscription
When you subscribe to our newsletter, we store your email address solely to send you new blog post notifications. We use Resend as our email delivery provider. Your email is stored in a Neon Postgres database hosted in the EU (AWS eu-west-2).
You may unsubscribe at any time via the link included in every email. Upon unsubscription, your email address and all associated data are permanently deleted from our systems — we do not perform soft deletes.
4. Analytics
We use Vercel Analytics, a privacy-friendly analytics service that does not use cookies and does not collect personally identifiable information. Vercel Analytics collects aggregated, anonymised usage data (page views, referrers, device type).
5. Cookies
This Site uses only essential cookies required for the website to function. We do not use tracking or advertising cookies. For more details, see our Cookie Policy.
6. Data Transfers
Your data may be processed by the following third-party providers:
- Vercel Inc. (hosting) — USA, covered by EU-US Data Privacy Framework
- Resend Inc. (email delivery) — USA, covered by Standard Contractual Clauses
- Neon Inc. (database) — EU region (eu-west-2)
7. Data Retention
- Newsletter subscribers: Data retained while subscription is active. Permanently deleted upon unsubscription.
- Analytics: Aggregated data only, no personal data retained.
- Server logs: IP addresses in rate-limiting memory are automatically purged every 60 seconds.
8. Your Rights
Under the GDPR, you have the right to:
- Access your personal data (Art. 15)
- Rectify inaccurate data (Art. 16)
- Erase your data ("right to be forgotten") (Art. 17)
- Restrict processing (Art. 18)
- Data portability (Art. 20)
- Object to processing (Art. 21)
- Withdraw consent at any time (Art. 7(3))
To exercise any of these rights, contact us at privacy@jonathancastro.ai. We will respond within 30 days.
9. Supervisory Authority
You have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos — AEPD) at www.aepd.es.
10. Changes to This Policy
We may update this policy from time to time. Any changes will be posted on this page with an updated revision date.