Back to Home

Privacy

Effective: 2026-04-26

This is a plain-language privacy policy for sinnoor.in. It tells you what data the site collects, why, who else sees it, how long it sticks around, and what you can do about it. If anything here is unclear, email hello@sinnoor.in and I will fix the wording.

1. Who we are

Sinnoor C is the data controller for this site. I run sinnoor.in as a personal portfolio and newsletter. You can reach me at hello@sinnoor.in for any privacy-related question or request.

2. What we collect

When you subscribe to the newsletter, the site stores:

  • Your email address — you provide this on the signup form.
  • A salted hash of your IP address (sha256 with a secret salt) — used for rate limiting and abuse detection. The raw IP is never persisted.
  • A salted hash of your browser's User-Agent string (sha256 with the same secret salt) — used for fraud-pattern detection. The raw User-Agent is never persisted.
  • A timestamp of when you signed up.
  • The signup source — which surface you subscribed from (inline-blog, newsletter-page, homepage, or popup) — used purely for funnel analysis.

When you visit the site (without subscribing), Vercel records standard server logs (request URL, IP, timing) and retains them per Vercel's own policy. The site itself does not drop advertising trackers and does not run third-party analytics that fingerprint you across sessions.

3. Why we collect it

The legal bases under GDPR Article 6 / DPDP Act 2023 Section 7:

  • Consent — you click subscribe, then click a confirmation link in your inbox (double opt-in). This is the DPDP-grade standard for newsletter signup. You can withdraw consent at any time.
  • Legitimate interest — for the salted IP / UA hashes used in rate limiting (5 signups per minute per IP) and bot detection (a 1.5-second interaction-time gate). These exist purely to keep the signup form usable for humans.

4. How long we keep it

  • Unconfirmed subscribers (you signed up but never clicked the confirmation link) — 30 days. After that the subscriber record is auto-purged from Resend and the consent record is dropped from Redis. A daily cron at 04:00 UTC enforces this.
  • Confirmed subscribers — until you unsubscribe. Every email we send carries a one-click unsubscribe footer (handled directly by Resend); clicking it removes you from the list immediately.
  • Vercel server logs— Vercel's own retention policy applies; sinnoor.in does not aggregate or process those logs.

5. Who we share it with

The site uses three processors. We do not sell, rent, or trade your data. There are no advertising trackers and no data brokers in the loop.

  • Resend (Delaware, USA) — handles newsletter delivery and stores your email address. Their data processing terms: resend.com/legal/dpa.
  • Upstash (San Francisco, USA) — provides the Redis store used for rate limiting, race-protection locks, and the sha256-keyed consent ledger (no raw email or IP is stored). Their data processing addendum: upstash.com/trust/dpa.pdf.
  • Vercel (San Francisco, USA) — hosts the site and receives standard request metadata. Their DPA: vercel.com/legal/dpa.

6. Your rights

Under GDPR Articles 15-22 and DPDP Act 2023 Sections 11-12, you have the following rights. Email hello@sinnoor.in to exercise any of them — replies usually within a few days.

  • Access — email me and I will export everything tied to your email address as JSON.
  • Erasure — click the one-click unsubscribe link in any email. That removes your subscriber record from Resend immediately. The sha256-keyed consent record in Redis auto-purges within a year of unsubscription as part of routine ledger maintenance, or sooner on request.
  • Portability — same access mechanism above; the export is plain JSON.
  • Withdrawal of consent — one-click unsubscribe in any email, or email hello@sinnoor.in.
  • Lodge a complaint — you can complain to your local data protection authority (the Data Protection Board of India for DPDP, your national supervisory authority for GDPR).

7. Children's privacy

The newsletter and site are not directed to anyone under 16. If you believe data was collected from a minor, email hello@sinnoor.in and I will delete it immediately.

8. Changes to this policy

The policy can change. Material changes update the effective date at the top of this page. If a change affects subscribers (new processor, broader data collection, retention extension), I will send a heads-up email before the change takes effect.

9. Contact

Sinnoor C — data controller. Email: hello@sinnoor.in. Site: https://sinnoor.in.