Pinal Bhatt
PBDeskfrom the desk of Pinal Bhatt
Privacy

Privacy Policy & Cookie Notice

Your privacy matters. This Privacy Policy explains what information PBDesk collects when you visit, how it is used, what cookies and similar technologies are in play, and the choices you have. The Cookie Notice section sets out the specific cookies and storage keys this site uses.

Last updated

1. Introduction and scope

This Privacy Policy describes how PBDesk ("the Site", "we", "us", or "our") collects, uses, and discloses information when you visit pbdesk.com or any subdomain operated under the same brand. It also explains the cookies and similar technologies the Site uses (the Cookie Notice in Section 6 below).

By using the Site you confirm that you have read this Policy and the Disclaimer & Terms of Use. If you do not agree with any part of this Policy, please discontinue use of the Site.

2. Who runs this site

PBDesk is a personal site operated by Pinal Bhatt (the data controller for the purposes of applicable privacy law, including the EU/UK GDPR and the California Consumer Privacy Act). The author is based in the United States; the Site is published from the United States and read by a global audience.

3. Information we collect

PBDesk is intentionally minimal in its data collection. The Site does not require you to create an account, log in, or provide payment information. The categories of information we may collect are:

3.1 Information automatically collected

When you visit any page, our hosting provider (see Section 7) automatically receives standard request metadata, which may include:

  • your IP address (often truncated or anonymised by the hosting layer);

  • your user-agent string (browser, browser version, operating system);

  • the referring page or search term that brought you to the Site;

  • the page or asset URL you requested and the HTTP response status;

  • the date, time, and approximate duration of the request; and

  • diagnostic information needed for security, abuse prevention, and uptime monitoring.

This information is collected as part of the normal operation of any website on the public internet and is processed by our hosting provider on our behalf.

3.2 Information you choose to provide

If the Site enables comments, contact forms, mailing-list sign-ups, or other interactive features in the future, we will only receive the information you choose to submit through those features. As of the date listed at the top of this page, the Site does not collect form submissions.

3.3 Cookies, local storage, and similar technologies

The Site uses a small number of cookies and browser-storage keys, listed in detail in Section 6 below.

3.4 Sensitive personal information

We do not knowingly collect government identifiers, financial account information, biometric data, precise geolocation, health data, or other categories of sensitive personal information. Please do not submit such information through any feature of the Site.

4. How we use the information

We use the information described in Section 3 to:

  • operate, maintain, and serve the Site to your browser;

  • secure the Site against abuse, scraping, brute-force attacks, and other unauthorised use;

  • diagnose technical problems and improve performance, layout, and accessibility;

  • understand, in aggregate, how readers find and navigate the Site so we can improve content;

  • comply with applicable legal obligations; and

  • enforce our terms, including the Disclaimer & Terms of Use.

We do not sell personal information, share it with advertising networks, or use it to build advertising profiles.

5. Legal bases for processing

Where the EU/UK GDPR applies, we rely on the following legal bases for processing personal information:

  • Legitimate interests — to operate, secure, and improve the Site, and to understand, in aggregate, how readers use it. We balance these interests against your privacy rights and only process the minimum information necessary.

  • Consent — where applicable, for non-essential cookies or for any feature that requires opt-in (for example, a future newsletter sign-up). You can withdraw consent at any time through your browser controls.

  • Legal obligation — to comply with applicable laws, lawful requests from public authorities, and our records-retention requirements.

  • Contract — to provide a feature you have specifically requested (for example, responding to a message you send through a form).

6. Cookies, local storage, and similar technologies

This section is the Site's Cookie Notice. A cookie is a small text file that a website asks your browser to store; local storage is a similar mechanism for storing values inside your browser. Both are sent to or read by the Site as you browse. We use them sparingly and only for the purposes described below.

6.1 Categories of cookies and storage we use

Strictly necessary (no consent required):

  • sb-preview — set only when you open the Site through the Storyblok visual editor preview. It signals our edge proxy to serve uncached, draft-mode content. It is not set during normal browsing.

  • Hosting-layer cookies that may be set by our hosting provider (Vercel) for protection against abuse, load balancing, and basic uptime — see Section 7.

Preferences (functional, no third-party sharing):

  • theme (a value such as light, dark, or system) — stored via your browser's localStorage by the next-themes library so the Site can remember your colour-scheme preference between visits. This value never leaves your device.

Analytics (consent-based, only if and when enabled):

  • As of the date at the top of this page, PBDesk does not run third-party analytics, advertising, fingerprinting, or behavioural-tracking scripts. If we add a privacy-respecting analytics tool in the future, this section will be updated to disclose the provider, the data collected, the retention period, and how to opt out — and, where required, we will request your consent before any non-essential cookies are set.

6.2 Third-party cookies

Pages on the Site may embed media or links from third parties (for example, YouTube embeds, X/Twitter cards, GitHub gists). Those third parties may set their own cookies when you interact with their content. We do not control those cookies, and they are governed by the respective third party's privacy policy. See Section 11.

6.3 How to control cookies and storage

You can review, manage, and delete cookies and local-storage entries in your browser's settings. The exact steps differ by browser; the help pages below are good starting points:

Blocking strictly-necessary cookies may break parts of the Site; for example, the Storyblok visual-editor preview will not work without sb-preview. Blocking the theme preference simply means your colour-scheme choice will not be remembered between visits.

6.4 Do Not Track and Global Privacy Control

Because the Site does not run third-party tracking, Do Not Track (DNT) browser signals and Global Privacy Control (GPC) signals do not change how we operate. If we add analytics or other non-essential processing in future, we will respect GPC signals as a valid opt-out where applicable law requires it.

7. Service providers and sub-processors

We use a small number of trusted service providers (also called sub-processors) to operate the Site. They process information only on our instructions and only as necessary to deliver their service:

  • Vercel Inc. — hosting, edge network, and request routing. Receives standard request metadata (IP, user-agent, request URL) for the purposes of serving the Site and protecting it from abuse. See Vercel's Privacy Policy.

  • Storyblok GmbH — headless content management system. Stores the editorial content shown on the Site (articles, page metadata, images) and serves it via API. Storyblok cookies (such as sb-preview) only operate when you are logged into the Storyblok visual editor. See Storyblok's Privacy Policy.

  • Domain registrar / DNS provider — operates the DNS for pbdesk.com and processes only the lookups needed to direct your browser to the hosting provider.

  • GitHub, Inc. — source-code hosting. May serve embedded gist or repository previews if such embeds are present on a page. See GitHub's Privacy Statement.

We do not transfer personal information to additional sub-processors without updating this Policy. We do not sell or rent personal information.

8. International data transfers

PBDesk is operated from the United States, and our service providers may store and process information in the United States, the European Union, the United Kingdom, and other regions in which their global infrastructure is located. Where personal information is transferred from the EU/UK/Switzerland, we rely on appropriate safeguards (such as the European Commission's Standard Contractual Clauses) put in place by our service providers.

9. Data retention

We retain personal information only for as long as necessary to fulfil the purposes described in this Policy, comply with our legal obligations, resolve disputes, and enforce our agreements. Specifically:

  • Server request logs — typically retained by our hosting provider for short rolling windows (commonly 7–30 days) for security and operational diagnostics.

  • Editorial content — retained indefinitely so the Site can serve archived posts, with version history retained by Storyblok.

  • Browser-side preferences (e.g. theme) — retained on your device until you clear your browser storage.

  • Anything you submit through a future form or comment feature will be retained for the period disclosed at the time of submission, or until you ask us to delete it (subject to Section 11).

10. Sharing and disclosure

We may disclose information:

  • to the service providers listed in Section 7, only as needed to operate the Site;

  • to comply with applicable law, lawful subpoenas, court orders, or other legal process;

  • to investigate, prevent, or respond to fraud, abuse, security incidents, or violations of our terms;

  • to protect the rights, property, or safety of the author, the Site, our service providers, or the public;

  • in connection with a corporate transaction (for example, a merger, financing, acquisition, or sale of assets), in which case any successor will be bound by this Policy or one no less protective; and

  • with your consent or at your direction.

11. Your privacy rights

Depending on where you live, you may have one or more of the following rights with respect to personal information about you:

  • Right of access — confirm whether we process information about you and obtain a copy.

  • Right to rectification — correct inaccurate or incomplete information.

  • Right to erasure (right to be forgotten) — ask us to delete information, subject to limited legal exceptions.

  • Right to restrict or object to processing — including the right to object to processing based on legitimate interests.

  • Right to data portability — receive your information in a structured, machine-readable format where the processing is based on consent or contract and is carried out by automated means.

  • Right to withdraw consent — at any time, where processing is based on consent.

  • Right to lodge a complaint with your local data-protection authority, including the EU member-state regulators, the UK ICO, or the equivalent body in your country.

California residents (CCPA / CPRA) also have the rights to know what categories of personal information are collected and disclosed, to delete personal information, to correct inaccurate personal information, to limit the use of sensitive personal information, and to opt out of the sale or sharing of personal information. PBDesk does not sell or share personal information as those terms are defined under the CCPA.

Because the Site does not require accounts and does not collect direct identifiers from anonymous readers, we may be unable to fulfil a rights request without additional information from you that allows us to locate the relevant data. Where we can verify your identity, we will respond within the period required by applicable law (typically 30–45 days).

12. Children's privacy

The Site is not directed to children under the age of 13 (or under 16 in the European Economic Area / United Kingdom, where applicable). We do not knowingly collect personal information from children. If you are a parent or guardian and believe a child has provided personal information to the Site, please contact us so we can delete it.

13. Security

We rely on industry-standard practices provided by our hosting and CMS providers to protect information against unauthorised access, alteration, disclosure, or destruction. The Site is served over HTTPS, and access to administrative interfaces is restricted by strong authentication. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.

14. Third-party links and embedded content

The Site contains links to, and may embed content from, third-party websites and services. Those third parties have their own privacy practices that we do not control and are not responsible for. We encourage you to read the privacy policies of any third party whose content or service you interact with from the Site.

15. Changes to this Policy

We may update this Policy from time to time. When we do, the Last updated date at the top of this page will change. Material changes will be highlighted on the home page or via the RSS feed for a reasonable period. Your continued use of the Site after a change becomes effective constitutes acceptance of the updated Policy.

16. Governing law

This Policy is governed by the same law and venue as set out in the Disclaimer & Terms of Use, subject to any non-waivable rights you may have under the mandatory law of your country of habitual residence.

This page is provided for general information and is not legal advice. If you need legal advice tailored to your situation, please consult a qualified lawyer in your jurisdiction.