Skip to main content
Adimis
Back to home

Legal

Privacy Policy

Effective: 2026-05-05 · Last updated: 2026-05-06

This Privacy Policy explains how Aditya Mishra (operating as "Adimis", "we", "us", or "I") collects, uses, discloses and protects personal information when you visit adimis.in (the "Site"), contact me through it, or engage me for professional services.

Read carefully. By using the Site or submitting information through it, you confirm you have read and understood this policy.

1. Who is the data controller

The data controller for personal information collected through the Site is Aditya Mishra, an independent engineering practice operating under the trade name "Adimis" based in India. For all privacy questions, requests, or complaints, contact: aditya.mishra@adimis.in.

2. Information I collect

2.1 Information you submit through the contact form

When you fill out the contact form on the Site, I collect:

  • Your name (or company name)
  • Your email address
  • The message body you write
  • Any additional information you choose to include (project details, timeline, links)

2.2 Information collected automatically

Like most websites, the Site automatically collects technical data required to deliver the page and protect the service:

  • IP address (hashed): A one-way SHA-256 hash of your IP address is computed server-side for rate-limiting and spam prevention. The raw IP address is never stored or forwarded.
  • User-agent string, referrer URL, and basic device information
  • Aggregated, anonymized usage data via Microsoft Clarity - loaded only if you grant Analytics consent (see Section 4 and Section 5).
  • Application logs and error traces (no message content stored)
  • AI Interaction Data: As of 2026, per the EU AI Act (Art. 52), I disclose that AI-driven processes may be used to assist in categorizing inbound enquiries or providing automated site functionality.

2.2a Blog interaction data (likes & reactions)

Blog posts include a reaction feature (Like, Insightful, Fire, Rocket). When you react to a post, the following data may be collected and forwarded to the CMS for deduplication and count tracking:

  • Without Analytics consent: An anonymized session hash (cleared when you close the browser tab). No persistent identifier is created or stored.
  • With Analytics consent: User-agent string, screen resolution, and timezone - combined as a non-persistent browser fingerprint for deduplication. This data does not identify you to a named individual and is not used for advertising.

Reaction counts are public; individual reactions are not attributed to any named person.

2.3 Information collected during a client engagement

If you engage me for professional services, additional information is exchanged under a separate written agreement (NDA / MSA / SOW): your business contact details, code access, infrastructure credentials, and anything reasonably required to deliver the work. That information is governed by the engagement contract first and this policy as a fallback.

2.4 What I do not collect

  • I do not collect payment card information on the Site.
  • I do not knowingly collect information from anyone under 16 years of age, aligning with 2026 US state protections (CA, OR).
  • I do not collect sensitive neural data or biometric identifiers via this Site (per California 2026 updates).
  • I do not buy, sell, rent, or trade contact lists from third parties.

3. Why I collect it (purposes & legal bases)

Personal information is collected and processed only for the purposes listed below, with the corresponding lawful basis under the EU GDPR / UK GDPR. Outside the EU/UK, equivalent local protections apply (including India's Digital Personal Data Protection Act, 2023):

  • To respond to your enquiry - basis: performance of a contract or steps prior to entering one (Art. 6(1)(b)).
  • To deliver and bill for engaged services - basis: contract performance (Art. 6(1)(b)).
  • To protect the Site from abuse (rate-limiting, spam filtering, honeypot detection) - basis: legitimate interest (Art. 6(1)(f)).
  • To improve the Site and content via aggregated analytics - basis: legitimate interest, with opt-out available.
  • To comply with legal obligations - basis: legal obligation (Art. 6(1)(c)).

4. Third-party processors I use

I keep the third-party footprint deliberately small. The following processors may receive limited personal data on my behalf, governed by their own privacy terms and a data-processing agreement where required:

  • Hosting / Edge - the Site is served from a managed hosting platform (e.g., Vercel) that processes IP addresses, request metadata and logs.
  • Microsoft Clarity - anonymized session analytics and heatmaps. Clarity may use cookies and similar technologies; data is aggregated and not used for advertising. Clarity is loaded only if you grant Analytics consent via the privacy banner at the bottom of the page. If your browser sends a Global Privacy Control (GPC) signal, Clarity is never loaded regardless of banner interaction.
  • Email delivery - when I reply to your enquiry, the email is delivered through standard email providers (e.g., Google Workspace) acting as processors.

Contact form submissions and blog reaction data are stored in a self-hosted CMS operated and owned solely by Aditya Mishra. This is internal infrastructure - no third party receives this data.

I do not sell, rent, or share your personal information with third parties for advertising, profiling, or marketing purposes.

5. Cookies, Consent, and Universal Opt-Out (GPC)

The Site uses a minimal set of cookies:

  • Strictly necessary: Theme preference (light/dark). Cannot be disabled.
  • Analytics (consent-gated): A consent record cookie (adimis_consent) is set for 12 months when you interact with the privacy banner. Microsoft Clarity session analytics are loaded only when Analytics consent is granted.

Consent banner: On your first visit a banner appears at the bottom of the screen with granular toggles for Strictly Necessary, Analytics, and Personalisation. You can revisit these preferences at any time via the “Privacy Preferences” link in the site footer.

Global Privacy Control (GPC): In compliance with 2026 laws in 12+ US states (including CA, CO, TX, and NJ), the Site's middleware detects the Sec-GPC: 1 header sent by your browser. If GPC is active, the consent banner is suppressed and no non-essential tracking is initiated - equivalent to “Reject All” - regardless of any previously stored consent cookie.

You can also block or clear analytics cookies via your browser settings; doing so will not affect your ability to contact me or use the Site.

6. How long I keep it

  • Contact form submissions: retained for up to 24 months from submission, unless an active client engagement requires a longer period for record-keeping.
  • Server / application logs: retained for 30 days, then rotated.
  • Analytics data (Clarity): retained per Microsoft's default retention policy.
  • Engagement records (contracts, invoices): retained for the duration required by applicable tax and accounting law in India (typically 7 years).

7. Your rights

Subject to applicable law, you have the right to:

  • Access the personal information I hold about you;
  • Request correction of inaccurate or incomplete data;
  • Request deletion of your data (the "right to be forgotten");
  • Restrict or object to certain processing;
  • Receive your data in a portable, machine-readable format;
  • Withdraw consent at any time where consent was the basis for processing;
  • Lodge a complaint with your local supervisory authority (e.g., the ICO in the UK, your national DPA in the EU, or the Data Protection Board of India under the DPDP Act, 2023).

To exercise any of these rights, email aditya.mishra@adimis.in. I will respond within 30 days. Verification of your identity may be required before processing the request.

8. Security

I apply reasonable technical and organisational measures to protect personal information against unauthorised access, alteration, disclosure or destruction: TLS in transit, encrypted storage at rest, least-privilege access, secret rotation, server-side validation, rate limiting, and a honeypot on the contact form. No system is perfectly secure; if a breach materially affects you, I will notify you and the relevant authorities within the timelines required by law.

9. International data transfers

I operate from India and use service providers that may host data in the United States, the European Union, or other jurisdictions. Where personal data is transferred outside the EEA / UK, I rely on the European Commission's Standard Contractual Clauses or another lawful transfer mechanism offered by the processor.

10. Children

The Site and the services offered through it are intended for business contacts and adult professionals. The Site is not directed at children under 16 (the standard threshold across EU and US 2026 privacy frameworks), and I do not knowingly collect their data. If you believe a child has submitted information, contact me and I will delete it.

11. Changes to this policy

I may update this policy to reflect changes in law, technology, or business practice. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be announced on the Site at least 14 days before they take effect.

12. Contact

Questions, requests or complaints about this policy or my handling of your personal information:

Aditya Mishra · operating as Adimis
Email: aditya.mishra@adimis.in
Web: adimis.in