Privacy Policy.

Plain English. What adevstudio.xyz collects, why, and how to ask for deletion. Last updated April 26, 2026.

1. The short version

The site is a static portfolio. There are no tracking cookies, no advertising, and no analytics that identify you personally. The only place your data is collected is the contact form, and only what you choose to type in.

2. What gets collected, by feature

Contact form

When you submit the contact form, the site collects the name, email, and message you typed. These are emailed to Operator’s personal Gmail inbox via Resend and stored there until manually deleted.

A 6-digit verification code is also generated and sent to your email (OTP flow). The pending verification — your name, email, message, and code — is held in encrypted Redis storage for at most 10 minutes, then auto-deleted.

Rate limiting

Your IP address is hashed and stored in Redis for 1 hour after each contact submission, used only to enforce a 5-per-hour cap. No IPs are logged, sold, or shared.

View counter

The footer shows a per-page view count stored in Redis. The counter is incremented per visit but does not store anything that identifies you (no IP, no fingerprint, no session ID).

Discord presence widget

The Hero section shows Operator’s current Discord status via the public Lanyard API. Only Operator’s own Discord presence is fetched — your Discord account isn’t accessed or affected by viewing the site.

Project uptime widget

Each project card may ping the project’s URL once per page load to show a green/red dot. This sends an HTTP request to the project’s server but doesn’t involve your browser making any third-party calls beyond the page itself.

3. What is NOT collected

Tracking cookies, fingerprints, or persistent identifiers.
Advertising or marketing data — there are no ads on this site.
Your browsing history outside of adevstudio.xyz.
Information about other people you correspond with.
Any data from minors under 13 — the site is not directed at children.

4. Third parties used

Vercel (hosting + edge CDN) — serves the static pages. Vercel may log standard request metadata; see vercel.com/legal/privacy-policy.
Resend (email delivery) — receives contact-form submissions to deliver them to Operator's inbox. See resend.com/legal/privacy-policy.
Upstash Redis (rate-limit + OTP store + view counter) — holds short-TTL counters and tokens.
Abstract API (email validation) — checks the deliverability of the email you submit on the contact form. Abstract receives only the email address, not the message.
Lanyard (lanyard.rest) — public Discord status API; fetches Operator's status only.

Operator does not sell, rent, or share your data with anyone outside the integrations needed to run these features.

5. Email content

Contact-form submissions persist in Operator’s personal Gmail inbox indefinitely (the same way email normally works). You can request deletion at any time by emailing hi@adevstudio.xyz with the subject “delete my contact data” — the relevant emails will be deleted from the inbox within 14 days.

6. Cookies

The site does not set any cookies of its own. If you have browser extensions or are routed through a CDN, those parties may set their own cookies — that’s outside Operator’s control.

7. Security

All traffic is served over HTTPS. The contact-form OTP flow uses encrypted Redis storage with auto-expiring tokens. Server-side environment secrets are stored only in Vercel’s encrypted environment variable system.

If a security incident affecting user data occurs, Operator will post a notice on adevstudio.xyz and contact known affected senders directly where possible.

8. Your rights

You can ask Operator to (a) confirm what data about you is held, (b) delete it, or (c) provide a copy. Email hi@adevstudio.xyz with your request.

9. Changes

Material changes to this policy will update the “last updated” date above.

10. Related

This policy covers the website only. The Daily Dose of Val Discord bot has its own separate Bot Privacy Policy.