Thomas BardenBack to portfolio

Privacy Policy

Last updated 12 June 2026

This Privacy Policy describes how personal information is collected, used, disclosed, and protected when you visit this website or communicate with Thomas Barden.

On this page
  1. About this Privacy Policy
  2. Information collected
  3. How personal information is used
  4. Legal bases for processing
  5. Cookies, analytics, and tracking
  6. Hosting and delivery through Vercel
  7. DNS, security, and delivery through Cloudflare
  8. Contact form delivery through Resend
  9. Contact form rate limiting through Upstash
  10. Email provided by Apple iCloud Mail
  11. How personal information is disclosed
  12. How long personal information is retained
  13. Your privacy rights
  14. Security
  15. Changes to this Privacy Policy

About this Privacy Policy

This Privacy Policy applies to thomasbarden.com and to communications sent to email addresses associated with that domain (collectively, the "Services"). In this policy, "personal information" means information relating to an identified or identifiable individual.

Thomas Barden is responsible for personal information handled directly through the Services. Questions, concerns, and requests relating to this policy may be sent to hi@thomasbarden.com.

Information collected

The Website does not currently offer account registration, payments, or facilities for visitors to upload public content. It does provide a contact form. The information processed depends on how you interact with the Services.

If you use the contact form or make contact by email, personal information may include:

  • your name and email address;
  • the subject of your enquiry;
  • the contents of your message;
  • your acceptance of the Terms of Use and acknowledgement of this Privacy Policy;
  • any other information you choose to provide; and
  • information needed to respond to or manage the correspondence.

When you visit the Website, infrastructure providers may automatically process technical information such as your IP address, approximate location derived from that address, browser and system details, requested pages, timestamps, request information, and security or diagnostic logs.

How personal information is used

Personal information is processed where necessary to:

  • respond to enquiries and professional opportunities;
  • manage ongoing correspondence or project discussions;
  • maintain the security and reliability of the website;
  • establish, exercise, or defend legal rights; and
  • meet applicable legal obligations.

Legal bases for processing

Where data-protection law requires a legal basis, personal information may be processed because it is necessary for legitimate interests in communicating, presenting a professional portfolio, and operating secure and reliable Services; to take steps at your request before entering into an agreement; to perform an agreement; to comply with a legal obligation; or with your consent where consent is appropriate.

Cookies, analytics, and tracking

The Website does not currently use advertising cookies, analytics cookies, behavioural advertising, or visitor-profiling tools. Infrastructure providers may use strictly necessary technologies to deliver, secure, and operate their services. If non-essential tracking is introduced, this policy and any consent controls required by law will be updated before that processing begins.

Accessibility and colour preferences may be stored in your browser's local storage so they can be restored on later visits. These settings remain on your device, are not sent to the website server, and can be removed by using the accessibility panel's reset control or clearing browser storage.

Hosting and delivery through Vercel

This website is hosted and delivered through Vercel Inc. Vercel acts as a service provider and data processor for customer data processed on behalf of this website, while it may act as an independent controller for certain service-generated and account information.

Vercel may process website traffic information including visitor IP addresses, general location derived from an IP address, request and system configuration information, and service-generated logs. This processing is used to provide content delivery, hosting, security, fraud and abuse prevention, troubleshooting, maintenance, and performance of the service.

Vercel is based in the United States and may process information in the United States and other countries. Where required, Vercel states that it uses safeguards including the 2021 European Commission Standard Contractual Clauses and participates in the EU-U.S. Data Privacy Framework.

Vercel may use subprocessors to provide its infrastructure and related services. Its current subprocessor information is available through the Vercel Security and Compliance Centre.

Further information is available in Vercel's Privacy Notice and Data Processing Addendum.

Vercel privacy enquiries can be sent to privacy@vercel.com or by post to Vercel Inc., 440 N Barranca Avenue #4133, Covina, CA 91723, United States.

DNS, security, and delivery through Cloudflare

This website uses Cloudflare, Inc. for domain name system services, traffic routing, content delivery, performance, and security. Because the domain is proxied through Cloudflare, visitor requests may pass through Cloudflare's network before reaching the website host.

Cloudflare may process information including IP addresses, traffic routing data, system configuration information, request details, and other information about traffic to and from the website. This is used to route requests, improve availability and performance, identify threats, prevent abuse, and protect the website.

The contact form also uses Cloudflare Turnstile to distinguish legitimate submissions from automated abuse. When you use the form, Turnstile may process technical and interaction information such as your IP address, browser characteristics, device information, and challenge results. A verification token is sent to this website and checked with Cloudflare before the enquiry is accepted.

Cloudflare operates a global network and may process information internationally. Details about its processing, safeguards, retention, and privacy rights are available in Cloudflare's Privacy Policy and Data Processing Addendum.

Contact form delivery through Resend

Contact-form submissions are delivered using Resend, a transactional email service provided by Resend, Inc. Resend processes the information entered into the form, including your name, email address, subject, message, and submission details, to transmit the enquiry to an email address associated with thomasbarden.com.

After a successful submission, Resend also sends a brief confirmation to the email address you provided. This confirms receipt of the enquiry and is not used for marketing.

Resend may process service and delivery information needed to send, secure, troubleshoot, and prevent abuse of its email service. Information may be processed in the United States or other countries where Resend and its service providers operate.

Resend delivery webhooks report whether a message was delivered, delayed, bounced, complained about, failed, or suppressed. The website records limited event metadata in deployment logs, including the event type, Resend email identifier, timestamp, message category, and any applicable failure category. Message contents and recipient addresses are not intentionally written to these webhook logs.

Further information is available in Resend's Privacy Policy.

Contact form rate limiting through Upstash

The contact form uses Upstash Redis to enforce short-lived submission limits and reduce automated abuse. Before a rate-limit entry is created, the visitor's network address is transformed into a one-way hashed identifier. The raw address is not intentionally stored in the rate-limit database.

Upstash may process the hashed identifier, request timing, and rate-limit counters to provide this service. Entries expire automatically after the relevant limiting period. Further information is available in Upstash's Privacy Policy.

Email provided by Apple iCloud Mail

Email sent to addresses using the thomasbarden.com domain is received and stored using Apple iCloud Mail. Apple may process the sender's name, email address, message contents, attachments, delivery information, and security or diagnostic data to deliver, store, synchronise, secure, and support the email service.

For individuals in the European Economic Area, the United Kingdom, and Switzerland, Apple states that personal data is controlled by Apple Distribution International Limited in Ireland. Apple may process data through affiliated companies and service providers in other countries and states that relevant international transfers are protected by safeguards including Standard Contractual Clauses.

Further information is available in Apple's Privacy Policy. Privacy questions and rights requests can be submitted through Apple's privacy contact page.

How personal information is disclosed

Personal information is not sold. It may be disclosed to service providers that support hosting, content delivery, email, security, professional advice, or other necessary operations. Providers are permitted to process information only for the relevant services and subject to applicable contractual, confidentiality, and data-protection requirements.

Information may also be disclosed where reasonably necessary to comply with law, respond to lawful requests, protect rights or security, investigate misuse, or establish, exercise, or defend legal claims.

Links to GitHub and LinkedIn take you to third-party websites. Their handling of information is governed by their own privacy policies.

How long personal information is retained

Email correspondence and related information are kept only for as long as reasonably needed to respond, manage the relevant relationship, maintain necessary records, resolve disputes, or meet legal obligations. Retention depends on the nature of the enquiry, whether a professional relationship follows, and whether records are needed for security, legal, or administrative purposes.

Rate-limit entries expire automatically after the applicable limiting period. Accessibility preferences remain in browser storage until you reset them or clear that storage. Delivery, security, and infrastructure logs are retained according to the relevant provider's configured retention periods and operational requirements. Where information is no longer needed, it is deleted or anonymised where appropriate.

Your privacy rights

Depending on applicable law and the circumstances, you may have rights to access, correct, erase, restrict, or object to the use of your personal information, and to receive portable copies of certain information.

To exercise a right, email hi@thomasbarden.com. You may also have the right to complain to the Data Protection Commission or another competent supervisory authority.

Security

Reasonable technical and organisational measures are used to protect personal information. No internet or email system can be guaranteed to be completely secure.

Changes to this Privacy Policy

This Privacy Policy may be revised to reflect changes to the Services, providers, data practices, or applicable requirements. Updated versions will be posted on this page and the "Last updated" date will be revised.