Privacy Policy
Effective Date: October 27, 2025
Last Updated: October 27, 2025
Introduction
Welcome to toddbrashear.net. This privacy policy explains how I collect, use, and protect information when you visit my portfolio website.
I am committed to protecting your privacy and being transparent about data practices. This website collects minimal information necessary to understand how visitors use the site and to improve the user experience.
Information I Collect
Automatically Collected Information
When you visit this website, I automatically collect certain information through Google Analytics, including:
- Page views: Which pages you visit and how long you spend on them
- Referral source: How you found this site (e.g., search engine, social media link, direct visit)
- Device information: Type of device (mobile, desktop, tablet), browser type, and operating system
- Approximate location: City and region based on your IP address (country and city level only)
- Interaction data: Button clicks, scroll depth, and navigation patterns
- Technical data: Screen resolution, language preference
Information NOT Collected
I do NOT collect:
- Your name, email address, or phone number (unless you voluntarily provide it)
- Precise geolocation data
- Personally identifiable information
- Payment information
- Social security numbers or government IDs
How I Collect Information
Google Analytics
This website uses Google Analytics 4, a web analytics service provided by Google LLC ("Google"). Google Analytics uses cookies and similar technologies to collect and analyze information about website usage.
Google Analytics Configuration:
- IP Anonymization: Enabled (IP addresses are not stored)
- Data Retention: 14 months
- Advertising Features: Disabled (no ad personalization)
- User-ID Tracking: Not implemented
Cookies
This website uses the following cookies:
| Cookie Name | Purpose | Duration | Type |
|---|---|---|---|
_ga |
Distinguishes unique visitors | 2 years | Analytics |
_ga_<container-id> |
Maintains session state | 2 years | Analytics |
What are cookies? Cookies are small text files stored on your device that help websites remember information about your visit.
How I Use Your Information
I use the collected information for the following purposes:
1. Analytics and Site Improvement
- Understanding which content is most valuable to visitors
- Identifying technical issues or broken links
- Improving website navigation and user experience
2. Performance Monitoring
- Measuring page load times
- Detecting errors or problems
- Optimizing site performance
3. Content Strategy
- Determining which projects generate the most interest
- Understanding visitor demographics (age range, interests - aggregated only)
- Planning future content based on visitor interests
4. Professional Development
- Demonstrating analytics implementation skills
- Showcasing privacy-first configuration
- Building evidence for SOC 2 compliance portfolio project
I do NOT use your information for:
- Advertising or marketing campaigns
- Selling to third parties
- Creating detailed user profiles
- Targeting ads based on your behavior
Information Sharing and Disclosure
Third-Party Service Providers
Google Analytics (Google LLC)
- Purpose: Web analytics and site usage measurement
- Data Shared: Page views, device information, anonymized location data, interaction events
- Data Processing Agreement: Automatic via Google Analytics Terms of Service
- Privacy Policy: https://policies.google.com/privacy
- Compliance: Google maintains SOC 2 Type II certification and GDPR compliance
Google processes analytics data only as required to provide the Google Analytics service. I have configured Google Analytics to minimize data sharing:
- ✅ Product improvement (no ad targeting)
- ✅ Benchmarking (aggregated, de-identified data)
- ✅ Technical support (as-needed access only)
- ❌ Marketing and business recommendations (disabled)
Data Not Sold or Rented
I do not sell, rent, or trade your information to third parties for their marketing purposes.
Legal Requirements
I may disclose information if required by law, legal process, or government request, or if necessary to:
- Comply with legal obligations
- Protect and defend my rights or property
- Prevent fraud or security issues
- Protect the safety of users or the public
Data Security
I implement reasonable security measures to protect information collected through this website:
Technical Safeguards:
- HTTPS encryption for all traffic (SSL/TLS certificate via AWS Certificate Manager)
- Secure hosting infrastructure (AWS S3 + CloudFront)
- Regular security updates and monitoring
- AWS CloudTrail logging for audit trails
- AWS GuardDuty for threat detection
Organizational Safeguards:
- Limited access to analytics data (only accessible by me)
- Regular review of third-party security certifications
- Privacy-first configuration choices
- Data retention limits (14 months maximum)
Limitations: While I strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. I cannot guarantee absolute security.
Your Privacy Rights and Choices
Opt-Out Options
You have several options to control data collection:
1. Browser Settings
- Enable "Do Not Track" in your browser settings
- Block third-party cookies
- Use private/incognito browsing mode
2. Google Analytics Opt-Out
Install the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout
3. Ad Blockers
- Install browser extensions like uBlock Origin, Ghostery, or Privacy Badger
- These typically block analytics tracking automatically
4. Cookie Management
- You can delete cookies through your browser settings
- Note: Blocking cookies may affect website functionality
Your Data Rights
Depending on your location, you may have the following rights:
- Access: Request a copy of the data collected about you
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your data
- Restriction: Request limitation of data processing
- Objection: Object to certain types of processing
- Portability: Request data in a machine-readable format
To exercise these rights: Contact me at todd@toddbrashear.net
Response Time: I will respond to requests within 30 days.
Data Retention
- Google Analytics Data: Automatically deleted after 14 months
- Server Logs: Retained according to AWS CloudTrail settings (typically 90 days)
- Cookies: Expire after 2 years or when you clear your browser cookies
Children's Privacy
This website is not directed to children under the age of 13 (or 16 in the European Union). I do not knowingly collect personal information from children. If you believe a child has provided information through this site, please contact me immediately so I can delete it.
International Data Transfers
This website is hosted in the United States using Amazon Web Services (AWS). If you are visiting from outside the United States, your information will be transferred to, stored, and processed in the United States.
EU Visitors: Google Analytics participates in relevant data protection frameworks and provides appropriate safeguards for international data transfers.
Third-Party Links
This website contains links to external websites (e.g., LinkedIn, GitHub, project repositories). I am not responsible for the privacy practices of these third-party sites. I encourage you to read their privacy policies.
External Links Include:
- LinkedIn profile
- GitHub repositories
- Project demonstrations
- Documentation resources
Changes to This Privacy Policy
I may update this privacy policy from time to time to reflect:
- Changes in data practices
- New features or services
- Legal or regulatory requirements
- Industry best practices
When I update this policy:
- The "Last Updated" date at the top will change
- Material changes will be noted prominently on the website
- Continued use of the website after changes constitutes acceptance
Review Frequency: I recommend reviewing this policy periodically to stay informed about how your information is protected.
California Privacy Rights
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):
Right to Know: Request information about data collected, used, and shared
Right to Delete: Request deletion of your personal information
Right to Opt-Out: Opt out of the "sale" of personal information (Note: I do not sell personal information)
Right to Non-Discrimination: You will not be discriminated against for exercising your rights
To exercise these rights, contact me using the information below.
European Privacy Rights (GDPR)
If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):
Legal Basis for Processing:
- Legitimate interests (analytics and site improvement)
- Consent (through continued use of the website)
Your GDPR Rights:
- Right of access and portability
- Right to rectification
- Right to erasure ("right to be forgotten")
- Right to restriction of processing
- Right to object to processing
- Right to withdraw consent
- Right to lodge a complaint with a supervisory authority
Data Protection Authority: You may contact your local data protection authority to file a complaint.
Contact Information
If you have questions, concerns, or requests regarding this privacy policy or data practices, please contact:
Todd Brashear
Email: todd@toddbrashear.net
Website: https://www.toddbrashear.net
Response Time: I aim to respond to all inquiries within 5 business days.
Commitment to Privacy
As someone building a career in governance, risk, and compliance, I take privacy seriously. This website demonstrates a privacy-first approach:
- ✅ Minimal data collection (only what's necessary)
- ✅ Transparent practices (clear disclosure)
- ✅ User control (multiple opt-out options)
- ✅ Secure infrastructure (AWS security services)
- ✅ Third-party oversight (vetted vendors with SOC 2 compliance)
- ✅ Regular reviews (quarterly assessment of data practices)
Privacy is not just a legal requirement—it's a professional commitment and personal value.
Compliance Framework
This privacy policy is designed to comply with:
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
- Google Analytics Terms of Service
- SOC 2 Trust Services Criteria (specifically CC1.2 - Communication)
- Industry best practices for privacy-first analytics
Acknowledgments
This privacy policy was created as part of a SOC 2 Type 1 compliance demonstration project. While I am not a legal professional, I have researched and implemented privacy best practices based on:
- GDPR guidance from EU regulatory authorities
- CCPA requirements from the California Attorney General
- Google Analytics documentation
- SOC 2 Trust Services Criteria
- NIST Cybersecurity Framework privacy principles
Disclaimer: This privacy policy is for educational and professional demonstration purposes. For legal advice regarding privacy compliance, consult with a qualified attorney.
Last reviewed: October 27, 2025
Next review: January 27, 2026
Version History
| Version | Date | Changes |
|---|---|---|
| 1.0 | October 27, 2025 | Initial privacy policy created with Google Analytics 4 implementation |