Privacy Policy

We may collect the following information when you use this website:

• Name
• Email address
• Information you submit through forms or messages
• Account information created when you sign in
• IP address
• Browser type and version
• Device and usage information
• Pages visited and interactions with the website
• Cookies and session information

This website uses Google OAuth to allow users to sign in with their Google Account instead of creating and storing a password.

When you choose to sign in with Google, the application requests the following OAuth scopes:

• openid
• https://www.googleapis.com/auth/userinfo.email
• https://www.googleapis.com/auth/userinfo.profile

The application accesses and stores only the following Google user data:

• Your Google account name
• Your Google account email address
• Your Google account ID

The application does not access, collect, store, or interact with:

• Gmail messages or attachments
• Google Drive files or file metadata
• Google Calendar events
• Google Contacts
• Google Sheets
• Google Photos
• Any other Google account content

We do not store Google OAuth access tokens or Google OAuth refresh tokens.

Google user data is used only to:

• Authenticate you securely
• Create and maintain your account on this website
• Identify your account when you log in
• Allow you to access tools or features available to signed-in users
• Avoid storing passwords for your account

We do not use Google user data for advertising, retargeting, profiling, credit decisions, or selling data.

We do not use Google user data to train artificial intelligence or machine learning models.

The use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Where applicable under UK GDPR, we process personal data on the following bases:

• Performance of a contract or steps taken before entering into a contract, where we provide website account access or tools you request.
• Legitimate interests, where necessary to operate, secure, and improve the website.
• Consent, where required for optional cookies or similar technologies.
• Legal obligation, where we must retain or disclose information to comply with applicable law.

This website may use cookies and similar technologies.

For logged-in users, we use our own authentication cookies, including access and refresh tokens, to keep users signed in. These are application session tokens for this website and are not Google OAuth access tokens or Google OAuth refresh tokens.

Authentication cookies are configured as httpOnly, use Secure in production, and use SameSite=Lax.

We may also use cookies or similar technologies to improve the website, remember preferences, measure performance, or understand how visitors use the website. If analytics tools are used, they are used to understand website performance and usage, not to sell personal data or profile users using Google account data.

Personal data is stored on infrastructure hosted on a Hetzner VPS.

We use appropriate technical and organisational measures to protect personal data, including:

• HTTPS encryption in transit
• Secure server configuration
• Access controls
• HTTP-only authentication cookies
• Secure production cookies
• Database access restrictions
• Reasonable monitoring and maintenance of the website and server environment

No method of transmission or storage is completely secure, but we take reasonable steps to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure.

We do not sell or rent personal data.

We do not share Google user data with third parties for advertising, retargeting, profiling, or resale.

We may share limited personal data only where necessary with:

• Hosting and infrastructure providers, to operate the website
• Professional advisers, if required for legal, accounting, or compliance purposes
• Authorities or regulators, where required by law
• A successor organisation, if the website or business is transferred, merged, or sold

Any such sharing is limited to what is necessary for the relevant purpose.

We keep account data, including Google account name, email address, and Google account ID, for as long as your website account remains active or until you request deletion.

If you request deletion of your account or personal data, we will delete the relevant personal data within 30 days, unless we are required to retain limited information for legal, security, fraud-prevention, or regulatory reasons.

Deleted data may remain in backups for a limited period before being overwritten or deleted according to normal backup processes.

You can request deletion of your personal data or website account by:

• Emailing [email protected]
• Using the contact form at https://j-mcd.com/contact

Please include the email address associated with your account so we can identify the relevant data.

If you contact us through the website contact form, we use the information you provide only to receive, review, and respond to your message.

Depending on your location and applicable law, you may have rights to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Request deletion of your data
• Restrict or object to certain processing
• Request a copy of your data
• Withdraw consent where processing is based on consent

To exercise these rights, contact [email protected].

If you are in the UK and are unhappy with how your data is handled, you may contact the Information Commissioner's Office at https://ico.org.uk.

This website may contain links to other websites. We are not responsible for the privacy practices or content of those websites. You should review their privacy policies before providing personal data to them.

We may update this Privacy Policy from time to time.

If we make material changes to how we access, use, store, or share Google user data, we will update this Privacy Policy and, where required, ask users to consent to the updated terms before using Google user data in a new way.