Legal

Privacy Policy

Last updated MONTH DAY, YEAR

This Privacy Policy describes how Tom Mazza ("we," "us," or "our") collects, uses, and discloses information about you when you visit thetommazza.com (the "Site") or interact with us through the forms and channels available on the Site (collectively, the "Services").

If you do not agree with this Privacy Policy, please do not use the Services. By using the Services, you agree to the practices described here.

Summary of key points

  • What we collect. Name, email, phone number (optional), message content, and standard technical data your browser sends automatically. We do not collect sensitive personal information.
  • How we use it. To respond to inquiries, operate and secure the Site, comply with law, and analyze how the Site is used so we can improve it.
  • Who we share it with. Service providers who help us deliver the Services (email delivery, hosting, analytics, bot protection). We do not sell or rent personal information.
  • Your rights. You can request access, correction, or deletion of your personal information. Residents of certain US states have additional rights described in Section 11.
  • How to reach us. Email [email protected].

Table of contents

  1. What information do we collect?
  2. How do we use your information?
  3. When and with whom do we share your information?
  4. Cookies and tracking technologies
  5. How long do we keep your information?
  6. How do we keep your information safe?
  7. Do we collect information from minors?
  8. What are your privacy rights?
  9. Controls for Do-Not-Track features
  10. Global Privacy Control
  11. Do US state residents have specific rights?
  12. Updates to this Privacy Policy
  13. How to contact us

1. What information do we collect?

Information you provide to us directly

We collect the personal information you choose to give us when you fill out a form on the Site or otherwise contact us. This includes:

  • Contact form: name, email address, phone number (optional), the message you write, and any optional fields you complete.
  • Email correspondence: when you email us at [email protected], we receive your email address and the content of your message.

We do not require you to create an account or set a password to use any part of the Site.

Information collected automatically

When you visit the Site, certain information is collected automatically:

  • Device and connection data: IP address, approximate location derived from IP, browser type, operating system, screen size, referring URL, and timestamps.
  • Usage data: Pages viewed, links clicked, time spent on pages, and events such as form submissions. Collected via Google Analytics 4 (loaded through Google Tag Manager).
  • Security data: When you submit a form, Cloudflare Turnstile evaluates whether the submission appears to come from a human or a bot.
  • Server and edge logs: Cloudflare (which hosts the Site) maintains standard request logs used to operate the Site and protect against abuse.

What we do not collect

We do not collect or process sensitive personal information (racial or ethnic origin, religion, health information, biometric data, sexual orientation, or government identifiers). We do not knowingly collect information from children under 18.

2. How do we use your information?

  • To respond to your inquiries.
  • To operate and secure the Site.
  • To understand and improve the Site via aggregate analytics.
  • To comply with our legal obligations.

We do not use your personal information to make automated decisions that have legal or similarly significant effects on you. We do not perform profiling for advertising purposes.

3. When and with whom do we share your information?

We share personal information only with the service providers required to operate the Services. We do not sell or rent personal information, and we do not share it for cross-context behavioral advertising.

  • Email delivery (Brevo). Receives the name, email, and message content from contact form submissions to deliver the email.
  • Hosting and edge security (Cloudflare). Cloudflare Pages serves the Site; Cloudflare Turnstile verifies form submissions are not automated.
  • Analytics (Google Analytics 4 via Google Tag Manager). Google receives standard analytics data for the purpose of compiling aggregate usage reports.

We may share information when required by law, or to protect rights, property, or safety. In the event of a merger or sale, information may be transferred as part of that transaction.

4. Cookies and tracking technologies

  • Cloudflare security cookies (e.g. __cf_bm) for bot management — required for the Site to function.
  • Cloudflare Turnstile may set cookies or use local storage to verify form submissions.
  • Google Analytics sets cookies such as _ga to distinguish visitors and sessions.

We do not use cookies for advertising or cross-site tracking. Most browsers let you refuse or delete cookies; doing so may affect some Site functionality.

5. How long do we keep your information?

  • Contact form submissions: retained in our email inbox per standard email retention practices.
  • Analytics data: Google Analytics 4's default retention setting (14 months).
  • Server and security logs: per Cloudflare's standard log retention policy.

If required to keep information longer for legal obligations, we will do so.

6. How do we keep your information safe?

  • TLS encryption for all traffic.
  • Server-side validation and bot protection on form submissions (Turnstile, origin allowlists, honeypot fields).
  • API keys and secrets stored only in encrypted environment variables, never in browser code.

No method of transmission over the internet or method of electronic storage is fully secure. Please report any suspected security issues to [email protected].

7. Do we collect information from minors?

The Services are not directed to children under 18, and we do not knowingly collect personal information from minors. If a minor has provided us with personal information, please contact us and we will delete it promptly.

8. What are your privacy rights?

  • Request access to the personal information we hold about you.
  • Request correction of inaccurate information.
  • Request deletion of personal information we no longer have a legitimate need to keep.
  • Withdraw consent where processing is based on consent.
  • Opt out of further communications.

To exercise any of these rights, email [email protected]. We may need to verify your identity before fulfilling a request.

9. Controls for Do-Not-Track features

There is currently no industry standard for how DNT signals should be handled, and we do not respond to DNT signals at this time.

10. Global Privacy Control

Because we do not sell or share personal information for cross-context behavioral advertising, there is functionally nothing to opt out of when we receive a GPC signal. Our practices already align with what the signal would request.

11. Do US state residents have specific rights?

If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have additional rights under your state's privacy law, including:

  • Right to know what categories of personal information we collect and share.
  • Right to access a copy of your personal information.
  • Right to correct inaccurate personal information.
  • Right to request deletion of your personal information.
  • Right to opt out of sale or sharing for cross-context behavioral advertising (which we do not do).
  • Right to non-discrimination for exercising these rights.
  • In some states, the right to appeal a denial of a privacy request.

To exercise a state-specific right, email [email protected].

12. Updates to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Material changes will be highlighted in the policy or communicated through the Site.

13. How to contact us

If you have questions about this Privacy Policy or wish to exercise any of your rights, contact us at:

Tom Mazza
[email protected]