Privacy Policy

Last update: 14 March 2026.

This Privacy Policy for Gattoni web development ('we', 'us', or 'our'), describes how and why we access, collect, store, use, and/or share your personal information when you use our website, including when you:

• Visit our website.
• Use the website's contact form.

We prioritise and respect your privacy and are committed to protecting it.

By using this Website, you consent to the practices described in this policy.

If you have any questions about this privacy policy, please contact us at melissa@gattoniwebdev.com.

1. The Types Of Personal Information we collect:

• Your name
• Your email address
• Your enquiry
• A privacy-protected version of your IP address (for rate limiting purposes only)

2. How do we collect It?

We collect the personal information you provide once you submit it via the contact form on this website.

3. Why do we collect it?

We collect it in order to:

• Respond to your enquiries, and to facilitate any future delivery of services to you.
• To comply with any applicable legal obligations.

4. Who do we share it with?

The third party services we may share personal information with are as follows:

Website Hosting

• Heroku

Email delivery platform:

• Mailtrap

Email storage:

• Gmail

Key-Value Database for Rate Limiting:

• Upstash Redis

5. Cookies

What are Cookies? A cookie is a small text file stored in your browser when you visit a website. It is sent back to the originating server on each subsequent visit, allowing the site to recognise your browser and maintain basic functionality.

We use the following cookies in our website:

• Rails 8 default session cookie: in combination with the CSRF Token Cookie, it protects against forged requests (CSRF). It expires when you close your browser.
• Rails CSRF Token Cookie: Protects form submissions against cross-site request forgery (CSRF) attacks — a standard web security measure. It expires when you close your browser.

6. Data Storage, Security aqnd Retention

We process your personal information securely using Heroku (for application hosting) and Mailtrap (for email delivery).

When you submit the contact form on our website, your details are processed by Heroku, passed to Mailtrap for delivery, and received and stored it in our Gmail inbox. Both Heroku and Mailtrap may temporarily process and retain your data in transit as part of this process.

To protect your data in transit, Heroku uses HTTPS and TLS (Transport Layer Security) encryption, which ensures your information is securely transmitted and protected from unauthorised access or tampering.

Additionally, Mailtrap is an ISO 27001 certified platform, meaning it meets internationally recognised standards for information security management.

Please note that your data may be stored on servers outside of Australia. We ensure any overseas storage meets the standards required under the Australian Privacy Principles.

Where your data is processed:

Heroku is hosted on Amazon Web Services (AWS) infrastructure, with servers located in the United States.

Mailtrap is hosted in the USA on AWS and Google servers.

Google (Gmail) operates in data centres globally.

We take reasonable steps to protect your data from unauthorised access, misuse, or loss.

Retention:

Your data is kept only for as long as we need it. When it is no longer needed, we will securely delete or de-identify it.

Rate Limiting and Spam Prevention:

To protect our contact form from abuse and spam, we temporarily record a privacy-protected version of your IP address when you submit a message. Your actual IP address is never stored — instead, it is converted into an unreadable code (a one-way hash) that resets daily and cannot be used to identify you.

This data is used solely to limit the number of submissions from a single source. It is stored securely and automatically deleted after a reasonable time.

No personal information is retained from this process, and it is never shared with third parties.

This data is stored temporarily in a secured, encrypted cache (Upstash Redis) using TLS encryption in transit. No raw IP addresses are logged or stored at any point during this process.

If our systems detect an unusual volume of submissions from a single source, further submissions may be temporarily declined. Legitimate users who encounter this can try again after a short waiting period.

This processing is carried out on the basis of our legitimate interest in maintaining the security and integrity of our website.

7. Access, Correction and Complaints

To request to review, update, or delete your personal information, or if you have a privacy complaint, please email us at melissa@gattoniwebdev.com, and we will respond to your request within a reasonable time.

8. Contact Details and Privacy Policy updates

If you have questions or comments about this Privacy Policy, please email us at melissa@gattoniwebdev.com.

We may update this Privacy Policy from time to time, and we will update the "Last update" date of this document each time we make changes to this page.

We encourage you to review our Privacy Policy frequently for the latest updates on how we are protecting your personal information.