Privacy

Who we are

engineer/ish is operated by Childish Technology AB, a company registered in Sweden.

c/o Helio Stockholm City
Malmskillnadsgatan 29
111 57 Stockholm, Sweden

Childish Technology AB is the data controller for the processing described on this page. We have not appointed a Data Protection Officer; our scale and activities do not require one.

What we collect

When you write to us using the contact form, your mail client sends an email to hi@engineeri.sh containing your name, optionally your organization, your email address, and your message. The site itself does not transmit any of this data — the form hands submission to your mail client, which sends from your own provider.

Anything you write directly to an address at engineeri.sh is received the same way: as an email in our inbox.

Why we use it

We use the information you send to respond to your inquiry, evaluate potential collaboration, and carry on any follow-up business correspondence you initiate.

The legal basis is GDPR Art. 6(1)(f) — our legitimate interest in responding to unsolicited business correspondence and in evaluating potential work. We do not rely on consent; we do not do marketing. If you would rather we not reply, tell us and we will not.

Who else sees it

When you load a page on this site, it is served by Vercel Inc., our hosting provider. As part of serving the response, Vercel handles the request at its edge — this includes your IP address, user agent, the URL path, and similar request metadata that any HTTP server receives. These edge logs are a byproduct of operating the site, not content we collect, and are not joined to any other data we hold. Vercel acts as our processor under Vercel’s Data Processing Addendum, which implements the Art. 28 obligations GDPR places on processors.

For pageview analytics we use Vercel Web Analytics, a cookieless product from Vercel Inc. (integrated via the @vercel/analytics Astro component). It is enabled on our Vercel deployment; the tracker script is served same-origin from the Vercel edge that hosts this site, and pageview beacons post to the same origin. Analytics data is processed under Vercel’s DPA (linked above) alongside hosting data. See the “Cookies, client-side storage, and analytics” section below for the specific categories of data collected, retention, legal basis, and your right to object.

On our side, your email is received and stored by Google Workspace. Google Ireland Limited acts as our processor under Google’s Cloud Data Processing Addendum, which implements the Art. 28 obligations GDPR places on processors. We do not share the contents of your email with any other recipient on our side.

Before your email reaches us, it passes through your own email provider’s infrastructure. That is outside our visibility and control; their handling is governed by your agreement with them.

International transfers

Vercel Inc. is based in the United States. Edge logs from loading this site, and pageview signals handled by Vercel Web Analytics, may be transferred to the US as part of normal service operation. Vercel is certified under the EU-US Data Privacy Framework (listed under Vercel Inc.), which is the primary safeguard we rely on for that transfer. Vercel’s Data Processing Addendum additionally incorporates the Standard Contractual Clauses as a fallback safeguard.

Google Workspace may transfer email content to the United States as part of normal operation of the service. Google LLC is certified under the EU-US Data Privacy Framework, which is the primary safeguard we rely on for that transfer. In addition, Google’s Cloud Data Processing Addendum incorporates the Standard Contractual Clauses (Module 2) that govern the transfer from Google Ireland Limited to Google LLC, as an additional safeguard.

You can obtain a copy of these safeguards via the addenda linked above, or by writing to privacy@engineeri.sh.

Cookies, client-side storage, and analytics

The site sets no cookies. We run cookieless pageview analytics — Vercel Web Analytics — so we can understand which pages are read. Preview deployments (*.vercel.app) do not submit visitor data to the analytics backend; by default, only the production deploy is tracked.

Vercel Web Analytics collects a narrow set of signals per pageview: the URL path, a coarse country derived server-side from your IP address (the IP itself is hashed and discarded within 24 hours; it is never stored), the referrer (where you came from), and your operating system and browser family. No cookies, no session replay, no cross-site identifiers, no persistent client storage, no custom events beyond pageviews. The legal basis is GDPR Art. 6(1)(f) legitimate interest in understanding aggregate reader interest on an editorial / research-lab surface. Retention: the IP-derived session hash is kept for at most 24 hours; aggregated pageview counts are retained indefinitely.

Your right to object under GDPR Art. 21 applies: email privacy@engineeri.sh and we will stop processing your pageview signals insofar as we can identify them (which is limited by the cookieless design). A technical self-service opt-out is also available: set localStorage.va-disable = "1" in your browser’s devtools on any page of the site, and the tracker will no-op on subsequent loads.

The theme control in the footer writes a single value to sessionStorage — the key theme, holding your chosen System / Light / Dark preference. It is stored for the duration of the browser session, not persisted to disk as a cookie, and never transmitted to any server. Its legal basis is strictly necessary under ePrivacy Art. 5(3): you explicitly requested the preference by interacting with the control.

This page will be updated before any of the above changes.

Retention

We keep received email while the conversation is live and for a reasonable period afterward — up to 24 months — after which it is reviewed and deleted unless there is a specific reason to keep it longer.

Your rights

Under the GDPR you have the right to:

• access to the personal data we hold about you;
• rectification if the data is incorrect;
• erasure of the data;
• restriction of our processing;
• objection to our processing;
• portability of the data in a machine-readable format.

We do not process any data on the basis of your consent today, so there is no consent for you to withdraw. We do not use any form of automated decision-making or profiling.

Providing data to us is voluntary. Nothing on this site is statutorily or contractually required.

How to exercise your rights

The preferred channel for rights requests is privacy@engineeri.sh. We handle requests within the one-month window GDPR Art. 12(3) requires. Requests that arrive at hi@engineeri.sh are still honored — we will not refuse a valid request based on which of our addresses you used.

You also have the right to lodge a complaint about our processing of your personal data with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY). We ask that you contact us first so we can try to resolve the issue — but this is a request, not a precondition. You can file a complaint directly via IMY’s complaint form.

Changes to this notice

We will update this notice when our processing changes substantively — for example, if we introduce analytics, add a new processor, or change what personal data we collect. The “Last updated” date at the top reflects the most recent substantive change. Typography or layout edits do not bump the date.