david kimani.
  • Home
  • About
  • Work
  • Blog
  • Uses
Work with me

Legal

Privacy Policy

Effective 1 July 2026

1. Who we are

This website (davidkimani.dev) is operated by David Kimani, a full-stack engineer based in Kenya. For privacy matters, contact: david@davidkimani.dev.

Kimcard Technologies is a related company also founded by David Kimani. Where the site cross-sells Kimcard products, those products are subject to their own separate privacy terms. This policy covers davidkimani.dev only.

2. What data we collect

Newsletter subscription

When you subscribe to the newsletter we collect your email address and the date and time of your consent (consent timestamp). We use double opt-in: you receive a confirmation email and your subscription is only activated after you click the confirmation link.

Contact form

When you use the contact form we collect your name, email address, and message.

Analytics (Umami)

We use a self-hosted installation of Umami, a privacy-first, cookieless analytics tool. Umami collects anonymous, aggregated data about pages viewed and referrers. It does not use cookies, does not track you across sites, and does not collect any personally identifiable information. Analytics only activate after you give consent via the cookie/analytics banner.

Theme preference

Your light/dark theme choice is saved in localStorage on your device. This is a functional preference — it never leaves your browser and is not transmitted to any server.

3. How and why we use your data

DataPurposeLawful basis (DPA 2019)
Newsletter email + consent timestampSending newsletter updates you opted intoConsent (double opt-in)
Contact form (name, email, message)Responding to your enquiryContract / legitimate interest
Anonymous analytics (Umami)Understanding which content is useful; improving the siteConsent (via analytics banner)
Theme preference (localStorage)Remembering your display preferenceLegitimate interest (functionality)

4. Data processors and transfers

We use the following third-party processors. Where data is processed outside Kenya, we rely on contractual safeguards and/or the processor's adherence to recognised international frameworks.

  • Netlify (USA) — hosting for this website. Your browser connects to Netlify's servers when you visit. Netlify may process access logs.
  • Render (USA) — hosts the CMS backend and managed database that stores newsletter subscriptions and contact messages.
  • Resend (USA) — used to send transactional email (newsletter confirmation, contact notification). Your email address passes through Resend's infrastructure.
  • Umami — self-hosted by David Kimani on Render. Anonymous aggregated analytics only; no PII.

We do not sell your data to any third party, and we do not share it with advertisers.

5. Retention

  • Newsletter: kept until you unsubscribe. On unsubscribe your status is set to unsubscribed and you are never emailed again. You may request full deletion (see §7).
  • Contact messages: kept for up to 2 years for reference purposes, then deleted.
  • Analytics: anonymised aggregates only; no personal records to delete.

6. Security

All data is transmitted over HTTPS (TLS). The CMS database is a managed PostgreSQL instance with access restricted to the application. Passwords are hashed. No system is perfectly secure, and we cannot guarantee absolute security, but we take reasonable precautions proportionate to the sensitivity of the data.

7. Your rights under Kenya's Data Protection Act 2019

Under the DPA 2019 you have the right to:

  • Access the personal data we hold about you.
  • Rectification of inaccurate or incomplete data.
  • Erasure ("right to be forgotten") of your personal data.
  • Object to processing based on legitimate interest.
  • Restriction of processing in certain circumstances.
  • Portability — receive your data in a structured, machine-readable format.
  • Withdraw consent at any time, without affecting the lawfulness of processing before withdrawal. (Use the unsubscribe link in any newsletter email, or contact us directly for analytics consent.)

To exercise any right, email david@davidkimani.dev. We will respond within 21 days as required by the DPA 2019.

You also have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC), Kenya. Details at odpc.go.ke.

8. Children

This site is not directed at children under 18. We do not knowingly collect personal data from children. If you believe a child has submitted data to us, please contact us and we will delete it promptly.

9. Changes to this policy

We may update this policy from time to time. The effective date at the top of this page indicates when it was last revised. Continued use of the site after a revision constitutes acceptance of the updated policy.

10. Contact

For any privacy-related questions: david@davidkimani.dev.

david kimani.

Full-stack engineer building developer tools and crafted web experiences.

  • About
  • Work
  • Blog
  • Uses
  • Work with me

I'm building starter kits at Kimcard Technologies →

PrivacyCookiesTerms
RSS

© 2026 David Kimani