Privacy Policy

Last updated: February 7, 2026

Introduction

This Privacy Policy ("Policy") describes how Omid Saffari ("we," "us," or "our"), operating through omidsaffari.com (the "Site"), collects, uses, stores, discloses, and protects your personal information. This Policy applies to all visitors, subscribers, newsletter recipients, and users of our website and related services, regardless of how you access or use them.

By accessing or using our Site, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with this Policy, please discontinue use of our Site immediately.

We are committed to protecting your privacy and handling your data transparently and in compliance with applicable data protection laws worldwide, including but not limited to:

GDPR — General Data Protection Regulation (European Union)
UK GDPR — United Kingdom General Data Protection Regulation and Data (Use and Access) Act
CCPA/CPRA — California Consumer Privacy Act as amended by the California Privacy Rights Act (United States)
UAE PDPL — United Arab Emirates Personal Data Protection Law (Federal Decree-Law No. 45 of 2021)
CAN-SPAM Act — Controlling the Assault of Non-Solicited Pornography And Marketing Act (United States)
CASL— Canada's Anti-Spam Legislation
EU AI Act — European Union Artificial Intelligence Act transparency requirements (effective August 2026)

This Policy does not apply to third-party websites, products, or services, even if they link to our Site. We encourage you to review the privacy policies of every website you visit.

Data Controller

The data controller responsible for your personal data is:

Omid Saffari
Email: hi@omidsaffari.com
Website: omidsaffari.com

As the data controller, we determine the purposes and means of processing your personal data and are responsible for ensuring that such processing complies with applicable data protection legislation. For any privacy-related inquiries, complaints, or data subject requests, please contact us using the details above.

Information We Collect

The information we collect depends on how you interact with our Site, the choices you make, and the features you use. We collect information from the following sources:

Information You Provide Directly

We collect information that you voluntarily provide when you interact with our Site. This includes:

Newsletter subscription data. Your email address, the date and time of subscription, your IP address at the time of signup (for consent verification), and confirmation records if double opt-in is used.
Contact form submissions. Your name, email address, and any message content you choose to include when reaching out to us through our contact form.
Communication data. Any information you provide when you email us directly, respond to our communications, or otherwise correspond with us, including the content of your messages and any attachments.
Service inquiry data. If you inquire about our services or submit a consultation request, we collect the information you provide in that submission, which may include your name, email, business details, project requirements, and budget information.

We collect only the minimum information necessary for the stated purpose and do not require you to provide any information beyond what is needed to fulfill your request.

Information Collected Automatically

When you visit our Site, certain technical data is collected automatically through cookies and similar technologies. This includes:

Device information. Browser type and version, operating system, device type (desktop, tablet, mobile), screen resolution, and language preferences.
Network information. Your IP address (anonymized where required by law), Internet Service Provider, and general geographic location at the country or region level only. We do not collect precise geolocation data.
Usage information. Pages visited, time spent on each page, referring URL (the website that directed you to our Site), exit pages, click patterns, scroll depth, and navigation paths through our Site.
Performance information. Page load times, errors encountered, and other diagnostic data that helps us maintain and improve our Site.
Date and time information. Timestamps associated with your visits and interactions with our Site.

Information We Do Not Collect

We want to be transparent about what we do not collect:

We do not collect sensitive personal data (racial or ethnic origin, political opinions, religious beliefs, health data, sexual orientation, biometric data, or genetic data).
We do not collect financial information, payment card numbers, or banking details.
We do not collect government-issued identification numbers (passport, national ID, social security numbers).
We do not collect precise geolocation data or track your real-time location.
We do not engage in cross-site tracking or behavioral profiling for advertising purposes.

How We Use Your Information

We use the information we collect for the following specific purposes:

Site Operation and Improvement

To operate, maintain, and improve our Site, including troubleshooting, system maintenance, and upgrades.
To understand how visitors use our Site so we can optimize content, layout, navigation, and user experience.
To monitor Site performance, identify errors, and diagnose technical issues.
To analyze content engagement and trends to inform future content creation.

Communications

To send you our newsletter and email updates that you have explicitly opted into, including articles, guides, tool recommendations, and industry insights.
To respond to your inquiries, contact form submissions, and direct email communications.
To send you important notices about changes to our Site, this Policy, our Terms of Service, or other legal documents.

Security and Compliance

To detect, prevent, and respond to fraud, abuse, security threats, and other harmful or unauthorized activity.
To enforce our Terms of Service and protect our legal rights, property, and safety.
To comply with applicable laws, regulations, legal processes, and governmental requests.

Under the GDPR, we process your personal data based on the following legal grounds:

Consent (Article 6(1)(a)). For newsletter subscriptions, non-essential cookies, and marketing communications. You may withdraw consent at any time.
Legitimate interests (Article 6(1)(f)). For Site analytics, security monitoring, fraud prevention, and Site improvement. We have conducted legitimate interest assessments and determined that these interests do not override your fundamental rights and freedoms.
Contractual necessity (Article 6(1)(b)). When processing is necessary to respond to your inquiries or deliver services you have requested.
Legal obligation (Article 6(1)(c)). When processing is required to comply with applicable laws, such as tax, accounting, or regulatory requirements.

We do not use your personal data for automated decision-making or profiling that produces legal effects or similarly significant effects on you.

Artificial Intelligence and Automated Technologies

We believe in full transparency about our use of artificial intelligence. This section details how we use AI tools in our operations and how this relates to your personal data.

How We Use AI

Content creation assistance. We use AI writing assistants and language models to help research, draft, edit, and optimize articles, tutorials, and guides. All AI-assisted content undergoes human review, fact-checking, and editorial approval before publication.
Code generation. Code samples and technical examples may be created or refined with AI assistance. All code is reviewed and tested by humans.
Analytics and insights. We may use AI-powered analytics tools to process aggregated, anonymized usage data to identify content trends and improve our offerings.

Your Data and AI

We do not feed your personal data (email address, name, IP address, or any other personally identifiable information) into AI training models or datasets.
We do not use AI to make automated decisions about you as an individual.
We do not use AI-powered profiling, behavioral scoring, or algorithmic targeting based on your personal data.
We do not share your personally identifiable information with AI service providers, except as necessary for essential Site functions described in this Policy (such as email delivery and analytics).

Third-Party AI Tools

Third-party AI tools we use in our content creation workflow operate under their own privacy policies and data processing agreements. We select AI tools that:

Do not use our inputs to train their models (where such options are available).
Provide data processing agreements compliant with applicable privacy regulations.
Maintain appropriate security measures for any data processed through their platforms.

EU AI Act Compliance

In compliance with the EU AI Act transparency requirements (effective August 2, 2026), we disclose that AI technologies are used in our content creation workflow. We classify our use of AI as minimal-risk under the Act's risk framework, as we do not deploy AI for decision-making, scoring, or any purpose that could affect individuals' rights or safety. We are committed to transparent and responsible use of AI in all aspects of our operations and will update this section as regulations evolve.

Cookies and Tracking Technologies

Cookies are small text files stored on your device when you visit our Site. We use a limited number of cookies to operate our Site and understand how visitors use it.

Types of Cookies We Use

Essential cookies. These cookies are strictly necessary for our Site to function. They enable core features such as security, accessibility, and network management. These cookies cannot be disabled without affecting Site functionality. They do not store any personally identifiable information.

Analytics cookies. These cookies help us understand how visitors interact with our Site by collecting aggregated, anonymized information about page views, navigation paths, time on site, and similar usage metrics. Analytics cookies are only set with your consent where required by law.

Cookies We Do Not Use

We do not use advertising or retargeting cookies.
We do not use cross-site tracking pixels or beacons.
We do not use social media tracking cookies.
We do not use fingerprinting or other covert tracking technologies.
We do not participate in real-time bidding or programmatic advertising networks.

Privacy Signals

We respect and honor the following browser-based privacy signals:

Global Privacy Control (GPC). When we detect a GPC signal from your browser, we automatically treat it as a valid opt-out request and disable all non-essential cookies and tracking. This is in compliance with CCPA/CPRA requirements effective January 1, 2026.
Do Not Track (DNT). We honor Do Not Track browser settings and disable non-essential tracking when this signal is detected.

Managing Cookies

You can manage your cookie preferences at any time through your browser settings. Most browsers allow you to block or delete cookies. Please note that disabling essential cookies may impair Site functionality. For detailed instructions on managing cookies in your specific browser, please refer to your browser's help documentation.

We send our newsletter and email communications only to individuals who have explicitly opted in through a clear, affirmative action (such as entering their email address and clicking a subscribe button). We do not use pre-checked boxes, implied consent, or purchase email lists from third parties.

Where required by applicable law (such as in Germany, Austria, and Switzerland), we implement double opt-in confirmation, requiring you to verify your subscription through a confirmation email before any marketing emails are sent.

What We Send

Our newsletter may include:

Articles, tutorials, and guides on AI, technology, web development, design, automation, and digital growth.
Recommendations for tools, products, and services (which may include affiliate links, clearly disclosed).
Updates about new content published on our Site.
Occasional announcements about our services or projects.

Your Email Rights

Every email includes a clear, functional unsubscribe link. One click to opt out.
All unsubscribe requests are honored promptly and no later than 10 business days from receipt (as required by CAN-SPAM).
You may also email us directly at hi@omidsaffari.com to be removed from our mailing list.
We do not sell, rent, lease, or trade your email address to any third party, under any circumstances.

Email Service Provider

We use a third-party email service provider to deliver our newsletter. Your email address is shared with this provider solely for the purpose of email delivery, list management, and basic engagement analytics (open rates and click rates, used to improve content quality). This provider is bound by a data processing agreement and is required to protect your data in accordance with applicable privacy laws. We do not authorize them to use your email address for any other purpose.

Compliance

Our email communications comply with the CAN-SPAM Act (United States), GDPR (European Union), CASL (Canada), PECR (United Kingdom), and other applicable email marketing regulations. Every email includes our identity, a valid physical mailing address or equivalent, and a clear mechanism to opt out of future communications.

We use a limited number of carefully selected third-party services to operate our Site. Each service provider is bound by a data processing agreement and is required to protect your data in accordance with applicable privacy laws. We share only the minimum data necessary for each service to function.

Categories of Third-Party Services

Hosting provider. To host and serve our Site. This provider processes your IP address and request data to deliver web pages.
Content delivery network (CDN). To serve images and static assets efficiently from edge locations globally. Processes request metadata (IP address, user agent) to deliver content.
Analytics service. To collect aggregated, anonymized data about Site usage. Processes anonymized IP addresses, page views, and usage patterns.
Email service provider. To deliver our newsletter. Processes email addresses and engagement metrics (open/click rates).
DNS and domain provider. To route traffic to our Site. Processes DNS query data.

What We Do Not Do with Your Data

We do not sell your personal information to any third party, and have never done so.
We do not share your data with advertisers, data brokers, or marketing companies.
We do not engage in cross-context behavioral advertising.
We do not provide your data to social media platforms for audience matching or lookalike targeting.
We do not monetize your personal data in any way.

Legal Disclosure

We may disclose your information only in the following limited circumstances:

When required by law, regulation, legal process, or governmental request.
When we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
To enforce our Terms of Service or investigate potential violations.
To respond to an emergency that we believe in good faith requires disclosure to prevent death or serious bodily injury.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected. Below are our specific retention periods:

Newsletter subscriber data. Retained for the duration of your subscription. Deleted within 30 days of unsubscribing. Consent records (proof of opt-in) are retained for up to 3 years after unsubscription for legal compliance purposes.
Contact form submissions. Retained for up to 12 months after the inquiry is resolved, then securely deleted.
Analytics data. Retained in aggregated, anonymized form only. Individual IP addresses are anonymized immediately upon collection. Anonymized analytics data is not subject to retention limits as it cannot be linked to individuals.
Server logs. Access logs containing IP addresses are retained for up to 30 days for security and performance monitoring, then automatically deleted.
Cookie data. Essential cookies expire at the end of your browser session or after a maximum of 12 months. Analytics cookies expire after a maximum of 24 months.

When the retention period expires or you request deletion, we securely delete or anonymize your personal data. If complete deletion is not technically feasible (for example, due to backup systems), we ensure that the data is isolated and protected from any further processing until deletion is possible.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

Encryption in transit. All data transmitted between your browser and our Site is encrypted using TLS/HTTPS protocols.
Secure hosting infrastructure. Our Site is hosted on enterprise-grade infrastructure with built-in DDoS protection, automatic security patches, and isolated execution environments.
Access controls. Access to personal data is limited to authorized personnel only, on a need-to-know basis.
Vendor security. All third-party service providers are required to maintain security measures consistent with industry standards and their contractual obligations.
Regular review. We periodically review our security practices and update them as necessary to address new threats and vulnerabilities.

Despite our best efforts, no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially reasonable means to protect your personal data, we cannot guarantee absolute security.

Data Breach Notification

In the event of a data breach that affects your personal information and is likely to result in a risk to your rights and freedoms, we will:

Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (as required by GDPR Article 33).
Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms (as required by GDPR Article 34).
Document the breach, its effects, and the remedial actions taken.
Comply with all applicable breach notification requirements under CCPA, UAE PDPL, and other applicable laws.

Your Privacy Rights

Depending on your location and applicable law, you may have certain rights regarding your personal data. We respect these rights and are committed to facilitating your exercise of them.

Rights for All Users

Regardless of your location, we provide the following rights to all users:

Right to unsubscribe. You may unsubscribe from our newsletter at any time by clicking the unsubscribe link in any email or by contacting us.
Right to contact us. You may contact us at any time to ask questions about your data or request its removal.
Right to manage cookies. You may manage your cookie preferences through your browser settings at any time.

If you are located in the EEA, UK, or Switzerland, you have the following rights under the GDPR and UK GDPR:

Right of access (Article 15). You have the right to request a copy of the personal data we hold about you, including the purposes of processing, categories of data, recipients, and retention periods.
Right to rectification (Article 16). You have the right to request correction of inaccurate or incomplete personal data.
Right to erasure (Article 17). You have the right to request deletion of your personal data where it is no longer necessary for the purpose it was collected, you withdraw consent, or the data has been unlawfully processed.
Right to restriction (Article 18). You have the right to request that we restrict processing of your personal data in certain circumstances, such as when you contest its accuracy.
Right to data portability (Article 20). You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
Right to object (Article 21). You have the right to object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds.
Right to withdraw consent. Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.
Right to lodge a complaint. You have the right to lodge a complaint with your local data protection supervisory authority if you believe your rights have been violated.

California, United States (CCPA/CPRA)

If you are a California resident, you have the following rights under the CCPA as amended by the CPRA:

Right to know. You have the right to know what personal information we have collected about you in the preceding 12 months, including the categories and specific pieces of information, the sources, the business purposes for collection, and the categories of third parties with whom we share it.
Right to delete. You have the right to request deletion of your personal information, subject to certain exceptions.
Right to correct. You have the right to request correction of inaccurate personal information.
Right to opt out of sale or sharing. We do not sell your personal information and do not share it for cross-context behavioral advertising. Therefore, there is no need to opt out of sale or sharing.
Right to limit use of sensitive information. We do not collect sensitive personal information as defined under the CCPA.
Right to non-discrimination. We will not discriminate against you for exercising any of your privacy rights.

Effective January 1, 2026, we comply with the expanded CCPA requirements including visible opt-out confirmations for Global Privacy Control signals and enhanced service provider disclosures.

United Arab Emirates (UAE PDPL)

If you are a resident of the United Arab Emirates, you have the following rights under the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021):

Right to access. You have the right to access your personal data and request information about how it is being processed.
Right to correction. You have the right to request correction, completion, or updating of your personal data.
Right to deletion. You have the right to request deletion of your personal data when it is no longer necessary for the purpose it was collected.
Right to restrict processing. You have the right to restrict the processing of your personal data in certain circumstances.
Right to object. You have the right to object to the processing of your personal data for direct marketing purposes.
Right to data portability. You have the right to obtain your personal data in a readable and common electronic format.

Other U.S. States

If you are a resident of another U.S. state with comprehensive privacy legislation (including but not limited to Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Kentucky, Rhode Island, Tennessee, Montana, Oregon, Texas, Delaware, New Hampshire, New Jersey, Nebraska, Maryland, or Minnesota), you may have additional rights under your state's privacy law. We strive to honor all applicable state privacy rights. Please contact us to exercise any rights available under your state law.

Exercising Your Rights

To exercise any of the rights described above, please contact us at hi@omidsaffari.com. We will:

Acknowledge receipt of your request within 5 business days.
Respond to verified requests within 30 days (or sooner if required by applicable law; 45 days for CCPA requests with one 45-day extension if necessary).
Ask you to verify your identity before processing your request, to protect against unauthorized access to your data.
Provide the requested information free of charge. In rare cases where requests are manifestly unfounded or excessive, we may charge a reasonable fee or decline to act, as permitted by law.

International Data Transfers

Our Site is hosted and operated globally. Your personal data may be transferred to and processed in countries other than your country of residence, including the United States and countries within the European Economic Area. These countries may have data protection laws different from those in your jurisdiction.

When we transfer personal data internationally, we ensure adequate safeguards are in place through the following mechanisms:

Standard Contractual Clauses (SCCs). We use SCCs approved by the European Commission as the primary mechanism for transfers from the EEA to third countries.
Adequacy decisions. Where available, we rely on adequacy decisions by the European Commission confirming that a third country provides an adequate level of data protection.
Data processing agreements. All service providers that process personal data on our behalf are required to enter into data processing agreements that oblige them to protect your data to standards consistent with this Policy and applicable law.
Supplementary measures. Where required, we implement additional technical and organizational safeguards to ensure the effectiveness of the chosen transfer mechanism.

Children's Privacy

Our Site and services are not directed at children under the age of 16 (or the applicable minimum age of digital consent in your jurisdiction — 13 in the United States under COPPA). We do not knowingly collect, use, or disclose personal information from children.

If we become aware that we have collected personal data from a child without verification of parental consent, we will take prompt steps to delete that information. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately at hi@omidsaffari.com.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, applicable laws, or for other operational, legal, or regulatory reasons. When we make changes:

We will update the "Last updated" date at the top of this page.
For material changes, we will provide prominent notice on our Site (such as a banner notification).
Where required by law or where changes significantly affect how we process your data, we will notify you by email (if we have your email address).
Where required by law, we will obtain your renewed consent before applying material changes to how we process your data.

We encourage you to review this Privacy Policy periodically. Your continued use of our Site after any changes constitutes your acceptance of the updated Policy, unless additional consent is required by applicable law.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, your personal data, or our privacy practices, please contact us: