Privacy Policy

Last updated: October 2025

Introduction

Prof Dr Mark R Johnson (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or engage with our services.

Information We Collect

Personal Information

We may collect personal information that you voluntarily provide, including:

• Name and contact information
• Professional affiliation and credentials
• Research interests and academic background
• Correspondence and communications

Automatically Collected Information

When you visit our website, we may automatically collect:

• IP address and device information
• Browser type and version
• Pages visited and time spent on site
• Referring website information

Contact Form Information

When you submit our contact form, we collect and process:

• Personal Information: Your name, email address, and message content
• IP Address: Collected for security purposes, spam prevention, and rate limiting
• User Agent: Browser and device information for security monitoring
• Timestamp: Date and time of submission

Data Storage: Contact form submissions are delivered via email using Resend email service. Your personal information is not stored in our content management system. IP addresses and submission data are temporarily stored in server memory for rate limiting purposes and are cleared on server restart.

How We Use Your Information

We use the information we collect to:

• Provide and maintain our website and services
• Respond to inquiries and communications
• Share relevant research and academic information
• Improve our website and user experience
• Prevent spam, abuse, and fraudulent activity
• Enforce rate limiting and security measures
• Comply with legal obligations

Legal Basis for Processing (GDPR)

We process your personal information based on:

• Consent: When you submit the contact form, you consent to us processing your information
• Legitimate Interests: We use IP addresses and technical data for security, fraud prevention, and rate limiting
• Legal Obligation: To comply with applicable laws and regulations

Information Sharing and Third-Party Services

We do not sell, trade, or otherwise transfer your personal information to third parties without your consent, except as described in this policy. We may share information:

• With academic collaborators for legitimate research purposes
• When required by law or legal process
• To protect our rights and safety
• With service providers who assist in website operations (as detailed below)

Third-Party Service Providers

We use the following third-party services to operate our website:

• Resend: Email delivery service for contact form submissions. When you submit the contact form, your name, email, message, IP address, and user agent are transmitted to Resend and delivered to us via email. Resend processes this data in accordance with their privacy policy.
• Cloudflare Turnstile: Bot protection and security verification service. Cloudflare may collect browser information and behavioral data to verify you are human. This data is processed according to Cloudflare's privacy policy.
• Sanity CMS: Content management system for website content (publications, research information). This service stores only public-facing content and does not store contact form submissions or visitor data.
• Vercel: Website hosting platform. Vercel may collect technical logs and performance data as part of standard hosting operations.

Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

• HTTPS Encryption: All data transmitted between your browser and our servers is encrypted using TLS/SSL
• Rate Limiting: Contact form submissions are limited to prevent spam and abuse (3 per minute, 10 per hour, 20 per day per IP address)
• CSRF Protection: Cross-Site Request Forgery tokens protect against unauthorized form submissions
• Bot Protection: Cloudflare Turnstile verification prevents automated abuse
• Honeypot Fields: Hidden form fields catch simple bot submissions
• Input Validation: All form inputs are sanitized and validated before processing
• Content Security Policy: Strict security headers prevent XSS attacks and unauthorized code execution

However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security of your data.

Data Retention

We retain your personal information as follows:

• Contact Form Submissions: Delivered via email and retained in your email correspondence. Not stored in our databases beyond temporary rate-limiting data.
• Rate Limiting Data: IP addresses and submission timestamps are stored in server memory temporarily and are automatically cleared on server restart (typically within 24 hours).
• Server Logs: Technical logs may be retained by our hosting provider (Vercel) for security and performance monitoring purposes, typically for 30-90 days.

Your Rights

You have the right to:

• Access your personal information
• Correct inaccurate information
• Request deletion of your information
• Object to processing of your information
• Request data portability

Cookies and Tracking

Our website uses cookies and similar tracking technologies to improve functionality, security, and analyze usage patterns:

• CSRF Tokens: Essential security cookies that protect the contact form from unauthorized submissions. These cookies are HttpOnly, SameSite=Strict, and expire after 30 minutes.
• Functional Cookies: May be used to remember your preferences and improve site functionality.

You can control cookie preferences through your browser settings. However, disabling essential cookies may prevent the contact form from functioning properly.

Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites and encourage you to review their privacy policies.

International Users

If you are accessing our website from outside the United Kingdom, please be aware that your information may be transferred to, stored, and processed in the UK where our servers are located.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the “Last updated” date.

Contact Information

If you have questions about this Privacy Policy or our privacy practices, please contact us: