← back to home
LEGAL

Privacy Policy

Effective date: 10 December 2025

This Privacy Policy explains how Elaira Novan (“we”, “us”, “the Operator”) collects, uses, stores, protects, and discloses information relating to visitors and users (“you”, “User”) of the website https://www.elairanovan.com (the “Website”).

This Policy is intended to provide a clear, comprehensive, and transparent explanation of our data practices.
It applies regardless of how you access the Website (desktop, mobile, or other devices).

By accessing or using the Website, you acknowledge that you have read and understood this Privacy Policy.
If you do not agree with this Policy, you must discontinue use of the Website.

1. Data Controller and Operator Information

Data Controller / Operator:
Elaira Novan (pseudonym)
Jurisdiction: State of California, United States
Contact email: elairanovan@gmail.com

The Website is operated from the United States but is accessible globally.

2. Legal Scope and Applicable Frameworks

We are committed to handling personal data responsibly and, where applicable, in alignment with:

— the EU General Data Protection Regulation (GDPR) for users located in the European Economic Area (EEA);
— the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) for California residents;
— applicable United States federal and state privacy and consumer protection laws.

The applicability of specific rights and obligations depends on your place of residence and the nature of your interaction with the Website.

3. Core Data Protection Principles

Our data practices are guided by the following principles:

— Data minimisation: we collect only data that is reasonably necessary;
— Purpose limitation: data is used only for clearly defined purposes;
— Transparency: we explain what data is collected and why;
— Security: reasonable technical and organisational safeguards are applied;
— No sale of personal data: we do not sell or rent personal information;
— No behavioural profiling: we do not engage in invasive tracking or behavioural advertising.

4. Categories of Personal Data We May Collect

The specific data collected depends on how you interact with the Website.

4.1 Communications and Voluntary Contact Data

What may be collected:

— name or pseudonym (if you choose to provide it);
— email address;
— content of messages or correspondence.

How it is collected:
Directly from you when you contact us (e.g., by email or through a future contact form).

Purpose:

— responding to inquiries, feedback, or messages;
— maintaining correspondence records where reasonably necessary.

Legal basis (GDPR, where applicable):

— your consent (Art. 6(1)(a));
— our legitimate interest in responding to communications (Art. 6(1)(f)).

4.2 Donation-Related Information (If and When Applicable)

If you choose to support the project through voluntary donations, the following limited information may be processed:

What may be collected:

— donation amount;
— currency, date, and time of transaction;
— email address associated with the payment;
— transaction identifiers provided by the payment processor.

Important clarification:

— we do not receive or store full payment card numbers or bank details;
— payment credentials are processed exclusively by third-party payment providers.

Purpose:

— processing and acknowledging donations;
— maintaining accounting or compliance records, where required;
— detecting and preventing fraud or technical errors.

Legal basis (GDPR, where applicable):

— your consent (Art. 6(1)(a));
— our legitimate interests in maintaining records and preventing abuse (Art. 6(1)(f));
— compliance with legal obligations, where applicable (Art. 6(1)(c)).

Donations do not create a contractual service relationship and are not treated as purchases.

4.3 Technical and Usage Data

When you access the Website, certain technical information may be collected automatically.

What may be collected:

— IP address (where reasonably possible, shortened, pseudonymised, or aggregated);
— browser type and version;
— device type and operating system;
— referring URLs;
— pages viewed, timestamps, and duration of visits;
— basic error or performance logs.

Purpose:

— ensuring technical functionality and security;
— monitoring performance and stability;
— detecting and preventing abuse, fraud, or attacks;
— understanding aggregated usage patterns to improve reliability.

Legal basis (GDPR, where applicable):

— our legitimate interests in operating and securing the Website (Art. 6(1)(f)).

4.4 Cookies and Similar Technologies

The Website may use cookies or similar technologies (such as local storage or technical pixels).

Cookies may be used for:

— essential functionality and navigation;
— security and error diagnostics;
— basic performance measurement;
— optional, privacy-respecting analytics if implemented in the future.

We do not use cookies for:

— behavioural advertising;
— cross-site tracking;
— building detailed personal profiles.

Further details are provided in Section 7 (Cookies Notice).

4.5 Technical Verification and Configuration Data

We may process limited technical identifiers such as:

— domain or DNS verification records;
— search engine verification codes;
— security-related configuration data.

Purpose:

— confirming ownership and control of the Website;
— improving visibility and integrity;
— preventing technical abuse.

Legal basis (GDPR, where applicable):

— our legitimate interests (Art. 6(1)(f)).

5. How We Use Personal Data

We use personal data solely for the following purposes:

— communicating with users who contact us;
— operating, maintaining, and securing the Website;
— processing voluntary donations, where applicable;
— complying with applicable legal obligations;
— responding to lawful requests from authorities or courts.

We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects.

6. Sharing of Personal Data

We do not sell or rent personal data.

Personal data may be shared only in limited circumstances:

— with service providers (e.g., hosting, security, payment processors) acting on our instructions;
— where required by law, regulation, or court order;
— to protect the rights, safety, or integrity of the Website and its users.

Service providers are required to process data in accordance with their own privacy obligations and applicable law.

7. Cookies Notice

7.1 What Are Cookies

Cookies are small text files stored on your device when you visit a website. They help websites function properly and understand how content is used.

7.2 How We Use Cookies

Cookies on this Website are limited to:

— essential operation and security;
— technical diagnostics;
— optional analytics, if introduced in the future.

7.3 Third-Party Cookies

If the Website embeds content from third-party platforms (such as video hosting or social media), those platforms may set their own cookies according to their own policies.

7.4 Your Choices

You can:

— configure your browser to block or delete cookies;
— restrict non-essential cookies when preference tools are available.

Blocking cookies may affect certain functionalities of the Website.

8. International Data Transfers

Personal data may be processed in the United States or in other jurisdictions where our service providers operate.

Where required, appropriate safeguards are applied to protect data in accordance with applicable law.

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy or to comply with legal obligations.

Retention periods vary depending on the nature of the data and applicable legal requirements.

10. Your Rights

Depending on your jurisdiction, you may have the right to:

— access your personal data;
— request correction of inaccurate data;
— request deletion of data;
— restrict or object to certain processing;
— request data portability;
— opt out of certain uses of data (where applicable).

To exercise your rights, please contact: elairanovan@gmail.com

We may request verification of identity before responding.

11. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you may have additional rights, including:

— the right to know what personal information is collected and used;
— the right to request deletion of personal information;
— the right to non-discrimination for exercising privacy rights.

We do not sell or share personal information as defined under the CCPA/CPRA.

12. Children’s Privacy

The Website is not directed to children under the age of 13.
We do not knowingly collect personal data from children under 13.

13. Security Measures

We implement reasonable technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, or alteration.

No system is completely secure; therefore, we cannot guarantee absolute security.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.
The “Effective date” at the top of this page indicates the most recent revision.

Continued use of the Website after changes constitutes acceptance of the updated Policy.

15. Contact Information

For questions, requests, or concerns regarding this Privacy Policy or data practices:

Data Controller: Elaira Novan
Email: elairanovan@gmail.com