robertobuilds
Effective · 2026-05-15Last updated · 2026-05-15

Privacy policy.

This policy explains what personal information is collected through this site, the purposes for which it is used, the parties with whom it is shared, and the rights available to you. Defined terms are introduced where first used.

1. Introduction and identity of the controller

This website, robertobuilds.co (the “Service”), located at https://robertobuilds.co, is operated by Roberto Temelkovski, an individual sole operator based in Ontario, Canada (“I”, “me”, “my”). For the purposes of applicable data protection law, I am the data controller responsible for personal information collected through the Service. This Privacy Policy explains how that information is collected, used, disclosed, retained, and protected. By accessing or using the Service you acknowledge that you have read and understood this Privacy Policy. If you do not agree with it, please do not use the Service.

2. Information I collect

I deliberately keep collection narrow. Depending on how you interact with the Service and on features offered from time to time, the categories of personal information I may collect are:

  • Information you provide directly — your first name, last name, and email address, all of which are required to subscribe to the newsletter or to claim a free guide.
  • Subscription metadata — so that I can deliver the right content and understand, at an aggregate level, what people want more of, a small set of non-sensitive tags is stored against your subscription record in Kit: whether you subscribed through a guide claim or the newsletter and which guide or page that was; the marketing source you arrived from, when a campaign or referral parameter is present in the link you followed (for example, an Instagram link); and the month in which you subscribed. These tags describe your subscription, not your browsing, and are not used to build a behavioural profile of you.
  • Communications data — if you contact me by email, I process the content of that correspondence and your email address in order to respond.
  • Information processed automatically by infrastructure and analytics providers — I do not myself collect IP addresses, device identifiers, or behavioural profiles, and I do not run identifying or cross-session product analytics. However, my hosting, edge-security, and performance providers necessarily process technical request data to deliver, secure, and measure the Service: Vercel and Cloudflare process your IP address and request metadata in transit and derive an approximate, coarse location (such as country or region) from it for routing, security, and aggregate statistics; and Vercel Web Analytics and Vercel Speed Insights collect aggregate, cookieless traffic and performance metrics (for example, page views, referrers, Core Web Vitals, device type, and browser) without identifying you.

Should I in future enable identifying or behavioural product analytics, cross-session profiling, additional account features, payment processing, or any collection beyond what is described above, I will update this Policy and obtain consent where required before that collection begins. I do not collect special-category data, government identifiers, payment-card data, or precise geolocation (such as GPS or device-level location), and I do not knowingly collect more than is described here. Where information is necessary to provide a feature (for example, your name and email address to deliver a guide), declining to provide it means that feature cannot be delivered to you.

3. How I use your information, and legal basis

I use personal information to:

  • deliver the guide or content you requested;
  • send occasional updates about new posts and tools;
  • respond to your communications, requests, and complaints;
  • validate submitted email addresses;
  • secure the Service and prevent abuse or fraud; and
  • comply with legal obligations.

I do not use your information for automated decision-making that produces legal or similarly significant effects, and I do not build advertising profiles. You can unsubscribe from any email I send with one click, in line with Canada's Anti-Spam Legislation (CASL).

Where the EU or UK General Data Protection Regulation applies, my legal bases for processing are: your consent (newsletter and guide delivery, withdrawable at any time); my legitimate interests (securing the Service, preventing abuse, and understanding aggregate demand), balanced against your rights and freedoms; and compliance with legal obligations.

4. Disclosure of your information and sub-processors

I do not sell your personal information, and I do not disclose it for cross-context behavioural advertising. I do not share it except with the limited service providers below, each acting on my behalf under contractual confidentiality and data-protection obligations, and only to the extent needed to perform their function:

  • Kit (Kit.com, formerly ConvertKit) — stores subscriber first name, last name, and email address, together with the subscription metadata tags described in Section 2; sends broadcasts and automations. Read their privacy policy.
  • Vercel — hosts the Service and provides cookieless, aggregate web analytics and performance monitoring (Vercel Web Analytics and Vercel Speed Insights); processes IP address and request metadata in transit and derives an approximate, country- or region-level location from it. These analytics do not use cookies and do not identify you. Read their privacy policy.
  • Cloudflare — content delivery and edge security (including DDoS mitigation and a web application firewall); processes your IP address and request metadata, including an approximate IP-derived location, to route and protect traffic. Read their privacy policy.

Submitted email addresses are additionally checked in real time against a public list of known disposable-email domains and via a DNS MX-record lookup, solely to validate deliverability of the address. The result of that check is not stored.

International transfers.These providers are located in, or process data in, the United States and other countries outside Canada and the European Economic Area. Where personal information is transferred internationally, I rely on the providers' contractual safeguards (including Standard Contractual Clauses where applicable) and comparable-protection commitments consistent with PIPEDA and Chapter V of the GDPR.

5. Cookies and similar technologies

The Service does not use advertising, cross-site, or third-party tracking cookies. The only cookie set is a single HTTP-only, cryptographically signed, Secure cookie created when you successfully unlock a free guide. Its sole purpose is to remember that you unlocked the guide so you do not have to enter your email again on a subsequent visit. It is a strictly necessary functional cookie — not used for tracking, advertising, profiling, or analytics — and is therefore exempt from prior-consent requirements under the EU ePrivacy Directive and equivalent rules.

Vercel's aggregate analytics operate without cookies. The Service does not respond to browser “Do Not Track” signals, because it performs no tracking that such signals would limit. If non-essential or analytics cookies are introduced in the future, this Policy will be updated and a consent mechanism presented before any such cookie is set.

6. Your privacy rights

Subject to applicable law, you may: request access to the personal information I hold about you; request correction of inaccurate or incomplete information; request deletion or erasure; restrict or object to certain processing; request portability of information you provided; and withdraw consent (including unsubscribing from any email with one click, consistent with Canada's Anti-Spam Legislation) at any time, without affecting the lawfulness of processing carried out before withdrawal.

6.1 EEA and UK (GDPR / UK GDPR)

If you are in the European Economic Area or the United Kingdom, you have the rights of access, rectification, erasure, restriction of processing, data portability, and objection, and the right to lodge a complaint with your supervisory authority.

6.2 California (CCPA / CPRA)

If you are a California resident, you have the right to know the categories and specific pieces of personal information collected about you, the right to delete that information, the right to correct it, the right to opt out of the sale or sharing of personal information (note: I do not sell or share personal information), and the right not to receive discriminatory treatment for exercising these rights.

6.3 Canada (PIPEDA)

If you are a Canadian resident, you have the right to access your personal information, to challenge its accuracy and completeness and have it amended as appropriate, and to withdraw consent to its collection, use, or disclosure at any time, subject to legal or contractual restrictions and reasonable notice.

You may also lodge a complaint with the Office of the Privacy Commissioner of Canada, or your local data protection authority, if you believe your information has been mishandled. To exercise any of these rights, email me at privacy@robertobuilds.co. I respond personally, ordinarily within thirty days, and may request information reasonably necessary to verify your identity before acting on a request.

7. Data retention

I retain personal information only for as long as necessary to fulfil the purposes described in this Policy. Your subscription is retained until you unsubscribe; on unsubscribe, your record is removed from active sending lists immediately and purged from Kit within its standard retention window. If you request full deletion of your record, I will action it within thirty days. I may retain limited information for longer where required to comply with legal, accounting, or regulatory obligations, or to establish, exercise, or defend legal claims.

8. Security and breach notification

All traffic to the Service uses HTTPS. The unlock cookie is signed with a server-side secret and marked HTTP-only and Secure so it cannot be read by client-side scripts. Subscriber data resides within Kit, which is responsible for the security of its own infrastructure; I do not operate a database of my own. I apply administrative and technical measures appropriate to the limited data involved. However, no method of transmission over the internet or method of storage is completely secure, and absolute security cannot be guaranteed.

In the event of a breach of security safeguards involving a real risk of significant harm, I will notify affected individuals and the Office of the Privacy Commissioner of Canada (and other authorities where required) as mandated by PIPEDA and applicable law.

9. Changes to this Policy

I may update this Policy from time to time. Changes take effect when posted; the “Effective” and “Last updated” dates at the top of this page will be revised accordingly. Material changes will additionally be communicated by email to subscribers where appropriate. Continued use of the Service after changes are posted constitutes acknowledgement of the updated Policy.

10. Contact

Privacy questions, requests, or complaints: privacy@robertobuilds.co. For all other matters, see the terms of use or contact hello@robertobuilds.co. A postal contact address is available on request for formal regulatory correspondence.

11. Children's privacy

The Service is not directed to children under the age of 13 (or the minimum age of digital consent in your jurisdiction), and I do not knowingly collect personal information from them. If you are a parent or guardian and believe a child has provided personal information, contact privacy@robertobuilds.co and I will delete it promptly.

12. Third-party links and services

The Service links to third-party websites and services, including those of the providers named above. I am not responsible for the privacy practices or content of those third parties; their own policies govern your interactions with them.

Separately, the Service is promoted through third-party social platforms (such as Instagram and TikTok), including messaging-automation tools used on those platforms to direct people here. Any information you provide on those platforms is processed under those platforms' and tools' own privacy policies, not under this Policy, until you arrive at the Service and submit information through it directly.

13. Governing law

This Privacy Policy is governed by and construed in accordance with the laws of the Province of Ontario and the federal laws of Canada applicable therein, without prejudice to any non-waivable data-protection rights you may have under the laws of your own jurisdiction.

Disclaimers and limitations of liability relating to your use of the Service are set out in the terms of use. Nothing in this Policy or those terms excludes or limits any right or remedy that cannot lawfully be excluded or limited, including statutory privacy rights and the right to lodge a complaint with, or seek a remedy from, a competent supervisory authority or court.