Last updated: February 21, 2026
This Privacy Policy explains how I, Md Shahabub Alam, collect, use, and protect your personal information when you visit my portfolio website (https://msanabid.vercel.app). I am committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
The data controller responsible for processing your personal data submitted by end-users via this website is:
Md Shahabub AlamWhen you use the contact form on this website, I collect the following information:
Purpose: The purpose of processing your personal data through the contact form is to answer your inquiries. When you submit a message through the contact form, I process your data solely to respond to your inquiry and provide you with the information or assistance you have requested.
Legal basis: Legitimate interest (Article 6(1)(f) GDPR). Processing your personal data is necessary for my legitimate interest in answering inquiries. When you contact me through the contact form, you initiate the communication and have a reasonable expectation that I will process your data to answer your inquiry. I have conducted a balancing test and determined that my legitimate interest in answering inquiries does not override your fundamental rights and freedoms, as the processing is limited to what is necessary to answer your inquiry and you can object to the processing at any time.
Retention: Your data will be stored until you request deletion or the purpose for storage no longer applies. Contact form submissions are retained for a maximum of 12 months after the last communication, after which they are automatically deleted unless you request earlier deletion or there is a legal obligation to retain the data (e.g., for tax or legal purposes).
Right to object: You have the right to object to the processing of your personal data based on legitimate interest at any time. If you object, I will no longer process your personal data unless I can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.
This website includes an interactive chatbot that allows you to ask questions about my portfolio, including projects, experience, skills, publications, and certifications. When you use the chatbot, the following information is processed:
Purpose: The purpose of processing your chat messages is to provide you with relevant information about my portfolio and answer your questions. The chatbot uses artificial intelligence to understand your queries and generate responses based on my portfolio data.
Legal basis: Legitimate interest (Article 6(1)(f) GDPR). Processing your chat messages is necessary for my legitimate interest in providing an interactive way for visitors to learn about my portfolio. When you use the chatbot, you initiate the interaction and have a reasonable expectation that your messages will be processed to generate responses. I have conducted a balancing test and determined that my legitimate interest in providing this interactive service does not override your fundamental rights and freedoms, as the processing is limited to what is necessary to answer your questions, conversations are not stored permanently, and you can stop using the chatbot at any time.
Data storage: Your chat conversations are not stored permanently on my servers. Chat messages are processed in real-time to generate responses and are not saved or logged on my systems. However, your messages are temporarily sent to third-party AI services (Groq and Hugging Face) to generate responses, as described in sections 4.3 and 4.4 below. These services act as data processors and may temporarily process your data according to their privacy policies and Data Processing Agreements. I do not retain copies of your conversations on my servers.
Retention: Chat messages are not retained on my servers after the response is generated. Each chat session is independent, and no conversation history is stored on my systems. Third-party AI services (Groq and Hugging Face) may retain logs for security and troubleshooting purposes for up to 30 days, as specified in their respective privacy policies (see sections 4.3 and 4.4).
Right to object: You have the right to object to the processing of your chat messages. If you object, you can simply stop using the chatbot. You are not required to use the chatbot to access information on this website, as all portfolio information is also available through the regular website pages.
Please do not submit sensitive personal data (e.g. health, financial details, or other special categories of data under Article 9 GDPR) in the chat. The chatbot is intended only for general questions about my portfolio.
I use Resend to process and send emails from the contact form mentioned in 3.1. When you submit the contact form, Resend processes your email address and message content to deliver the email to me. Resend acts as a data processor (Article 4(8) GDPR) on my behalf for this purpose. Resend is a service provided by a company based in the United States. Your data is transferred to and processed in the United States. Resend has implemented appropriate safeguards to protect your data, including:
Please refer to Resend's Privacy Policy for more information.
This website is hosted on Vercel Inc. Vercel is a service provided by a company based in the United States. To the extent that any Service-Generated Data is considered Personal Data, Vercel is the controller with respect to such data and will Process such data in accordance with its Privacy Policy. The Privacy Policy is applicable inter alia for hosting and deployment of websites.
When you visit this website, certain technical information is automatically collected by the hosting provider (Vercel) in server logs. This includes:
Purpose: This data is collected automatically for technical reasons necessary for the operation and security of the website, including:
Legal basis: Legitimate interest (Article 6(1)(f) GDPR). The collection of this technical data is necessary for the legitimate interest of ensuring the security, stability, and proper functioning of the website. This processing is essential for the website to operate and cannot be avoided. I have conducted a balancing test and determined that my legitimate interest in maintaining website security and functionality does not override your fundamental rights and freedoms, as the data collection is limited to what is technically necessary and the data is not used for profiling or marketing purposes.
Retention: Server logs are typically retained for a limited period (usually 30-90 days) by the hosting provider for security and technical purposes, after which they are automatically deleted. I do not have direct access to or control over these logs.
IP Address Anonymization: While I cannot directly control Vercel's server logs, I do not use any analytics services that would process IP addresses for tracking or profiling purposes. The IP addresses collected in server logs are used solely for technical and security purposes.
Right to object: You have the right to object to the processing of your IP address. However, please note that the collection of IP addresses in server logs is technically necessary for the website to function. If you object, you may not be able to access this website, as IP addresses are required for the technical delivery of web content.
Your data, including IP addresses, may be transferred to and processed in the United States and other countries outside the European Economic Area (EEA). Transfers are based on: (1) the EU-U.S. Data Privacy Framework (EU-U.S. DPF), where the recipient participates and the European Commission has recognized an adequate level of protection; and/or (2) Standard Contractual Clauses (SCCs) issued by the European Commission (Implementing Decision (EU) 2021/914 or successor), which have been concluded with the hosting provider where applicable.
In its judgment of 16 July 2020 (C-311/18, Schrems II), the European Court of Justice confirmed that data transferred to third countries may be subject to access by local authorities. Where we rely on SCCs, we have assessed that the hosting provider's practices and the transfer context provide adequate safeguards; where the provider participates in the EU-U.S. DPF, we rely on the Commission's adequacy decision. Further information on the provider's data handling and any supplementary measures can be found in their privacy policy (link below).
Vercel has implemented appropriate safeguards to protect your data in accordance with GDPR requirements, including:
I do not have direct access to or control over Vercel's server logs. Vercel processes this data in accordance with their Privacy Policy.
I use Groq to provide AI-powered responses in the portfolio chatbot mentioned in section 3.2. When you use the chatbot, your chat messages are sent to Groq to generate AI responses. Groq acts as a data processor (Article 4(8) GDPR) on my behalf for this purpose. Groq is a service provided by a company based in the United States. Your data is transferred to and processed in the United States.
Groq has implemented appropriate safeguards to protect your data, including:
Groq processes your chat messages solely to generate responses and does not use your data for its own purposes beyond providing the service. According to Groq's privacy policy, customer data processed through their Cloud Services (including APIs) is governed by the Groq Services Agreement and Data Processing Addendum.
Please refer to Groq's Privacy Policy and Groq's Legal Documentation for more information. The Data Processing Addendum is available through the Groq console.
I use Hugging Face to generate semantic embeddings of your chat queries in the portfolio chatbot mentioned in section 3.2. This allows the chatbot to find relevant information from my portfolio data. When you use the chatbot, your chat messages may be sent to Hugging Face to generate embeddings. Hugging Face acts as a data processor (Article 4(8) GDPR) on my behalf for this purpose. Hugging Face is a service provided by a company that may process data in the United States or other locations outside the European Economic Area.
Hugging Face has implemented appropriate safeguards to protect your data, including:
According to Hugging Face's privacy policy, they do not store customer data payloads or tokens passed to their services. Data in transit is encrypted using TLS/SSL. Logs are stored for 30 days for security and troubleshooting purposes.
Please refer to Hugging Face's Privacy Policy for more information. Enterprise customers can request specific data processing agreements through Hugging Face's Enterprise plans.
The "About" section of this website loads an external image (GitHub contribution graph) from a third-party service (github-readme-activity-graph.vercel.app) to display my public GitHub activity. When you view that section, your browser may send a request to that service; the service may receive your IP address and may use cookies or similar technologies in accordance with its own privacy policy. I do not control this third party. The purpose of embedding this content is to present my public development activity. Legal basis: legitimate interest (Art. 6(1)(f) GDPR). If you prefer to avoid this, you can avoid scrolling to the About section or use a browser that blocks third-party content.
I have entered into Data Processing Agreements (DPAs) with all third-party service providers that process personal data on my behalf. These agreements ensure that:
The following service providers process personal data on my behalf under DPAs:
All DPAs include Standard Contractual Clauses (SCCs) approved by the European Commission for data transfers outside the European Economic Area, ensuring compliance with GDPR requirements.
Under GDPR, you have the following rights:
To exercise these rights, please contact me at msa.nabid.cse@gmail.com.
I implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet is 100% secure.
This website uses localStorage (a browser storage mechanism) to store essential technical preferences. No cookies are used.
The website stores your theme preference (light/dark mode) in your browser's localStorage. This is necessary for the website to remember your display preference and provide a consistent user experience.
Data stored: Theme preference (e.g., "light", "dark", or "system")
Purpose: To remember your display preference so the website appears in your preferred theme on subsequent visits.
Legal basis: Legitimate interest (Article 6(1)(f) GDPR). Storing your theme preference is necessary for my legitimate interest in providing a user-friendly website experience. This processing is minimal, does not involve personal data beyond a technical preference, and enhances your user experience.
Retention: Your theme preference is stored indefinitely in your browser until you clear your browser data or change the preference. You can delete this data at any time by clearing your browser's localStorage.
No consent required: Under GDPR, this type of storage for essential technical purposes does not require consent, as it is strictly necessary for the service you have requested (displaying the website in your preferred theme).
The hosting provider (Vercel) does not set any cookies on your device in connection with this website. Technically necessary processing (such as server-side logging) takes place without placing cookies on your browser.
This website does not use tracking cookies, analytics cookies, or any other tracking technologies that require consent under GDPR. No personal data is collected for analytics, marketing, or profiling purposes.
You can manage or delete data stored in localStorage at any time through your browser settings:
Note: Clearing localStorage will reset your theme preference to the default setting.
I do not use automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you.
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement.
The supervisory authority responsible for me is:
Die Berliner Beauftragte für Datenschutz und InformationsfreiheitI may update this Privacy Policy from time to time. The "Last updated" date at the top of this page indicates when the policy was last revised.
If you have any questions about this Privacy Policy or wish to exercise your rights, please contact me:
Email: msa.nabid.cse@gmail.com