Skip to content

Privacy

Hecaton (the trading name of Jaime Baldó, an individual based in Spain) operates this site. For the purposes of the EU General Data Protection Regulation (GDPR), Jaime Baldó is the data controller. You can reach me about anything on this page at jaime@hecaton.tech.

This page describes the limited data the site collects, why, and the legal basis for it.

Last updated: 20 June 2026.

Contact form

If you submit the form on /contact/, I receive:

  • your name,
  • your email address,
  • optionally your company,
  • and the message you wrote.

Why, and legal basis. I use this only to read and reply to your message and to take any steps you’ve asked for ahead of a possible engagement. The legal basis is your consent in choosing to send the message (GDPR Art. 6(1)(a)) and, where relevant, steps taken at your request prior to a contract (Art. 6(1)(b)).

Who processes it. The form is handled by Web3Forms, a third-party service that forwards submissions to my inbox at jaime@hecaton.tech. Web3Forms stores submissions on servers in the United States and, on the plan this site uses, deletes them automatically after 30 days; it does not use the data for anything else. See web3forms.com/privacy, and “International transfers” below.

Retention. Once a message reaches my inbox, I keep it for up to 12 months after our last contact and then delete it — unless it relates to an engagement we’ve entered into, in which case it’s kept as part of that business record. Ask me anytime to delete it sooner.

Booking

The /contact/ page embeds Cal.com’s EU service (cal.eu) so you can book a call. If you use the widget, Cal.eu receives the name, email, and any notes you enter, in order to schedule the meeting. The EU service stores this data within the European Union. The legal basis is your consent in choosing to book (Art. 6(1)(a)) and steps prior to a contract (Art. 6(1)(b)). See cal.com/privacy.

Analytics

The site uses Umami Cloud (EU region) for basic, privacy-friendly analytics. Umami does not set cookies, does not use any personal identifier, and does not cross-reference visitors across sites — it only produces aggregate counts such as page views and rough referrer, stored on EU servers. The legal basis is my legitimate interest in understanding how the site is used (Art. 6(1)(f)); because no cookies or personal identifiers are involved, no consent banner is required. See umami.is/privacy.

International transfers

Booking (Cal.eu) and analytics (Umami Cloud, EU region) keep data within the European Union. One service processes data outside the European Economic Area (EEA): the contact form is handled by Web3Forms, in the United States. Where personal data is transferred outside the EEA, it relies on the appropriate safeguards under Chapter V of the GDPR, such as the European Commission’s Standard Contractual Clauses or an adequacy decision, as set out in that provider’s own privacy policy.

Your rights

Under the GDPR you have the right to:

  • access the personal data I hold about you,
  • have it corrected if it’s wrong,
  • have it deleted,
  • restrict or object to how it’s used,
  • and receive it in a portable format.

Where processing is based on your consent, you can withdraw that consent at any time. To exercise any of these rights, email jaime@hecaton.tech.

You also have the right to lodge a complaint with the Spanish supervisory authority, the Agencia Española de Protección de Datos (AEPD)aepd.es.

What this site does not do

  • This site sets no cookies of its own. (The embedded Cal.eu booking widget is a third party and may set its own — see its policy above.)
  • No third-party ad networks.
  • No Google Analytics, no Facebook pixel, no tracking script beyond Umami.
  • No newsletter or marketing email capture.

Questions

Email jaime@hecaton.tech.