Privacy Notice

Last Updated: April 15, 2026

1. Who I Am and How to Contact Me

I am Rachel See, an individual who lives in Porto, Portugal. I am the sole data controller for rachelsee.com. This Privacy Notice applies to this website only. For the Bells Up AI website and platform, see the privacy notices at bellsup.ai (opens in new tab).

Contact: privacy@rachelsee.com

2. What This Site Collects

Server Logs

When you visit this site, the web server automatically records standard access log data: your IP address, browser type and version (user agent), the page you requested, the referring URL, and the date and time of the request. This is a technical necessity of serving web pages over the internet.

Legal basis: Legitimate interest (GDPR Art. 6(1)(f)). I have a legitimate interest in maintaining a secure, functioning website. The data involved is limited to standard technical metadata. Providing this technical data is necessary to access the website; without it, the website cannot be delivered.

Recipients: My hosting provider, Amazon Web Services (AWS), which processes data on my behalf to provide website hosting and security.

Email Correspondence

If you email me at the address listed in this notice, I will process your email address and any information contained in your message in order to respond to your inquiry.

Legal basis: Legitimate interest (GDPR Art. 6(1)(f)) in responding to correspondence, or, where applicable, taking steps at your request prior to entering into a contract (GDPR Art. 6(1)(b)).

Retention: Correspondence is kept only as long as necessary to handle the inquiry and any related follow-up.

Client-Side Storage

The personal journal section of this site is password-protected. If you enter the journal password, a flag is stored in your browser’s sessionStorage to maintain your access during your browsing session. Because this data is stored and processed entirely in your browser and is never transmitted to the server, it does not constitute personal data processing by me as controller. It is automatically deleted when you close the browser tab.

3. What This Site Does Not Do

• Does not set cookies of any kind
• Does not use Google Analytics or any analytics service
• Does not use advertising networks or tracking pixels
• Does not build visitor profiles or track you across websites
• Does not have contact forms, newsletter signups, or event registrations
• Does not collect names, email addresses, or any information you submit — because there is nothing to submit
• Does not sell, share, or monetize visitor data
• Does not use social media widgets or embedded iframes that load third-party tracking scripts
• Does not engage in automated decision-making or profiling

4. External Links

This site contains outbound hyperlinks to YouTube, SoundCloud, OneDrive, and Facebook. These are standard text or image links — clicking one takes you to that platform’s website. No content from those platforms is embedded on this site, and no scripts from those platforms are loaded here.

Once you follow a link to an external site, that site’s own privacy practices apply. I am not responsible for and have no control over how those platforms handle your data. I encourage you to review their privacy policies.

5. Your GDPR Rights

If you are in the European Economic Area or United Kingdom, you have the following rights regarding any personal data I hold about you:

• Access: Request a copy of the personal data I hold about you.
• Rectification: Ask me to correct inaccurate or incomplete data.
• Erasure: Request deletion of your personal data, subject to any legal retention obligations.
• Restriction of processing: Ask me to limit how I process your data in certain circumstances.
• Object: Object to processing based on legitimate interests.
• Data portability: This right generally does not apply to the server-log processing described here, because it is not based on consent or contract.
• Lodge a complaint: File a complaint with a supervisory authority if you believe your rights have been violated.

To exercise any of these rights, contact me at privacy@rachelsee.com. I will respond within one month.

Supervisory authority: Because I reside in Portugal, the relevant supervisory authority is the CNPD (Comissão Nacional de Proteção de Dados), reachable at www.cnpd.pt (opens in new tab). If you reside in another EU member state, you may also lodge a complaint with your local data protection authority.

6. International Data Transfers

Server log data is processed by Amazon Web Services, Inc. (US) on my behalf. The transfer basis is the European Commission’s adequacy decision for the EU-U.S. Data Privacy Framework. For visitors from the United Kingdom, AWS is also covered under the UK Extension to the Data Privacy Framework.

7. Data Retention

Server logs are automatically rotated and deleted after 14 days.

8. Security

This site is served over HTTPS. Access to the server is restricted to key-based SSH authentication. There is no database, no user accounts, and no stored personal data beyond server logs.

9. Children’s Privacy

This site does not knowingly collect personal information from children beyond standard technical server logs automatically generated when any visitor accesses the site.

10. Changes to This Notice

I may update this Privacy Notice to reflect changes in my practices or applicable law. When I do, I will update the “Last Updated” date above. Because this site does not collect contact information, I have no way to notify you directly of changes.

Congratulations! You have read my Biscuit Policy. Mention “Biscuit Policy” to me the next time you see me in person, and I will buy you a beverage.

11. Questions

If you have questions or concerns about this notice or my data practices, contact me at privacy@rachelsee.com.