Privacy Policy & Data Protection (GDPR)
Last updated: March 30, 2026
1. Introduction
The website digital3d.com (hereinafter "the Site") respects your privacy and is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR - EU 2016/679).
This policy describes what data we collect, why we collect it, how we use it, and what your rights are.
2. Data Controller
This site is managed by a private individual (not a company), based in Belgium. You can contact me at any time via the Contact page.
3. Data Collected
We collect the following data:
During registration (user account)
- Username — to identify you on the site
- Email address — for login, password recovery, and notifications
- Password — securely stored using BCrypt hashing (never in plain text)
- Registration IP address — for abuse prevention
- Newsletter preference — voluntary opt-in
During browsing (analytics)
- Anonymized IP address — hashed with SHA-256 and a daily salt, making identification impossible
- Browser User-Agent — for compatibility statistics (browser, OS)
- Pages visited — to understand site usage
- Referrer — the page you came from
During site usage
- Blog comments — associated with your user account
- Article subscriptions — to receive email notifications on updates
- Contact messages — sent via email, not stored in our database
During subscription (payment)
- Payments are processed by Stripe. We do not store any credit card data.
- We only store your Stripe subscription ID and its status.
4. Purpose of Processing
Your data is used exclusively for:
- Providing our services — account management, software access, APIs
- Securing the site — abuse prevention, API rate limiting
- Improving the site — anonymous browsing statistics
- Notifying you — updates on articles you subscribed to (opt-in only)
- Managing payments — via Stripe for subscriptions
We never sell your data to third parties. We use no advertising on this site.
5. Cookies
This site uses a minimal number of cookies, all functional (no advertising or third-party tracking cookies):
| Cookie | Duration | Purpose |
|---|---|---|
theme_preference | 1 year | Remember your theme choice (light/dark) |
user_language | 1 year | Remember your preferred language |
analytics_session | 30 days | Anonymous session ID for internal statistics |
.AspNetCore.* | Session | Blazor Server technical cookies (site functionality) |
No third-party cookies (Google Analytics, Facebook Pixel, etc.) are used.
6. Third-Party Services
The following third-party services may receive data as part of the site's operation:
- Stripe (stripe.com) — payment processing. Stripe Privacy Policy
- Google reCAPTCHA v3 — anti-spam protection for the contact form. Google Privacy Policy
- Gravatar (gravatar.com) — avatar display based on your email (MD5 hash). Automattic Privacy Policy
No other data is shared with third parties.
7. Your Rights
Under the GDPR, you have the following rights:
- Right of access — you can request a copy of all data we hold about you
- Right to rectification — you can update your data from your My Account page
- Right to erasure — you can delete your account from My Account ("Delete my account" button). All your data will be removed.
- Right to object — you can unsubscribe from the newsletter and article notifications at any time
- Right to data portability — you can request your data in a structured format
To exercise your rights, contact us via the Contact page.
8. Data Retention
- User account — retained as long as the account is active. Deleted upon request.
- Analytics data — IP addresses are anonymized (SHA-256 hash with daily salt). Events are retained for statistical purposes.
- Comments — retained as long as the article exists. Cascade-deleted if the article is removed.
- Payment data — subscription history is retained for legal and accounting purposes.
9. Security
We take the security of your data seriously:
- HTTPS — all communications are encrypted via TLS
- Passwords — hashed with BCrypt (never stored in plain text)
- Anonymized IPs — SHA-256 hashing with daily salt in analytics
- Payments — processed exclusively by Stripe (PCI DSS certified)
- Restricted access — only the administrator has access to the database
10. Contact
For any questions about your personal data or to exercise your GDPR rights, you can contact us:
- Via the Contact page on this site
- By requesting account deletion from My Account
If you believe your rights are not being respected, you can file a complaint with the Data Protection Authority in your country (in Belgium: autoriteprotectiondonnees.be).