Privacy notice

How this site treats your data: first‑party delivery, strict browser security, no advertising trackers, and no third‑party scripts or fonts on public pages.

Controller: Mohammed Rahhal, operating this personal website at mocipher.com (the “site”). For privacy questions, use the contact options on the homepage contact section.

First‑party by design

Public pages are served from this domain. Typography, markdown rendering, syntax highlighting, and the admin rich‑text editor load from /assets/ and /styles/ on the same origin — not from external CDNs — so routine browsing does not notify third parties for fonts or JavaScript libraries.

Share buttons on blog posts only open a new window when you click them; they do not embed trackers on this site.

What this site collects

  • Contact form: Name, email, and message you submit. A hidden honeypot field may be filled by bots and is discarded without storage.
  • Technical data: Cloudflare (or comparable hosting) may process IP addresses, TLS metadata, and abuse signals to deliver pages and protect infrastructure.
  • Optional email relay: If a API_KEY secret is configured on the server, the contact handler may forward a copy of your message to the operator’s inbox via Resend’s API. Submissions are still stored first‑party in KV; email delivery is optional and can be disabled by removing that secret.

Purposes and legal bases (Switzerland / EEA)

Contact and correspondence: legitimate interests (Art. 6(1)(f) GDPR) and, where relevant, pre‑contractual measures (Art. 6(1)(b)). Site operation and security: legitimate interests and, where applicable, Swiss FADP purposes for processing in connection with a website.

Retention

Contact entries in KV are trimmed to a bounded history server‑side. Retention beyond that is limited to what is needed to answer you or meet legal record‑keeping, then deleted or anonymised.

Processors and transfers

Infrastructure (Cloudflare Pages, Workers, KV, DNS) processes data on our instructions. Data may be processed in Switzerland, the EEA, or other jurisdictions with appropriate safeguards (including SCCs) where the provider requires it.

Your rights

Subject to applicable law, you may request access, correction, deletion, restriction, objection, or portability, and may lodge a complaint with a supervisory authority (for example the Swiss Federal Data Protection and Information Commissioner EDÖB or your local EU authority). Contact the controller using the details above.

Cookies

The public site does not use advertising cookies. There are no third-party analytics or tracking pixels on normal pages — see the colophon for how the site is built. A service worker may cache static files for offline resilience; you can clear site data in your browser to remove that cache.

Security headers

Responses include a strict Content-Security-Policy (first‑party scripts and styles), HSTS, frame denial, and related hardening.

Changes

This notice is updated when processing or providers change.

Last updated: May 2026