Privacy Policy
Last updated: 25 April 2026This page explains what personal data Vinicius Murari Photography ("we", "I", "us") collects when you use viniciusmurari.com, why we collect it, and what rights you have under the General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018.
1. Who is the data controller?
Vinicius Murari, sole trader, based in Dublin, Ireland. Contact: hello@viniciusmurari.com.
2. What data we collect
2.1 Contact form submissions
When you fill out a form on this site (contact form, enquiry form on a service page, or WhatsApp button), we collect:
- Your name
- Your email address
- Your phone number (optional)
- The content of your message
- The service or page you enquired about
Lawful basis: Article 6(1)(b) GDPR — performance of a contract (responding to your enquiry) and Article 6(1)(f) — legitimate interest (operating a photography business).
How long we keep it: Up to 24 months from your last interaction, after which it is deleted unless we have a contractual relationship.
2.2 Usage analytics (Google Analytics 4)
If you accept the cookie banner, this site loads Google Analytics 4 to measure aggregate usage (which pages get most visits, which countries readers come from, what device they use). GA4 is configured with:
anonymize_ip = true(last octet of your IP is removed before storage)allow_google_signals = false(no cross-device tracking)allow_ad_personalization_signals = false(no advertising profile)
If you reject the banner, no GA cookies are set and no data is sent to Google. Your choice is stored locally (key vm_consent_analytics) so the banner does not reappear.
Lawful basis: Article 6(1)(a) GDPR — your explicit consent (you can withdraw it any time by clearing your browser data for this site).
Cookies set when you accept: _ga (2 years), _ga_* (2 years). See Google's Privacy Policy.
2.3 Theme preference
If you toggle dark mode, your preference is stored in your browser's localStorage (key: theme). This data never leaves your device and is not personal data.
3. Third-party processors
| Service | Purpose | Data shared | Location |
|---|---|---|---|
| Web3Forms | Sends contact-form messages to our inbox | Name, email, phone, message | Germany (EU) |
| Cloudinary | Image hosting and delivery | None (only photos we upload) | USA / EU |
| Supabase | Database for blog posts and gallery metadata | None (no user data stored) | EU |
| Cloudflare Pages | Website hosting and CDN | IP address (logs) | Global |
| Google Analytics 4 | Usage statistics (only with consent) | Anonymised IP, page URL, referrer, browser, device | USA |
| Google Maps Embed | Map display in contact section | IP address | USA |
| YouTube / Vimeo | Video embeds (only when you press play) | IP, device info | USA |
4. Cookies
The site sets cookies only after you click "Accept" on the consent banner. Specifically:
_ga,_ga_*(Google Analytics 4) — 2-year lifetime, used to count returning visitors. Anonymised.
localStorage (not a cookie, never sent to any server) is used for: theme (dark mode preference, functional, no consent needed) and vm_consent_analytics (remembers your banner choice).
Embedded third-party content (YouTube, Vimeo, Google Maps) may set their own cookies once you interact with them.
5. Your rights under GDPR
You have the right to:
- Access a copy of any personal data we hold about you
- Rectify inaccurate data
- Erase ("right to be forgotten") your data
- Restrict or object to our processing
- Portability — receive your data in a machine-readable format
- Lodge a complaint with the Irish Data Protection Commission
To exercise any of these rights, email hello@viniciusmurari.com. We respond within 30 days.
6. Photos taken at your event
If you book a photography session, we will photograph you and (where applicable) your guests. The processing of those images is governed by the contract you sign before the shoot, which specifies usage rights, deletion timelines, and any model-release terms. Images are stored in encrypted cloud backups for at least 5 years for archival purposes unless you request deletion.
7. International transfers
Some processors (Cloudinary, Cloudflare, Google, YouTube, Vimeo) are based in the United States. These transfers are governed by Standard Contractual Clauses (SCCs) and, where applicable, the EU–US Data Privacy Framework.
8. Security
We protect your data using HTTPS (TLS 1.3), strict Content Security Policy, PBKDF2-hashed admin credentials, and regular security audits. See SECURITY.md for technical details.
9. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top reflects the most recent change. We will not retroactively reduce your rights without notifying you.
10. Contact
Questions about this policy: hello@viniciusmurari.com · WhatsApp: +353 83 206 3109