Privacy Policy

1. Introduction

MyCyberSecurityPath ("we," "us," or "our") is operated by Renu Sharma, a sole trader registered under an Australian Business Number (ABN). We are committed to protecting your personal information and your right to privacy.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at mycybersecuritypath.com (the "Site"). It applies to all visitors worldwide and complies with the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the European Union General Data Protection Regulation (GDPR) where applicable.

By using the Site, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use the Site.

2. Information We Collect

We collect information in the following ways:

Information You Provide Directly

• Email address — When you subscribe to our newsletter via Kit (ConvertKit), we collect your email address. This is voluntary and requires your explicit opt-in.
• Comments — If you leave comments on blog posts via Giscus (powered by GitHub Discussions), your comment content and GitHub username are stored by GitHub. We do not separately collect or store this data.

Information Collected Automatically

• Analytics data — We use Google Analytics 4 (property ID: G-LVQF4CY4M8) to collect anonymised usage data including pages visited, time on page, device type, browser type, approximate geographic location, and referral source.
• Custom event data — We track specific interactions via Google Analytics 4: newsletter signup submissions, call-to-action clicks, product link clicks (including product name and price), and page feedback ratings (helpful/not helpful).
• Page feedback — When you use the "Was this page helpful?" feature, your response (positive or negative) is stored locally on your device using browser localStorage (key: feedback:{page}). This data remains on your device and is also sent as an anonymous event to Google Analytics 4.
• Server logs — Our hosting provider (Vercel) automatically collects standard server log data including IP addresses, browser type, and request timestamps.

Information Collected by Third Parties

• Payment information — When you purchase digital products, payment is processed by LemonSqueezy. We do not collect, store, or have access to your full credit card or payment details. LemonSqueezy handles all payment processing securely.
• Font requests — We load the Inter font from Google Fonts. When the font is requested, Google may receive your IP address and browser information.
• Video embeds — We embed YouTube videos using the privacy-enhanced mode (youtube-nocookie.com), which limits tracking cookies. However, YouTube may still collect some data when you interact with embedded videos.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Newsletter delivery — To send you cybersecurity learning content, updates, and occasional product announcements. You can unsubscribe at any time.
• Email marketing campaigns — With your opt-in consent, we may send promotional emails about our digital products, new content, and relevant cybersecurity resources.
• Site improvement — Analytics data helps us understand which content is most valuable, identify technical issues, and improve the user experience.
• Purchase processing — To facilitate the delivery of digital products you purchase through LemonSqueezy.
• Content feedback — Page feedback ratings help us identify content that needs improvement.

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

4. Cookies and Tracking Technologies

The Site uses the following cookies and tracking technologies:

• Google Analytics cookies — _ga and _ga_* cookies are set by Google Analytics 4 to distinguish unique visitors and track session information. These cookies expire after 2 years and 24 hours respectively.
• localStorage — We use browser localStorage to store your page feedback preferences. This is not a cookie, is not transmitted to our servers, and remains entirely on your device. You can clear it through your browser settings.

We do not use advertising cookies, retargeting pixels, or social media tracking pixels.

YouTube Privacy-Enhanced Mode

Embedded YouTube videos use the youtube-nocookie.com domain, which prevents YouTube from setting tracking cookies unless you actively play the video.

Google Fonts

We load fonts from Google Fonts servers. This means your browser makes a request to Google's servers to download the font files. Google's privacy policy governs this data collection.

5. Third-Party Services

We use the following third-party services. Each has its own privacy policy governing data it collects:

• Google Analytics 4 — Web analytics. Google Privacy Policy
• Kit (ConvertKit) — Email newsletter service. Kit Privacy Policy
• LemonSqueezy — Digital product sales and payment processing. LemonSqueezy Privacy Policy
• Vercel — Website hosting and deployment. Vercel Privacy Policy
• Google Fonts — Typography. Google Privacy Policy
• YouTube — Video embeds (privacy-enhanced mode). Google Privacy Policy
• Giscus / GitHub — Blog comments via GitHub Discussions. GitHub Privacy Statement

6. International Data Transfers

MyCyberSecurityPath is operated from Australia. However, the third-party services we use may process data in other countries, including the United States and the European Union.

By using the Site, you acknowledge that your data may be transferred to and processed in countries other than your own. We rely on our third-party providers' data protection measures, including standard contractual clauses and other appropriate safeguards, to protect your information during these transfers.

7. Australian Privacy Principles

We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth):

• APP 1 — Open and transparent management — This Privacy Policy describes how we manage personal information.
• APP 5 — Notification of collection — We notify you at the point of collection (e.g., newsletter signup forms) about what data we collect and why.
• APP 6 — Use and disclosure — We only use personal information for the purposes described in this policy.
• APP 11 — Security — We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access. Our hosting provider (Vercel) enforces security headers including X-Frame-Options, X-Content-Type-Options, and strict Referrer-Policy.
• APP 12 — Access — You may request access to the personal information we hold about you.
• APP 13 — Correction — You may request correction of any inaccurate personal information.

8. Your Rights (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of access — Request a copy of the personal data we hold about you.
• Right to rectification — Request correction of inaccurate personal data.
• Right to erasure — Request deletion of your personal data ("right to be forgotten").
• Right to data portability — Request your data in a structured, machine-readable format.
• Right to object — Object to the processing of your personal data.
• Right to withdraw consent — Withdraw your consent at any time (e.g., unsubscribe from our newsletter).

To exercise any of these rights, please contact us using the details in the Contact Us section below. We will respond to your request within 30 days.

Our legal basis for processing personal data under the GDPR is: consent (for newsletter subscriptions and email marketing), legitimate interests (for analytics and site improvement), and contract performance (for digital product purchases).

9. Data Retention

• Email addresses — Retained until you unsubscribe from our newsletter. Upon unsubscription, your email is removed from our active mailing list.
• Analytics data — Retained according to Google Analytics' data retention settings (default: 14 months).
• Page feedback — Stored in your browser's localStorage until you clear it. This data is under your control.
• Purchase records — Retained by LemonSqueezy as required for transaction records and tax compliance.
• Server logs — Retained by Vercel according to their data retention policy.

10. Children's Privacy

MyCyberSecurityPath is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will take steps to delete that information.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

12. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have a complaint about our handling of your personal information, please contact us:

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).