Plain English. No dark patterns.

hey-ash.com is a solo SEO operation. There is no marketing team behind this page, no data warehouse, no advertising network buying audiences from your visit. What follows is the actual full list of what happens when you use the site.

01Who runs this site

hey-ash.com is operated by Ashikur Rahman, a sole-proprietor SEO consultant working with US law firms. The site is hosted on a managed WordPress stack; this page covers data handling for the site itself, not for clients’ websites that I may be working on under a separate engagement.

For data handling inside active client engagements (Search Console access, analytics access, CMS admin), the contract or NDA in place between Ashikur Rahman and the client governs.

02What gets collected

The site collects only what is needed to reply to you and to run basic analytics. Specifically:

• Contact-form submissions. When you submit the free-audit form or the contact form, I receive your domain plus any optional fields you filled in (name, firm, focus area, notes).
• Direct email. If you email contact@hey-ash.com, that email arrives in a standard inbox; same retention rules as any business email.
• Server access logs. The hosting provider logs IP addresses, user-agent strings, and request paths for security and uptime monitoring. These rotate on the host’s schedule and are not used for any marketing purpose.
• Analytics events. Aggregated, non-identifying analytics on pageviews, referrer, country, device class, and engagement time.

The site does not run cross-site advertising pixels (no Facebook Pixel, no Google Ads conversion pixel, no LinkedIn Insight tag). It does not sell, rent, or share your data with brokers.

03Why it gets collected

Three reasons, in order of how much data each one needs.

To reply to you

Form and email content gets used to write the first reply and, if it turns into an engagement, to scope the work. Once an engagement ends, the contact history may be retained for follow-up reference, unless you ask for deletion.

To improve the site

Analytics gets used to understand which pages help and which pages confuse. Aggregated only. No individual visitor profiling.

To keep the site secure

Server logs and the web application firewall use IP and request data to block obvious attack traffic. Standard hosting-provider practice.

04Third-party tools

The site uses a small number of third-party services. Each one only sees the slice of data needed to do its job.

• Hosting provider (Hostinger). Server-level logs, IP, request data. Their privacy policy governs.
• Cloudflare. Edge caching, DDoS protection, web application firewall. Sees request metadata, no form content.
• Google Search Console & Bing Webmaster. Used by me to monitor the site’s own search performance. They do not receive your form submissions.
• Analytics platform. Aggregated pageview and event data for site improvement only.
• Email provider. Standard business email handling for contact@hey-ash.com.

No data is shared with advertising networks, lead-resale platforms, or marketing data brokers.

05Cookies & tracking

The site uses a small set of cookies for the following purposes only:

• Functional cookies. Maintaining session state, remembering whether you have dismissed banners.
• Analytics cookies. Anonymous identifiers tied to aggregated session data, not to your name or email.
• Security cookies. Cloudflare bot-protection cookies.

You can clear or block these in your browser settings without breaking the site’s main functions. There are no advertising cookies.

06How long data is kept

• Contact-form submissions and emails: 36 months from last contact, then deleted on next quarterly cleanup, unless an active engagement keeps them current.
• Server access logs: Host-defined rotation (typically 14 to 30 days).
• Analytics aggregates: Up to 26 months in raw form, indefinitely in aggregated, non-identifying form.
• Engagement records: Governed by the engagement contract or NDA, typically retained for 7 years for tax and legal recordkeeping.

07Your rights

If you are in the EU, UK, California, or any other jurisdiction with personal data rights, the following apply:

• Access: Ask for a copy of what I hold about you.
• Correction: Ask for inaccurate data to be fixed.
• Deletion: Ask for your data to be removed, subject to legitimate retention obligations.
• Objection: Object to specific processing activities.
• Portability: Receive your data in a structured, common format.
• Withdrawal of consent: Where processing relies on consent, withdraw it at any time.

Email contact@hey-ash.com with the request. I aim to respond inside one business day and to complete the request inside 30 days.

08International transfers

The operator is based in Bangladesh (UTC+6) and works with US law firms. Site data therefore moves between Bangladesh, the United States, and the EU regions where hosting providers operate. Where appropriate, standard contractual clauses or equivalent safeguards apply through the vendor (Hostinger, Cloudflare).

09Children

The site is not directed at children under 13 (or under 16 in jurisdictions that set that higher bar). The site does not knowingly collect personal data from minors. If you believe a minor has submitted a form, email contact@hey-ash.com and I will delete the record.

10Changes to this policy

This page may be updated when tools, hosting providers, or applicable law change. The “Last updated” pill near the top of the page reflects the most recent material edit. Where a change is material, prior client contacts will also be notified by email.

11How to reach me

Privacy questions, data requests, and corrections all go to contact@hey-ash.com. The Terms & Conditions page covers contractual matters; this policy covers data handling specifically.

See also: Terms & Conditions · FAQ · Contact