Privacy

Privacy & Cookies Policy

How georgesrayess.com handles your data. Plain language, no dark patterns. Effective: 28 May 2026.

The short version. This site is a static personal consulting site. I run Google Analytics (deferred so it doesn't slow your visit) to see roughly how many people read which pages. I don't run ads, I don't have a contact form, I don't sell data, and I don't share data with marketers. The only third parties involved are Google (analytics and fonts), Vercel (hosting), Calendly (only if you click "Book a Call"), and LinkedIn (only if you click my profile link).
Contents
  1. Who I am
  2. Data collected
  3. Cookies and similar technologies
  4. Third-party services used
  5. How the data is used
  6. Sharing and disclosure
  7. Your rights (GDPR, UK GDPR, CCPA/CPRA)
  8. How to exercise your rights
  9. Data retention
  10. Children's data
  11. International data transfers
  12. Security
  13. Changes to this policy

1. Who I am

This site is operated by Georges Rayess, an independent product and growth consultant based in Beirut, Lebanon. For the purposes of GDPR, I act as the data controller for any personal data processed through this site.

Contact: Hello@georgesrayess.com — this is the only address to use for privacy questions, data subject requests, or anything related to this policy.

2. Data collected

Data you actively provide

There is no contact form on this site. If you email me at Hello@georgesrayess.com or book a call through Calendly, the data you share in that email or booking flow (your name, email address, and the content of your message) is processed by me to reply.

Data collected automatically

When you load a page, my analytics provider (Google Analytics 4) automatically receives:

  • The page URL you visited and the page you came from (referrer)
  • Your approximate location, derived from your IP address at the country/region level (Google Analytics 4 does not store full IP addresses by default)
  • Your browser, device type, operating system, and screen size
  • An anonymous client ID stored in a cookie (see section 3) so the same browser is recognized across pages and visits
  • Events like page views, scroll depth, and outbound link clicks

Analytics loads after a 2.5-second delay or on your first interaction (scroll, click, touch, mouse move), whichever comes first. This is a deliberate performance choice — it also means very short visits often don't get tracked at all.

My host (Vercel) and the font CDN (Google Fonts) receive your IP address as a technical necessity of serving the page. They process this for security and operational logging according to their own policies (linked in section 4).

3. Cookies and similar technologies

I do not set any cookies of my own. The cookies you may receive while visiting this site come from Google Analytics 4:

  • _ga — used to distinguish visitors. Stored for up to 2 years.
  • _ga_C2VVTZ55N9 — session-state cookie for the specific GA4 property used here. Stored for up to 2 years.

These are first-party cookies (set under the georgesrayess.com domain) and are used only for aggregate analytics. They contain no personally identifiable information.

You can block these cookies via your browser settings, by enabling "Do Not Track," or by installing a browser-level opt-out tool such as Google's own Analytics Opt-Out browser add-on. Blocking the cookies will not affect site functionality.

No cookie consent banner yet. This site does not currently surface a cookie consent banner. If you visit from the EU/UK or another jurisdiction with mandatory pre-consent rules, you can block analytics via the browser methods above. A consent banner is on the planned changes list; you can hold me to that.

4. Third-party services used

The third parties involved in operating this site:

  • Vercel — hosts the site. Receives every request (IP, user agent, requested URL) for the purpose of serving the page and operational logging. Vercel privacy policy.
  • Google Analytics 4 — receives the analytics events described in section 2. Operated by Google LLC. Google privacy policy.
  • Google Fonts — fonts.googleapis.com serves the typography. Receives your IP address as a technical necessity. Google privacy policy.
  • Calendly — only invoked if you click a "Book a Call" link. At that point you leave this site and Calendly's own policy applies to the booking flow. Calendly privacy notice.
  • LinkedIn — only invoked if you click my LinkedIn profile link. LinkedIn's policy applies once you've left this site. LinkedIn privacy policy.

I have no other analytics, no advertising or remarketing pixels, no chat widget, no session-replay tools (Hotjar, Microsoft Clarity, etc.), no A/B testing or personalization tools, and no marketing automation. I deliberately keep the surface small.

5. How the data is used

Analytics data is used to understand which pages and topics get read, where readers come from, and which content is worth investing more time in. Aggregated only — I do not attempt to identify individual visitors.

If you email me or book a call, your message and booking details are used only to reply, schedule, and prepare for the conversation. They are not added to any marketing list and not shared with any third party.

I do not use personal data for automated decision-making or profiling.

6. Sharing and disclosure

I do not sell personal data. I do not share personal data with advertisers, data brokers, or marketing networks.

The only entities that receive data are the processors named in section 4, each acting as a sub-processor in their stated role (hosting, analytics, font delivery, scheduling, professional networking).

I may disclose data if legally required (court order, subpoena, or other binding legal process), but I will push back where possible and will inform you unless legally prohibited from doing so.

7. Your rights (GDPR, UK GDPR, CCPA/CPRA)

Depending on where you live, you may have any of the following rights:

  • Right to access — request a copy of any personal data I hold about you.
  • Right to rectification — correct inaccurate data.
  • Right to deletion / erasure — ask me to delete your data.
  • Right to restrict processing — limit how I use your data.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — to processing based on legitimate interest.
  • Right to opt out of "sale" or "sharing" (CCPA) — not applicable because I don't sell or share personal data, but the right exists.
  • Right to withdraw consent — for any processing based on consent.
  • Right to lodge a complaint with your local supervisory authority (e.g. your country's data protection authority, the UK ICO, or your state attorney general in the US).

8. How to exercise your rights

Email Hello@georgesrayess.com with the subject line "Privacy request" and tell me what you want done.

I respond within 30 days for GDPR requests and 45 days for CCPA requests (the legal maxima). In practice, expect a reply inside one business day because there is no team — it's just me.

I may ask you to verify your identity before fulfilling a request, particularly for access and deletion, to make sure I'm not handing data to or deleting data on behalf of someone other than you.

9. Data retention

Analytics events in Google Analytics 4 are retained according to the GA4 user-data retention setting configured on the property. After that period, individual events are deleted; only fully aggregated reports remain.

Emails you send me are kept in my inbox indefinitely unless you request deletion. Calendly booking records are retained by Calendly per their own policy.

10. Children's data

This site is not directed at children under 16, and I do not knowingly collect personal data from anyone under that age. If you believe a child has provided personal data, email me and I will delete it.

11. International data transfers

I am based in Lebanon. The site is hosted on Vercel's global CDN, which serves visitors from the nearest available region. Analytics and fonts are operated by Google LLC, headquartered in the United States.

When data crosses borders between the EU/UK and the US, the processors involved (Google, Vercel) rely on their own legal mechanisms (Data Privacy Framework certification, Standard Contractual Clauses, or equivalent) to safeguard transfers.

12. Security

The site runs over HTTPS only with HSTS enforced. No personal information is collected through forms on this site (because there are no forms). Email correspondence with me is protected only by standard email transport security (typically TLS between mail servers); please use that channel with the discretion you'd apply to any unencrypted email.

13. Changes to this policy

If I make material changes to how I handle data, I'll update this page and bump the effective date at the top. Minor edits for clarity won't trigger a date bump.

The current version is effective 28 May 2026.