Privacy Policy

1. Plain-English summary

html.design is a free HTML template library. You can download everything without creating an account. If you don't opt into the newsletter and don't fill in a contact form, we know roughly nothing about you beyond an anonymized page view in Google Analytics.

When you do give us data — your email for the newsletter, your details for a quote form — we use it only for the thing you signed up for. We don't resell, we don't share with advertisers, and we give you a one-click unsubscribe on every email.

2. What we collect

Information you give us directly

• Email address — if you subscribe to our newsletter, fill in a contact form, or request a quote.
• Name, phone, and project details — if you use a service page quote form (PSD to HTML, Figma to HTML, Manage Website).
• Account information — name and email, if you choose to create an optional account for favorites and download history.

Information collected automatically

• Pseudonymous analytics — page URL, referrer, viewport size, and an anonymized IP (Google Analytics 4 with IP-anonymization enabled).
• Server logs — for rate limiting and abuse prevention. Retained for 30 days, then deleted.
• Download counts — per-template, aggregated only. We do not tie downloads to individual users.

3. How we use it

• To send you the newsletter and service-related emails you asked for
• To respond to contact and quote requests
• To understand aggregate usage patterns (which templates are popular, where traffic comes from)
• To prevent abuse — rate-limiting, spam filtering, bot detection
• To comply with legal obligations

We do not use your data to build advertising profiles, sell to data brokers, or train AI models.

4. Cookies & analytics

We use the following cookies:

• Strictly necessary: session and CSRF tokens. Required for the site to work.
• Analytics: _ga, _ga_* (Google Analytics 4). You can opt out by installing the Google Analytics opt-out browser add-on.
• Preferences: theme (dark/light) and language settings, if you change them.

We do not run any advertising cookies, retargeting pixels, or third-party trackers.

5. Third parties

We use a small number of trusted services to run the site. Each has its own privacy policy:

• Google Analytics 4 — anonymized site analytics
• Cloudways (Cloudflare) — hosting, CDN, DDoS protection
• Buttondown — newsletter delivery (if you subscribe)
• Google Fonts — web fonts served via preconnect

We don't share your data with any service beyond what's strictly required for it to do its job.

6. Your rights (GDPR & CCPA)

Wherever you are, you have the right to:

• Ask us what data we hold about you
• Request a copy (data portability)
• Correct inaccurate data
• Delete your data ("right to be forgotten")
• Opt out of the newsletter (one-click in every email)
• Withdraw consent at any time

Email [email protected] with your request. We typically respond within one week and never charge for data requests.

7. Retention

• Newsletter subscribers: until you unsubscribe (one-click). We delete the row from our DB within 30 days of unsubscribe.
• Contact / quote form submissions: 12 months, then deleted or anonymized.
• Server logs: 30 days, then deleted.
• Analytics: Google's default 14-month retention.

8. Security

All traffic is HTTPS. Passwords are hashed with bcrypt. The database is not publicly accessible. Backups are encrypted at rest and stored in a separate region. We perform quarterly dependency audits.

If we ever discover a data breach affecting your personal data, we'll notify you within 72 hours as required by GDPR.

9. Children's privacy

html.design is a general-audience technical site not directed at children under 13. We do not knowingly collect data from children. If you believe we've collected data from a child, email us and we'll delete it.

10. Changes to this policy

When we update this policy, we'll revise the "Last updated" date at the top and — for significant changes — email existing newsletter subscribers. We keep prior versions available on request.

11. Contact