How your data is handled.
Last updated · 21 May 2026
my way aroundis a personal travel journal run by Hemanth Poondla — a sole-proprietor publication, not a company. This page says exactly what data the site touches, why, and how to ask for it to be changed or removed. It is written to satisfy India's Digital Personal Data Protection Act, 2023 (DPDP) and the EU GDPR for visitors reaching the site from those regions.
Who is responsible
Hemanth Poondla is the data fiduciary (DPDP) / data controller (GDPR) for this site. For any privacy question, correction request, or grievance, reach me at hello@mywayaround.blog. I respond personally — usually within a few days.
What is collected, and why
The site collects only what it needs to function:
- Email address — when you sign in (magic-link login), subscribe to the newsletter, post a guest story, leave a comment, or mark interest in an upcoming trip. Used only to authenticate you, send the newsletter, or contact you back.
- Name and message text — when you submit a comment, story, or trip-interest note. Published only after moderation, and only the fields you typed.
- Bookmarks and theme choice— kept in your own browser's localStorage. They never leave your device.
- Server logs — Cloudflare records the request path, response time, and a coarse IP region for abuse-prevention and uptime. These logs are not joined to anything you typed.
- Payment information — when the paid-itinerary feature is live, payments are processed by Razorpay. The site never sees or stores your card data; it only receives the success/failure result.
No advertising or analytics scripts run on this site. No third-party tracker is loaded. Specifically: no Google Analytics, no Meta Pixel, no Hotjar, no fingerprinting.
Who processes data on my behalf
Three vendors touch your data, each only for the function named:
- Supabase— the authenticated database. Stores your email when you log in, plus any comments, story submissions, or bookmarks tied to your account. Bound by Supabase's Privacy Policy and DPA.
- Cloudflare — hosts the site (Workers) and forwards email sent to @mywayaround.blog. Subject to Cloudflare's privacy commitments and Privacy Policy.
- Resend — sends the newsletter and the itinerary delivery email. Stores delivery metadata (your address, whether the email opened) for transactional reporting. See Resend's Privacy Policy.
How long it is kept
- Newsletter subscriptions — until you unsubscribe (one-tap link in every email).
- Account email and comments — until you ask for the account to be deleted.
- Server logs — rotate within 30 days.
Your rights
Under DPDP and the GDPR you have the right to ask for a copy of your data, to correct it, to have it deleted, to withdraw consent, and to lodge a grievance. Write to hello@mywayaround.blog with what you'd like done — I'll action it within seven days. For unresolved DPDP grievances, the Data Protection Board of India is the appellate body once it is operational.
Children
This site isn't directed at children under 18 (DPDP §9). Sign-up and comment forms are intended for adults.
Changes to this notice
Material changes are logged with a new “Last updated” date at the top. The current version is always at https://mywayaround.blog/privacy.