Privacy Policy

1. Who we are

In this policy, "Edgecraft", "we", "us" and "our" refer to the independent Cloudflare consultancy operating this website and providing Cloudflare security, bot protection, WAF, DDoS, Zero Trust and performance services for e-commerce, SaaS and high-traffic sites.

For the purposes of the EU and UK General Data Protection Regulation (GDPR), Edgecraft is the data controller for personal data collected through this website and in the course of our client relationships. When we process data on behalf of a client as part of a paid engagement, we may instead act as a data processor under a separate data processing agreement.

• Legal entity: [Insert legal name / company number]
• Registered address: [Insert address]
• Data protection contact: [Insert email, e.g. privacy@yourdomain.com]

2. What personal data we collect

We aim to collect the minimum data necessary. The categories below describe what we typically process:

Information you give us

• Contact form & enquiries: your name, email address, company name (optional), and the content of your message when you use our contact page, request a Cloudflare audit or ask for emergency support.
• Engagement & billing data: if you become a client, the contact, technical, contractual and billing details needed to scope, deliver and invoice the work.
• Correspondence: emails, call notes and any information you choose to share with us about your environment.

Information collected automatically

• Website analytics: aggregated, privacy-respecting usage data such as pages viewed, approximate region, referring source, device and browser type. Where possible we use analytics configured to avoid or minimise personally identifiable information.
• Server & security logs: technical data such as IP address, timestamps and request metadata, processed by our hosting provider and by Cloudflare to keep the site available and secure.

We do not intentionally collect special-category data (such as health, biometric or political data) through this website, and we ask that you do not submit such information through our forms.

3. How we use your data and our legal basis

Under GDPR we must have a lawful basis for each processing activity. The list below summarises the main purposes and the basis we rely on:

• Responding to enquiries — to answer your questions and prepare proposals. Legal basis: legitimate interests, or steps taken at your request prior to entering a contract.
• Delivering services — to scope, perform and support Cloudflare consulting and managed work. Legal basis: performance of a contract.
• Billing, accounting and tax — to invoice and meet financial record-keeping duties. Legal basis: legal obligation and legitimate interests.
• Site security and availability — to protect the website against abuse, fraud and attack. Legal basis: legitimate interests.
• Analytics and improvement — to understand how the site is used and improve it. Legal basis: consent where required, otherwise legitimate interests.
• Marketing communications — only where you have opted in. Legal basis: consent, which you can withdraw at any time.

4. Cookies and similar technologies

Cookies are small files stored on your device. We use a limited set of them:

• Strictly necessary cookies — required for the site to function and to keep it secure (including cookies that Cloudflare may set to distinguish legitimate visitors from malicious bots and to mitigate attacks).
• Analytics cookies — used, where applicable, to measure how the site is used. These are only set in line with your cookie preferences where consent is required.

You can control or delete cookies through your browser settings and, where we present a cookie banner, through your consent choices. Blocking some cookies may affect how parts of the site work.

5. Third parties and sub-processors

We share personal data only with trusted service providers who help us run our business, and only as needed. Each is expected to provide appropriate safeguards. Typical categories include:

• Hosting / infrastructure provider — stores and serves the website and related data. [Insert provider name.]
• Cloudflare, Inc. — provides CDN, security (WAF, bot management, DDoS mitigation) and performance services in front of our site; it processes technical request data and security logs to protect and accelerate the site.
• Analytics provider — measures website usage. [Insert provider name.]
• Email, scheduling and CRM tools — help us communicate with you and manage enquiries. [Insert provider names.]
• Accounting / invoicing and payment providers — handle billing for client engagements. [Insert provider names.]

We do not sell your personal data. We may disclose data where required by law, to enforce our agreements, or to protect our rights, safety or property.

6. How long we keep your data (retention)

We keep personal data only as long as necessary for the purpose it was collected, then delete or anonymise it. As general guidance:

• Contact-form enquiries that do not become projects: typically retained for up to 12–24 months, then deleted.
• Client engagement records: retained for the duration of the relationship and a reasonable period afterwards.
• Billing and accounting records: retained for the period required by applicable tax and company law (often 6–10 years).
• Analytics and security logs: retained for shorter, rolling periods consistent with the provider's settings.

Adjust these periods to match your real retention schedule and local legal requirements.

7. Your rights under GDPR

If you are in the EU, UK or another region with similar laws, you have rights over your personal data, including the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate or incomplete data.
• Erasure — ask us to delete your data ("right to be forgotten"), subject to legal exceptions.
• Restriction — ask us to limit how we use your data.
• Objection — object to processing based on legitimate interests or to direct marketing.
• Portability — receive certain data in a structured, machine-readable format.
• Withdraw consent — where we rely on consent, withdraw it at any time without affecting prior processing.

You also have the right to lodge a complaint with your local data protection authority (for example, the ICO in the UK or your national supervisory authority in the EU). We would, however, appreciate the chance to address your concerns first.

8. International data transfers

Some of our service providers (including Cloudflare and certain analytics or email tools) may process data outside your home country, including in the United States. Where personal data is transferred outside the EU/UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Agreement / Addendum, or adequacy decisions where they apply. You can ask us for more information about the safeguards in place.

9. How we keep data secure

We apply reasonable technical and organisational measures appropriate to the data we handle, including access controls, encryption in transit, and Cloudflare's edge security in front of this site. No method of transmission or storage is completely secure, so while we work hard to protect your data we cannot guarantee absolute security.

10. Contacting us about your data

To exercise any of your rights, ask a question about this policy, or make a data request, contact us at [privacy@yourdomain.com] or via our contact page. We may need to verify your identity before acting on a request, and we aim to respond within the timeframe required by law (generally within one month under GDPR).

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services or legal obligations. When we make material changes we will update the "last updated" date at the top of this page and, where appropriate, notify you. We encourage you to review this page periodically.

You may also find our resources and service pages helpful for understanding how we work, including our consulting services and Cloudflare audit.