Privacy

— Last updated 9 May 2026

Who we are

What data we collect

When you visit foundrycyber.com:

• On your first visit a small banner asks whether we can store a theme preference in your browser. Your decision is recorded in a local-storage entry called fc-consent-v1 (containing the word "accepted" or "rejected"). This entry is strictly necessary so the banner doesn't reappear on every page; it does not require separate consent.
• If you accept, your browser stores a value called fc-theme when you toggle the light/dark button (containing the word "light" or "dark"). Nothing leaves your device.
• If you reject, your theme choice isn't persisted between visits.
• Either way, Microsoft Azure (our hosting provider) logs your IP address, browser user-agent, the page you requested, and the time, in standard server logs.

We do not collect form data (other than what you choose to send via the contact form), account data, or location data. We do not use cookies. We do not run analytics or tracking pixels.

If you email us via a mailto: link on this site, or send a message via our contact form, the resulting message is delivered to our hello@foundrycyber.com inbox. That email contains whatever you choose to write, plus standard email metadata (your address, subject line, time). We process those emails on a legitimate-interests basis to respond to enquiries.

Why we process this data

• Theme preference: so the site looks the way you chose. Legitimate interests; low-impact preference.
• Server logs (Microsoft): so the platform stays available, secure, and free of abuse. Legitimate interests, balanced against your right to private browsing.
• Email correspondence: to reply to your enquiries. Legitimate interests / contractual necessity.

Cookies and similar technologies

This site does not set any tracking cookies. The Cloudflare bot-challenge on the contact page may set a short-lived cf_chl_* cookie while the challenge is in flight; that is strictly necessary to run the challenge and is not used for tracking. We use these browser-storage entries:

• fc-consent-v1 (local storage): strictly necessary. Records your choice from the storage banner so we don't ask again on every page. Values: "accepted" or "rejected".
• fc-theme (local storage): optional. Stores your light/dark theme preference. Only written if you accepted the banner.
• fc-tier-recommender (session storage): strictly necessary, only set if you click "Talk to us about [tier]" from the tier guide. Carries your answers across to the contact form so they prefill the message field. Cleared as soon as the contact form reads it, and in any case removed automatically when you close the tab.

You can change your decision any time via the "Storage settings" button at the bottom of every page. Clearing your browser's site data removes these entries.

Third parties

The third parties involved in serving this site are:

• Microsoft (Azure Static Web Apps): hosts the static site. Region: West Europe (Netherlands).
• Cloudflare (DNS): provides DNS resolution for foundrycyber.com. We currently configure all records as DNS-only (no proxy), so Cloudflare does not see your page requests.
• Cloudflare Turnstile (contact page only): runs a privacy-friendly bot-challenge on the /contact page to block spam submissions. When you visit that page, your browser loads a script from challenges.cloudflare.com and Cloudflare grades the challenge using your IP and browser signals. It is not used for cross-site tracking. The challenge is not loaded on any other page of the site.

Typefaces (Inter, JetBrains Mono) are served from this domain rather than a third-party CDN, so loading the site does not transfer your IP address to any font provider.

We do not share data with any analytics, marketing, retargeting, or data-broker third party.

International transfers

Hosting may transfer your IP address and request metadata outside the UK:

• Microsoft Azure West Europe is in the Netherlands (EU/EEA). UK adequacy applies.

Your rights

Under the UK GDPR you have the right to:

• access the personal data we hold about you,
• ask us to correct or delete it,
• object to or restrict our processing of it,
• ask for your data in a portable format,
• complain to the Information Commissioner's Office (ICO).

Because we don't keep customer accounts or marketing databases tied to this website, the practical scope is limited to email correspondence and any retained server logs. To exercise any of these rights, email hello@foundrycyber.com.

Data retention

• Local storage preference:persists in your browser until you clear site data. We don't have a copy.
• Server logs (Microsoft):retained per Microsoft's defaults, typically 90 days for security telemetry. We do not extract or archive these logs.
• Email correspondence:retained for as long as the conversation is active and for a reasonable period afterwards (typically 24 months) for legal and operational reasons.

Security

We use Microsoft Azure for hosting, served over HTTPS only. We do not store user credentials or payment data on this site.

Children

This site is aimed at business users. We do not knowingly collect data from anyone under 18.

Changes to this policy

If we change this policy we will update the "Last updated" date at the top. Material changes will be flagged on the page itself.

How to complain

If you are unhappy with how we have handled your data, please tell us first at hello@foundrycyber.com. You also have the right to complain to the Information Commissioner's Office: ico.org.uk.