Privacy policy.

This site is intentionally minimal. We do not require accounts, do not run user-facing forms today, and do not set tracking cookies for advertising.

The two surfaces where data may be collected are: (a) email you choose to send to us via the address on the Contact page, and (b) lightweight, privacy-respecting web analytics if enabled (described below).

If you contact us by email, we receive the email address, name, and contents you choose to share, plus standard email metadata.

We use that information to respond, to scope potential engagements, and to keep a record of correspondence. We do not add inbound senders to a marketing list, and we do not share email content with third parties except as needed to deliver the response (e.g. the email provider that hosts our inbox).

When enabled, this site uses Cloudflare Web Analytics, which is privacy-respecting by design. It does not use cookies, does not fingerprint visitors, and does not collect or store personal data identifying an individual. Cloudflare receives aggregate visit metrics (pages, referrers, device class, country) over the course of producing the analytics product.

If analytics are disabled for a given deployment, no analytics beacon is loaded at all.

The site is hosted on Cloudflare Pages. As a function of serving HTTP requests, the hosting provider may process standard request metadata (IP address, user agent, request path, timestamp) to deliver the site, mitigate abuse, and operate their network.

We do not maintain our own application logs of visitors beyond what the hosting provider holds. Refer to Cloudflare's privacy notice for the specifics of their handling.

The third parties involved in operating this site are limited to: the hosting provider (Cloudflare), the analytics provider (Cloudflare, where enabled), the email provider that receives messages to [email protected], and the domain registrar.

We do not sell, rent, or trade information with third parties.

Email correspondence is retained for as long as it remains operationally relevant — typically, the duration of an engagement plus a reasonable window thereafter to honour follow-up questions and our own record-keeping needs. After that, correspondence is deleted in routine inbox housekeeping.

Aggregate analytics data is retained per the provider's stated retention period.

Depending on where you are located, you may have rights regarding the personal data we hold about you, including the right to access, correct, port, restrict the processing of, or delete that data, and the right to object to certain processing.

To exercise any of these rights — or simply to ask what we hold about you — email [email protected]. We will respond within a reasonable period and will not require a fee or onerous justification.

We apply the same operational rigour to this site that we apply to client work: HTTPS-only delivery, strict transport security, minimal data collection by design, and a small attack surface (no databases, no user accounts, no public APIs on the marketing site).

No system is invulnerable, but we treat any incident affecting personal data with the seriousness the situation requires, including notification where applicable.

If the site adds new data-handling surfaces — for example, a contact form or a newsletter — this policy will be updated before that surface goes live. Material changes will be noted with a revised effective date.

Questions, requests, or concerns about this policy or our handling of your data can be sent to [email protected].