Privacy policy

What we collect. What we do with it.

Last updated: 2026-07-16

What is collected

The only personal information this site collects is what you submit through the contact form: name, email address, and the message you write. No account registration. No purchase flow. No other intake.

What is not collected

This site runs self-hosted Plausible Analytics on Canadian infrastructure. Plausible does not use cookies, does not fingerprint browsers, and does not collect any personally identifiable information. Aggregate page-view counts and referrer data are retained to understand site traffic. No PII is captured or stored by the analytics layer.

Retention

Contact form submissions are retained for 90 days from the date of receipt, then deleted. If your inquiry results in an ongoing engagement, related correspondence is retained for the duration of that relationship and for a reasonable period after it concludes, consistent with standard business record-keeping.

Third-party processors

Contact form submissions are relayed via Scaleway Transactional Email (TEM), a French-headquartered transactional email service operating under EU GDPR jurisdiction. No other third-party processors receive personal information from this site. Analytics data remains on Northfleet-operated servers in Canada and is not shared externally.

Lawful basis

Contact form submissions are processed on the basis of legitimate interest: you submitted a message to initiate a business conversation, and we use that information to respond. By submitting the form, you consent to that use. We use your information to respond to your inquiry. We do not share it externally except with the named processor above.

Applicable law

Northfleet Security Ltd., a Canadian federal corporation operating from Markham, Ontario, is the organization accountable for personal information collected through this site. This policy is written to satisfy PIPEDA (the Personal Information Protection and Electronic Documents Act) as Canada's federal private-sector privacy law, and GDPR where it applies to contacts in the European Economic Area.

Privacy requests

To request access to, correction of, or deletion of personal information we hold about you, email [email protected]. We will respond within 30 days.