Privacy
Privacy notice
Last updated: [DATE]
Plain English, no surprises: here's exactly what information I collect, why, who else touches it, and what you can ask me to do with it.
Who I am
This site is run by [LEGAL NAME], a sole trader in Ireland trading as Poku ([BUSINESS ADDRESS]). For anything about your data, email me at [EMAIL]. Under data-protection law I'm the “data controller” for the information described below.
The free website check stores nothing
When you use the Website Safety Check, the tool makes one polite, passive request to the web address you type in and reads what it sends back. There's no sign-up, no account, and your results are not saved — they're shown to you and then gone when you close the page.
The check runs on a Cloudflare Worker, which briefly sees your network address (IP) only to stop the tool being hammered by abuse. It isn't stored or used to identify you.
If you give me your email (optional)
The check works fully without giving me anything. If you choose to enter your email to get the saved action-plan checklist and a re-check reminder, here's what happens:
- What I collect: your email address. If you signed up from the website check, I also save the web address you checked, so anything I send you is relevant to your site.
- Lawful basis: your consent. You tick the box, then confirm by clicking a link in an email I send you (“double opt-in”) — so nothing is added to my list until you've confirmed it's really you.
- What I use it for: sending you the action-plan checklist, an occasional plain-English security note for small businesses, and a reminder to re-run the check. That's it — no selling, no sharing with advertisers.
- How long I keep it: until you unsubscribe or ask me to delete it. [Optional: state a fixed period, e.g. “and I remove addresses that have been inactive for 24 months.”]
- Unsubscribing: every email has a one-click unsubscribe link, or just email me and I'll remove you.
Who else processes your data
I use a small number of trusted services to run this. They act on my instructions as “data processors” under written agreements:
- Brevo — the email platform that holds my newsletter list and sends the emails. Brevo is operated by a France-based company and hosts data in the EU under a data processing agreement. (See Brevo's privacy policy.)
- Cloudflare — serves the site and runs the website-check tool. It processes requests to deliver the page and to limit abuse.
- [HOSTING PROVIDER] — hosts the static pages of this site. [Fill in, e.g. Hosting Ireland.]
Fonts and third-party requests
This site currently loads its fonts from Google Fonts, which means your browser contacts Google's servers to fetch them. I'm in the process of moving to fonts served directly from this site so that doesn't happen. The site does not use tracking cookies, advertising cookies, or analytics that profile you. [Verify this remains true if you add analytics later, and update this paragraph.]
Your rights
Under the GDPR you can ask me to:
- show you a copy of the data I hold about you;
- correct anything that's wrong;
- delete it (“right to be forgotten”);
- restrict or object to how I use it;
- receive it in a portable format; and
- withdraw your consent at any time — that's as easy as unsubscribing.
Email me at [EMAIL] and I'll sort it, normally within a month.
Complaints
If you think I've handled your data badly, please tell me first so I can fix it. You also have the right to complain to the Irish supervisory authority, the Data Protection Commission — dataprotection.ie.
Changes to this notice
If I change how I handle data, I'll update this page and the “last updated” date above. Material changes affecting people already on the list will be flagged by email.