Privacy Something we really care about

When we rebuilt this site in 2018 we focused on three major things: good UX/UI, speed, and privacy.

It took a bit of work, but we made sure to absolutely minimise the potential privacy intrusions, especially regarding third-party tracking. This means:

• No Facebook/Twitter/etc share buttons tracking your internet usage.
• No Google Analytics (or any other trackers) amassing vast swathes of information about user browsing habits and so on.
• No scripts or fonts being loaded from a third-party (which can then also inadvertently result in you being tracked). Every asset downloaded when you visit our site is between you and our website. This is the only way we can be sure of your privacy.

A few non-invasive things were technically necessary and these are detailed below.

Cookies

There are 3 cookies that are currently stored when you visit our site, but none of these are for the purposes of tracking.

1. __cfduid: This is the only third-party service in use on the site. It's called CloudFlare and it's used to protect our Web-server from DDoS attacks and other security related things. We cannot disable this cookie and continue to use CloudFlare, but we are confident that this cookie does not store any personally identifiable information as promised by CloudFlare.
2. XSRF-TOKEN: This prevents cross-site request forgeries - essentially when you submit our contact form this cookie ensures that we know the form was submitted on our site, not some third-party site. This is purely for our security and the cookie's value changes every time you load a page. It is completely anonymous.
3. supple_9_session: This is also completely anonymous and untracked. It allows us to show you a notification message like "Thank you for contacting us" after you submit a contact form. Like the XSRF-TOKEN, it's value is randomly generated on every page load.

Information Collected

If you send us an email, the contents of that email will be stored in our mail client. You can of course use a private/anonymous email address instead of your personal/work email if you so choose.

We lease a private dedicated Web-server from the German company Hetzner who are DIN ISO/IEC 27001 certified. When you access Supple 9 (or any Web site), your browser automatically sends information about your computer, e.g. your User agent and IP address, to our server. This information is automatically logged on our server for security/debugging reasons but is not linked to any personally identifiable information.

Information Shared

None. We do not willingly share any information with anyone.

It's possible that we would have to comply with court ordered legal requests. However we have so little information to provide that we really are not any sort of target for such things!

Things we can improve on

This is a bucket-list of things we need to investigate and improve on.

• Confirm that our hosting company does not log traffic to and from our server.
• Update our internal server logging policy to automatically remove or anonymise logs after a set period of time.
• Investigate CloudFlare policies on data collection on traffic routed through their DDoS prevention systems.