Legal

Privacy Policy

Last updated: 14 June 2026

Who we are

gitlogy is an independent DevSecOps consultancy operating at gitlogy.com. We build CI/CD pipelines, GitOps delivery systems, and infrastructure-as-code for engineering teams, and we publish free security tooling — including the public TLS posture checker at gitlogy.com/scan.

For all privacy matters, contact us at [email protected].

What data we collect and why

Contact form submissions

When you submit the "Start an engagement" form we collect your name, email address, the service area you select, and the message you write. We use this to reply to your inquiry and, if an engagement follows, to fulfil the work. We do not add you to any mailing list without explicit consent.

TLS scanner — domain input

When you use the TLS check at /scan, the domain name you enter is sent to our server to perform the scan. We log domain queries for abuse prevention and rate limiting. Scan results are not stored beyond the life of the HTTP request; they are returned to your browser and discarded.

Server logs

Our hosting infrastructure records standard HTTP access logs (IP address, timestamp, URL, HTTP status, user-agent). Logs are retained for up to 30 days and used solely for security monitoring and abuse prevention.

Analytics — Google Analytics 4

We use Google Analytics 4 (property ID G-9Q1JQZ27XR) to understand aggregate traffic patterns — which pages are visited, how long sessions last, and where visitors come from. GA4 collects anonymised usage data using cookies and device fingerprinting. This data is processed by Google LLC under their own Privacy Policy.

You can opt out of Google Analytics tracking by installing the Google Analytics opt-out browser add-on.

Advertising — Google AdSense

We participate in the Google AdSense programme (publisher ID ca-pub-8673221453069635). Google uses cookies and similar tracking technologies to serve ads that are relevant to you based on your browsing history across websites that use Google services. This is sometimes called interest-based or personalised advertising.

You can review and manage Google's ad personalisation settings at adssettings.google.com. You may also opt out of interest-based advertising through aboutads.info/choices or youronlinechoices.eu (EU).

AI analysis — Anthropic Claude

TLS scan results are optionally sent to the Anthropic API to generate a plain-language security assessment. The data sent consists of the scan findings only (domain, protocol versions, certificate metadata, header presence). No contact form data or personal identifiers are sent to Anthropic. Anthropic's use of this data is governed by their Privacy Policy.

Cookies

We use the following categories of cookies:

CategoryPurposeProvider
FunctionalRemembers your light/dark theme preferencegitlogy (localStorage)
AnalyticsMeasures aggregate site usageGoogle Analytics 4
AdvertisingServes relevant ads; measures ad performanceGoogle AdSense

Most browsers allow you to refuse cookies or delete existing ones through their settings. Disabling cookies may affect the analytics and advertising features described above but will not prevent you from using the TLS scanner or contact form.

How we protect your data

All data in transit is encrypted via TLS. Contact form submissions are transmitted directly to our email inbox and are not stored in any database. We do not sell personal data to third parties.

Data retention

Contact form emails are retained in our inbox for as long as necessary to manage the business relationship, typically up to 3 years. Server access logs are purged after 30 days. Analytics data in Google Analytics 4 is retained for 14 months by default.

Your rights

Depending on where you are located, you may have the following rights regarding your personal data:

  • Access — request a copy of data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your data where we have no lawful basis to retain it.
  • Objection — object to processing based on legitimate interests.
  • Portability — receive your data in a machine-readable format.
  • Opt out of sale (CCPA) — we do not sell personal data.

To exercise any right, email [email protected] with your request. We will respond within 30 days.

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we update the "Last updated" date at the top of this page. Continued use of the site after any changes constitutes acceptance of the updated policy.

Contact

Questions about this policy or your data? Reach us at [email protected].