Skip to content
Comply Strike logoComply Strikeoffensive · compliant · resilient

Legal

Privacy Policy

How we collect, use, and protect personal data on Comply Strike.

Last updated
2026-05-10
Coverage
GDPR · UK GDPR · CCPA
Controller
Comply Strike
Contact
[email protected]

1. Who we are

Comply Strike (“we”, “us”, “our”) is a cybersecurity consulting firm based at Tarun Vihar, Lane No. 1, Dehradun 248121, Uttarakhand, India. We are the data controller for personal data collected through this website.

For questions about this policy or your personal data, contact us at [email protected].

2. What we collect

We collect personal data only when you give it to us:

  • Contact form submissions — your name, work email, company, role (optional), the topic you selected, and the body of your message. We also receive the IP address that made the request, used solely for anti-abuse verification by Cloudflare Turnstile.
  • Server logs — when you access the site, our hosting provider records the request (URL, IP, user-agent, timestamp) for security and operational monitoring. Logs are retained for 30 days.
  • Privacy-preserving analytics — if enabled, we use Cloudflare Web Analytics, which uses no cookies and does not fingerprint visitors. Aggregate page-view counts and referrer data are visible to us; individuals are not identifiable.

We do not use Google Analytics, advertising cookies, or third-party tracking. We do not sell or share personal data with marketers.

3. How we use your data

  • To respond to enquiries you submit.
  • To run, secure, and improve the website (logs, abuse prevention).
  • To meet our legal and regulatory obligations.

We do not use your contact-form data for marketing email or automated sequences.

4. Legal basis for processing (GDPR / UK GDPR)

  • Contact form data — Article 6(1)(b) (steps taken at your request prior to entering a contract) or 6(1)(f) (legitimate interest in responding to enquiries).
  • Server logs and bot-check data — Article 6(1)(f) (legitimate interest in keeping the service secure).

5. Sharing your data

We share personal data only with sub-processors strictly necessary to operate the site:

  • Vercel (hosting) — processes web requests on our behalf. Servers are in regions you can verify via the Vercel privacy policy.
  • Cloudflare (DNS, CDN, anti-bot, optional analytics) — handles network-level traffic. Cloudflare's privacy posture is documented at cloudflare.com/privacypolicy.
  • Sanity (CMS for blog and resources) — does not receive contact-form data; only stores published content.
  • Resend or Slack (delivery of contact-form messages to our team inbox).

We do not sell personal data and do not engage in cross-context behavioural advertising.

6. International transfers

Some of our sub-processors operate in the United States, the European Union, and other jurisdictions. Where data leaves the EEA, UK, or India, transfers are made under the Standard Contractual Clauses (SCCs), the EU–US Data Privacy Framework, the UK International Data Transfer Addendum, or other valid transfer mechanisms.

7. Retention

  • Contact-form messages: up to 24 months from last contact, then deleted unless you become a client.
  • Active client correspondence: retained for the duration of the engagement plus 7 years for audit and legal purposes.
  • Server logs: 30 days.

8. Your rights

Depending on where you live, you may have rights to access, correct, delete, port, restrict processing of, or object to our processing of your personal data. Specifically:

  • EU / UK residents (GDPR / UK GDPR) — rights under Articles 15–22.
  • California residents (CCPA / CPRA) — right to know, delete, correct, and opt out of "sale" or "sharing" (we do neither).
  • Indian residents (DPDP Act 2023) — rights to access, correction, erasure, and grievance redressal.

To exercise any right, email [email protected]. We respond within 30 days. EU/UK residents may also lodge complaints with their local supervisory authority.

9. Cookies

The site is engineered to be cookieless by default. We do not set tracking cookies. Cloudflare's edge network may set short-lived security cookies (e.g., __cf_bm) for bot-mitigation purposes, which are essential for the site's security and do not require consent under most jurisdictions.

10. Security

We are a cybersecurity firm; we hold ourselves to the standard we sell. Specifically: HTTPS-only with HSTS preload, a strict Content-Security-Policy, anti-bot challenges on our forms, and the security headers documented in our security.txt file.

11. Children

The site is not directed at children under 16, and we do not knowingly collect their data.

12. Changes

We may revise this policy as our practices evolve. Material changes will be highlighted on this page; the "Last updated" date at the top of the page reflects the most recent revision.

13. Contact

[email protected]
Tarun Vihar, Lane No. 1
Dehradun 248121
Uttarakhand, India