Privacy Policy

How this site treats your data. The short version: it doesn't collect any.

What this site collects

This site does not run analytics, does not set cookies for tracking, does not embed third-party scripts that fingerprint visitors, does not run advertising, and does not share any visitor data with third parties.

The site is delivered from Cloudflare's edge network. Cloudflare receives standard HTTP request metadata (IP address, user agent, requested URL) as part of normal operation; this is governed by Cloudflare's own privacy policy and is not under the maintainer's control. Cloudflare's privacy policy is available at cloudflare.com/privacypolicy.

Cookies

This site sets no cookies of its own. Cloudflare may set technical cookies (e.g., for bot detection and security challenges) under its standard operation. The site does not use any analytics cookies, advertising cookies, or social-media tracking cookies.

Email correspondence

If you email any address on this domain (press@, corrections@, contact@, legal@) the message is delivered through Cloudflare Email Routing to the maintainer's personal mailbox. The maintainer keeps email correspondence only as long as necessary to respond and to maintain a record of corrections (see the methodology page).

If you do not want your email retained, say so in your message and the maintainer will delete it after responding.

What this site does not do

• No web analytics (no Google Analytics, no Plausible, no Fathom, no self-hosted alternative).
• No cookies for tracking, profiling, or analytics.
• No third-party scripts beyond what is necessary to deliver the site.
• No advertising.
• No fingerprinting, session replay, or behavioral tracking.
• No mailing list, newsletter signup, or email collection form.
• No social media share widgets that ping third-party servers.
• No collection of any data drawn from the Gardyn security incident itself, beyond what is already in the public record.

If you are in the EU, UK, or EEA

The maintainer is based in the United States and does not target services to data subjects in the EU/UK/EEA. The site is publicly accessible globally, but it does not collect, process, or store personal data of identifiable visitors. To the extent that GDPR or UK GDPR rights would apply to any incidental processing (such as Cloudflare's edge logging), please direct any inquiries to the maintainer at the contact address above and they will be addressed in good faith.

Data minimization commitment

This is a documentary site about a vendor that did not adequately protect customer data. The maintainer takes the position that running such a site while collecting visitor data would be hypocritical, and so does not.

Changes to this policy

If this policy changes, the prior version will be retained in the site's git history rather than overwritten. The current version is dated below.

Contact

Email contact@gardyn-security-incident.info for questions about this policy. PGP available on request.

Last updated: April 26, 2026.