Privacy Policy

01Who we are

Sankala is a solo technology consultancy based in the United Kingdom, providing web development and engineering services.

For the purposes of UK data protection law, the data controller is:

• Hefin Sankala, operating as Sankala
• Email: hefin@sankala.com

02The information we collect

Information you provide to us

When you contact us through the Site's contact form or by email, we collect the information you choose to share — typically your name, email address, telephone number (if you provide one), and the contents of your message.

Information collected automatically

When you visit the Site, certain information is collected automatically through cookies and similar technologies, including:

• Your IP address and approximate location
• Browser type, device type, and operating system
• Pages you visit, time spent, and how you arrived at the Site
• Interactions such as clicks and scrolling, including clicks on email and telephone links
• Recordings of on-site activity (such as mouse movement, clicks, and navigation) captured for usability analysis

03The tools we use

In the interest of transparency, here are the third-party tools running on the Site and what they do:

• Google Analytics — measures overall traffic and how visitors use the Site.
• Microsoft Clarity — produces heatmaps and session recordings (mouse movement, clicks, and scrolling) so we can see how pages are actually used and improve them. Sensitive input fields are masked by default, and we do not use these recordings to identify individuals.
• Google Tag Manager — a container used to manage and deploy the tools above and to record specific interactions, such as clicks on email and telephone links.
• Cloudflare Turnstile — a privacy-focused security tool used on our contact form to tell human visitors apart from automated bots and block spam submissions. To do this it processes signals such as your IP address and browser information solely for bot detection; it is not used to identify or profile you. Cloudflare sets out exactly what it processes in its Turnstile Privacy Addendum.

These tools help us understand how the Site is used so we can make it better. We use them for our own analysis only.

04How and why we use your information

We use the information described above to:

• Respond to your enquiries and discuss the services you ask about
• Understand how visitors use the Site and improve its content, performance, and usability
• Maintain the security and proper functioning of the Site

Under UK GDPR, our lawful basis for processing enquiry and correspondence information is our legitimate interests — namely, responding to people who contact us and running our business — carried out in a way that we believe does not override your rights and freedoms. Where you contact us about our services, we also process your information to take steps at your request before entering into a contract.

For analytics and site-improvement information, we rely on the statutory exemption for statistical and analytics purposes introduced by the Data (Use and Access) Act 2025, under which cookies and similar technologies used solely to measure how our own website is used do not require prior consent. We provide clear information about these tools below and a straightforward way to opt out.

05Cookies and similar technologies

The Site uses cookies and similar technologies for the analytics and usability purposes described above. They are not used for advertising, and we do not use them to build marketing profiles.

You can control or disable cookies and tracking at any time:

• Browser settings — most browsers let you block or delete cookies and send "Do Not Track" or Global Privacy Control signals.
• Google Analytics opt-out — you can install Google's official opt-out browser add-on at tools.google.com/dlpage/gaoptout.
• Ask us directly — email us and we will exclude you from analytics and session recording.

06Who we share your information with

We do not sell, rent, or trade your personal information to anyone.

The only third parties who process data for us are the service providers that make the Site work:

• Google — Google Analytics and Google Tag Manager
• Microsoft — Clarity
• Cloudflare — website hosting, content delivery, and bot protection on our contact form (Turnstile)
• Our email provider, including Google (Gmail) — used to receive and store correspondence you send us

Each of these acts as a processor handling data on our behalf, under its own data protection terms. We may also disclose information where we are required to do so by law.

07International data transfers

We are based in the United Kingdom. Some of our providers — including Google and Microsoft — process data on servers outside the UK, including in the United States. Where data is transferred internationally, it is protected by appropriate safeguards, such as the UK's International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or an applicable adequacy decision.

08How long we keep your information

We keep personal information only for as long as we need it:

• Enquiries and correspondence — kept for as long as needed to deal with your enquiry and any resulting work, and for a reasonable period afterwards. Enquiries that do not lead to a working relationship are typically deleted within 24 months.
• Analytics data — retained in line with the settings and policies of the analytics providers, generally in aggregated form.

09Your rights

Under UK data protection law, you have the right to:

• Access the personal information we hold about you
• Ask us to correct inaccurate information
• Ask us to delete your information
• Object to, or ask us to restrict, how we use it
• Request a copy of information you have provided in a portable format
• Withdraw consent where we rely on it

To exercise any of these rights, email us at hefin@sankala.com and we will respond within the timeframe required by law.

If you wish to raise a concern about how we handle your information, you can contact us directly using the details above. We will acknowledge your complaint within 30 days and respond as soon as we reasonably can. You also have the right to complain to the UK's data protection regulator, the Information Commissioner's Office (ICO), at ico.org.uk or on 0303 123 1113.

10Security

We take reasonable technical and organizational measures to protect the information we hold against loss, misuse, and unauthorized access. No method of transmission over the internet is completely secure, however, and we cannot guarantee absolute security.

11Changes to this policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with a revised "Last updated" date above.

12Contact

Questions about this policy or about how we handle your information? Email us at hefin@sankala.com.