The honest answers to the questions that matter, stated plainly
enough to be held against us.
- where data lives
- On our own hardware in two UK data centres — Coventry and Maidenhead. Encrypted backups stay within this footprint; an additional encrypted-before-upload off-site copy is being provisioned.
- advertising & profiling
- None, ever. No advertising pixels, no fingerprinting, no social embeds, no data brokers, and nothing that follows you to other websites.
- analytics
- Self-hosted only. Umami — an open-source, privacy-focused analytics tool — runs on our own UK hardware. It counts page views anonymously, sets no cookies, and sends nothing to any third party: Google, Meta and friends never hear about your visit.
- cookies
- This website sets none — and self-hosted Umami analytics won’t change that; it is cookieless by design. Authentication uses session cookies strictly necessary for login, issued by our own identity service on our own domain.
- who can read your files
- Services encrypt data at rest on our hardware, and backups are encrypted before they leave the machine. The off-site provider, when live, receives ciphertext it cannot decrypt.
- what we can see
- Standard operational logs — request metadata, service health, authentication events — kept for defence and debugging, not profiling. Analytics, once live, shows us page counts, not people.