PrivacyFocus

Privacy Policy

Last updated: April 2026

PrivacyFocus ("we", "us", "our") is a UK-based website. As a site that reviews privacy tools, we hold ourselves to the highest standard when it comes to your data. This policy explains how we collect, use, and protect information when you visit privacyfocus.io.

1. Data Controller

The data controller responsible for your personal data is:

PrivacyFocus
Email: [email protected]

If you have any questions about this policy or your data, please contact us at the email above.

2. What We Collect

We collect minimal data to operate this website. We practise what we preach — if we would not be comfortable sharing it ourselves, we do not collect it from you.

  • Analytics data: We use privacy-respecting analytics (no cookies, no fingerprinting) to understand page views, referral sources, and general geographic region. This data is aggregated and cannot identify you personally. We do not use Google Analytics or any advertising-linked analytics platform.
  • Server logs: Our web server automatically records your IP address, browser type, and pages visited. These logs are retained for up to 30 days for security and debugging purposes, then permanently deleted.
  • Contact information: If you contact us via email, we retain your email address and message content to respond to your enquiry.

We do not collect names, payment details, or any other personal information through this website. There are no user accounts, registration forms, or newsletter signups.

3. Legal Basis for Processing

Under the UK GDPR, we process personal data on the following legal bases:

  • Legitimate interests (Article 6(1)(f)): Server logs for security and analytics for understanding site usage. We have assessed that these interests do not override your rights and freedoms given the minimal, anonymised nature of the data.
  • Consent (Article 6(1)(a)): Cookie consent preference storage. You can withdraw consent at any time by clearing your browser cookies.
  • Contract performance (Article 6(1)(b)): Responding to your enquiries when you contact us.

4. Cookies

We use a single, strictly necessary cookie to record your cookie consent preference. We do not use advertising cookies, tracking cookies, social media cookies, or third-party marketing cookies.

CookiePurposeDuration
cookie-consentRecords your cookie preference1 year

5. Affiliate Links

This website contains affiliate links to third-party VPN providers, password managers, and other privacy tools. When you click an affiliate link, the destination site may set its own cookies and collect data under its own privacy policy. We earn a commission if you sign up through these links, at no additional cost to you.

Affiliate links are clearly marked throughout the site. Our reviews are independent — affiliate relationships do not influence our scores or recommendations. See our methodology for details.

6. Third-Party Services

We do not share your data with third parties for marketing or advertising purposes. The only third-party services that may process data in connection with this site are:

  • Hosting provider: Our web hosting provider processes server requests on our behalf.
  • Analytics: Our privacy-respecting analytics provider processes aggregated, anonymised usage data. No personal identifiers are collected.
  • Cloudflare: We use Cloudflare for DNS, CDN, and DDoS protection. Cloudflare may process your IP address to protect against threats.

7. Your Rights Under UK GDPR

If you are in the UK or EEA, you have the following rights regarding your personal data:

  • Right of access (Article 15): Request a copy of any personal data we hold about you.
  • Right to rectification (Article 16): Request correction of inaccurate data.
  • Right to erasure (Article 17): Request deletion of your personal data.
  • Right to restrict processing (Article 18): Request that we limit how we use your data.
  • Right to data portability (Article 20): Request your data in a machine-readable format.
  • Right to object (Article 21): Object to processing of your data for specific purposes.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days as required by UK GDPR.

8. Data Retention

Server logs are retained for up to 30 days, then permanently deleted. Analytics data is retained in aggregated, anonymised form indefinitely. Email correspondence is retained for as long as necessary to resolve your enquiry, then for up to 12 months afterwards.

9. International Transfers

We do not intentionally transfer personal data outside the UK. Where our infrastructure providers process data in other jurisdictions, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where applicable.

10. Children

This website is not directed at individuals under 18 years of age. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the site after changes constitutes acceptance of the updated policy.

12. Complaints

If you are unhappy with how we handle your data, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk. The ICO is the UK's independent authority set up to uphold information rights.