Privacy Policy

Who We Are

FaraDome is a cybersecurity and IT strategy consultancy for small businesses based in the EU. This website is owned and operated by FaraDome, which is the data controller for any personal data you provide through this site.

If you have any questions about how we handle your data, or wish to exercise your rights, you can contact us directly at privacy@faradome.com.

What Data We Collect

Our top priority is customer data security. We process only the minimal personal data necessary to operate this website and provide our services. This may include:

• Your name and email address, if you contact us via the enquiry form
• Your business name and message, if provided voluntarily
• Basic usage data (page visits, referrers) collected automatically for website analytics
• For Faradome Dash Pro users: your email address, name, and OAuth provider identifier (e.g. Google, LinkedIn, or Microsoft) used to create and manage your account; your saved tech stack selections; and session data necessary to keep you signed in

You can visit this website without providing any personal information. If you choose not to provide data, you may not be able to use certain features such as the contact form or Faradome Dash Pro.

How We Use Your Data

Any personal data you provide is used solely to:

• Respond to your enquiry or book a consultation
• Send service-related communications you have requested
• Understand how the website is used in aggregate (no individual identification)

We do not sell, share, or pass your personal data to third parties for marketing purposes.

Legal Basis for Processing

Under the EU General Data Protection Regulation (GDPR) and UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases:

• Contract performance (Article 6(1)(b)): Processing your account data and tech stack selections is necessary to provide Faradome Dash Pro, which you have signed up for.
• Legitimate interests (Article 6(1)(f)): We process basic website usage data to understand how our site is used and to maintain its security and reliability. Our legitimate interest in operating a secure, functional website is not overridden by your interests or fundamental rights.
• Consent (Article 6(1)(a)): Where we send optional communications (e.g. product updates), we will ask for your consent first. You may withdraw consent at any time.

We do not carry out any automated decision-making or profiling that produces legal or similarly significant effects on individuals.

Faradome Labs Tools

Our free security tools at labs.faradome.com (including Breach Lookup, Threat Dashboard, and RisQ Assessment) are designed with privacy by default:

• Breach Lookup: Email addresses entered are used only to query third-party breach databases in real time. We do not log, store, or retain any email addresses entered.
• Threat Dashboard: No personal data is collected. Threat data is fetched from public sources (CISA, NVD).
• RisQ Assessment: Assessment responses are processed locally in your browser and are not transmitted to or stored by Faradome.

Faradome Dash Pro

Faradome Dash Pro (dash.faradome.com/pro) is an authenticated threat dashboard. To access it you must create an account. By signing up you agree to us collecting and processing the following data:

• Account data: Your email address and, where provided via an OAuth provider (Google, LinkedIn, or Microsoft), your name and profile information. This data is collected and managed by Clerk (see Third-Party Processors below).
• Tech stack selections: The products and platforms you add to your stack are stored in our database so they can be recalled across sessions. This data is associated with your account ID.
• Session data: A secure session token (JWT) is stored in a cookie to keep you signed in. This token is cryptographically signed and expires automatically.
• Usage data: We may log anonymised request metadata (e.g. feature usage, error rates) for reliability and security monitoring. No personally identifiable information is included in these logs.

The legal basis for processing this data is performance of a contract — specifically, providing you with the Faradome Dash Pro service you have signed up for.

You can delete your account and all associated data at any time by emailing privacy@faradome.com. We will remove your account data and tech stack selections within 30 days of your request.

Third-Party Processor — Clerk: Authentication and identity management for Dash Pro is handled by Clerk (clerk.com). Clerk processes your email address, name, and OAuth identity on our behalf in order to authenticate you and manage your session. Clerk acts as a data processor under our instruction and is bound by a Data Processing Agreement. Clerk is a US-based service; data transfers outside the EU/EEA are covered by Standard Contractual Clauses (SCCs) under Article 46 GDPR. For details of how Clerk handles your data, see clerk.com/legal/privacy.

Data Retention

We retain personal data only for as long as necessary for the purposes it was collected, or as required by law:

• Contact form enquiries: Retained for up to 2 years to allow us to respond and follow up on your enquiry, then securely deleted.
• Dash Pro account data: Retained for as long as your account is active. If you request deletion, your account and tech stack data will be removed within 30 days.
• Website analytics: Aggregated and anonymised; no retention limit applies as no personal data is involved.
• Session tokens: Expire automatically as managed by Clerk's security policies (typically within hours to days).

International Data Transfers

Faradome is based in the EU. Where we use third-party processors located outside the EU/EEA (such as Clerk, which is based in the United States), we ensure that appropriate safeguards are in place in accordance with Article 46 GDPR — specifically, Standard Contractual Clauses (SCCs) approved by the European Commission. These safeguards ensure your data receives equivalent protection regardless of where it is processed.

Your Rights

Under the EU GDPR and UK data protection law, you have the following rights:

• Right of access (Art. 15): You can request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): You can ask us to correct inaccurate or incomplete data.
• Right to erasure (Art. 17): You can request deletion of your personal data where it is no longer necessary for the purpose it was collected, or where you withdraw consent.
• Right to restriction (Art. 18): You can ask us to pause processing of your data in certain circumstances.
• Right to data portability (Art. 20): Where processing is based on contract or consent, you can request your data in a structured, machine-readable format.
• Right to object (Art. 21): You can object to processing based on legitimate interests at any time.
• Right to withdraw consent: Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
• Right not to be subject to automated decisions: We do not make any automated decisions that produce legal or similarly significant effects.

To exercise any of these rights, email us at privacy@faradome.com. We will respond within one month as required by GDPR. There is no charge for making a request.

You also have the right to lodge a complaint with your national data protection supervisory authority. In the EU this is the data protection authority (DPA) of your member state; in the UK this is the Information Commissioner's Office (ico.org.uk).

Cookies & Analytics

This website uses minimal, privacy-respecting analytics. We do not use advertising cookies or cross-site tracking. Any analytics data collected is aggregated and does not identify individual users.

Faradome Dash Pro sets a session cookie (__session) issued by Clerk to keep you authenticated. This cookie is strictly necessary for the service to function and is not used for tracking or advertising. It expires when your session ends or is automatically rotated by Clerk's security policies.

Changes to This Policy

We may update this policy from time to time. The date at the top of this page reflects the most recent revision. Continued use of the website after any changes constitutes acceptance of the updated policy.

Contact & Data Requests

For any questions about this privacy policy, to exercise your data rights, or to request deletion of your data, contact us at:

privacy@faradome.com

We aim to acknowledge all requests within 72 hours and resolve them within one month. If your request is complex, we may extend this by a further two months and will notify you accordingly.

You can also reach us via the contact form at faradome.com/#contact.