// 01 — Who We Are
DAWNSTRIKER LTD ("DAWNSTRIKER", "we", "us") is the data controller responsible for your personal data.
| Registered name | DAWNSTRIKER LTD |
|---|---|
| Registered address | 128 City Road, London, EC1V 2NX, United Kingdom |
| Contact | Contact form |
| Applicable law | UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 |
// 02 — What We Collect & Why
We maintain a record of what personal data we hold and what we use it for. We collect personal data through three channels on this website:
Waitlist / newsletter signup
Data collected: email address, signup source (which page), UTM campaign parameters, country (derived from your IP address by our hosting infrastructure), referring website.
Purpose: To notify you when services launch and to understand how people find us.
Legal basis: Consent (you submit the form voluntarily).
Contact form
Data collected: full name, work email, phone number (optional), message, country, referring website.
Purpose: To respond to your enquiry.
Legal basis: Pre-contractual steps at your request (Article 6(1)(b) UK GDPR).
Threat modelling questionnaire
Data collected: name, work email, phone (optional), company, role, organisation size, jurisdiction, system architecture details, technology stack, data types processed, threat priorities, budget range, compliance frameworks, and other responses as provided.
Purpose: To gather requirements for a threat modelling service under development and to follow up with you about that service.
Legal basis: Explicit consent — you tick the consent checkbox before submitting. You may withdraw consent at any time via our contact form.
// 03 — How We Use Your Data
We are transparent about how we use personal data. This policy is linked at the point of collection so that you understand what we do with your information before you submit it. We use your data only for the purposes stated:
- To respond to your messages and enquiries.
- To notify you when waitlisted services become available.
- To inform the design and scope of the threat modelling service.
- To follow up with you about services you have expressed interest in.
- To understand referral sources and improve our outreach (aggregate, not individual profiling).
We will not sell, rent, or share your personal data with third parties for their own marketing purposes.
// 04 — Data Minimisation
We only collect the personal data we need for the stated purpose. Specifically:
- Phone numbers are optional on all forms — we do not require them.
- System descriptions on the threat modelling questionnaire are optional — we ask only to provide a better service, not as a condition of submission.
- We do not collect data about your browsing behaviour, install cookies, or run third-party analytics scripts.
- Country information is derived automatically from your IP address by our hosting infrastructure — we do not store or process your IP address directly.
// 05 — Retention
We only keep personal data for as long as it is needed. We retain personal data for a maximum of 2 years from the date of collection, or until you request deletion — whichever comes first. Data submitted via the threat modelling questionnaire may be retained for the duration of the service development programme and will be securely deleted once it is no longer required for that purpose.
// 06 — Accuracy
We rely on you to provide accurate information when you submit a form on this website. If any of the personal data we hold about you is inaccurate or out of date, please contact us via our contact form and we will correct or update it promptly. We do not enrich or update your data from third-party sources.
// 07 — Security
We take appropriate technical and organisational measures to keep your personal data secure:
- Encryption in transit: all connections to this website are encrypted via HTTPS.
- Storage security: personal data is stored in an access-controlled cloud data store that is not publicly accessible.
- Access controls: access to stored personal data is limited to authorised personnel at DAWNSTRIKER who need it to fulfil the stated purpose.
- No unnecessary copies: we do not export or duplicate personal data outside of our primary data store except as required to respond to your request.
No method of transmission over the internet is 100% secure. While we take all reasonable steps to protect your data, we cannot guarantee absolute security.
// 08 — Your Rights
You have a clear way to exercise your rights. Under UK GDPR you are entitled to:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate or incomplete data.
- Erasure — ask us to delete your data ("right to be forgotten").
- Portability — receive your data in a structured, machine-readable format.
- Restriction — ask us to limit how we use your data while a dispute is resolved.
- Objection — object to processing based on legitimate interests.
- Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, use our contact form. We will respond within one calendar month as required by UK GDPR.
// 09 — Our Data Protection Responsibilities
Everyone at DAWNSTRIKER who handles personal data understands their obligations under UK GDPR and the Data Protection Act 2018. As a small, early-stage team, this means:
- We do not share personal data with colleagues unless there is a clear need to do so for the stated purpose.
- We do not process personal data on personal or unsecured devices.
- We review this privacy policy whenever our data practices change and update it accordingly.
- We treat architecture details and business information submitted via the threat modelling questionnaire with the same confidentiality as we would any client engagement.
// 10 — Data Storage & Processors
Your personal data is stored with a third-party cloud infrastructure provider that acts as a data processor on our behalf under a Data Processing Agreement aligned with UK GDPR requirements. This provider is based in the United States. Data transfers to the United States are protected by Standard Contractual Clauses (SCCs) approved under UK GDPR, providing equivalent safeguards to those required within the United Kingdom.
Our website is delivered via a cloud hosting and content delivery network. This provider may process request metadata (such as your general geographic region and browser type) as part of providing network infrastructure and security services.
We do not use third-party analytics, advertising trackers, or cookies on this website.
If you wish to know the identity of our specific data processors, you may request this information via our contact form.
// 11 — Right to Complain
If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:
| Website | ico.org.uk |
|---|---|
| Helpline | 0303 123 1113 |
| Address | Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF |
We would appreciate the opportunity to address your concerns directly before you contact the ICO.
// 12 — Changes to This Policy
We may update this policy as our services develop. We will update the effective date at the top of this page and, where changes are material, notify waitlist subscribers by email. Continued use of the website after changes are posted constitutes acceptance of the revised policy.
Questions? Get in touch.