Privacy Policy.

// 01 — Who We Are

DAWNSTRIKER LTD ("DAWNSTRIKER", "we", "us") is the data controller responsible for your personal data.

// 02 — What We Collect & Why

We maintain a record of what personal data we hold and what we use it for. We collect personal data through the following channels on this website:

Waitlist / newsletter signup

Data collected: email address, signup source (which page), country (derived from your IP address by our hosting infrastructure), referring website.

Purpose: To notify you when services launch and to understand how people find us.

Legal basis: Consent (you submit the form voluntarily).

Contact form

Data collected: full name, work email, phone number (optional), message, country, referring website.

Purpose: To respond to your enquiry.

Legal basis: Pre-contractual steps at your request (Article 6(1)(b) UK GDPR).

StrikeProfile request form

Data collected: full name, job title (optional), mobile number (optional), company name, website/domain, email address, additional email addresses (optional), message (optional), IP address at time of submission, country (derived from IP address), referring website (the site you visited before submitting), browser and device information (user-agent string), email verification timestamp, and a full consent record including: which consent statements were agreed to, the exact text of each statement, the consent version, the IP address, and the timestamp.

Purpose: To process your StrikeProfile request; to verify your identity and authorisation before any scan is conducted; to contact you to schedule your session; to maintain an auditable record of consent for the non-intrusive scan you have requested.

Legal basis: Explicit consent — you tick the consent checkboxes and confirm your authorisation status before submitting. You confirm your email address by clicking a verification link. You may withdraw consent at any time via our contact form, which will result in your data being deleted and no scan being conducted.

Consent record: We record exactly what you agreed to, including the precise wording of each consent statement at the time of submission, which statements were checked, and when and from where consent was given. This record is retained as evidence of lawful processing.

// 03 — How We Use Your Data

We are transparent about how we use personal data. This policy is linked at the point of collection so that you understand what we do with your information before you submit it. We use your data only for the purposes stated:

• To respond to your messages and enquiries.
• To notify you when waitlisted services become available.
• To process and fulfil your StrikeProfile request.
• To verify your identity and authorisation prior to conducting any scan.
• To contact you to schedule your StrikeProfile session and follow up on findings.
• To maintain an auditable consent record as required by UK GDPR.
• To understand referral sources and improve our outreach (aggregate, not individual profiling).

We will not sell, rent, or share your personal data with third parties for their own marketing purposes.

// 04 — Data Minimisation

We only collect the personal data we need for the stated purpose. Specifically:

• Phone and mobile numbers are optional on all forms — we do not require them.
• Job title on the StrikeProfile form is optional — we ask only to better understand who we are speaking with.
• The message field on the StrikeProfile form is optional — we ask only to allow you to provide additional context.
• We do not collect data about your browsing behaviour, install cookies, or run third-party analytics scripts.
• For the StrikeProfile request form, we record your IP address, country, referring website, and browser/device information (user-agent) at the point of submission. This is limited to what is necessary to maintain a lawful consent audit trail and to understand how customers find us. For all other forms, country information is derived automatically from your IP address by our hosting infrastructure and we do not store your IP address directly.

// 05 — Retention

We only keep personal data for as long as it is needed:

• StrikeProfile requests: personal data and consent records are retained for a maximum of 2 years from the date of submission, or until you request deletion — whichever comes first.
• Scan findings: findings generated by a StrikeProfile scan are retained for 90 days from the date of delivery, after which they are securely deleted.
• Consent records: the consent audit record (what was agreed to, when, and from where) may be retained for up to 2 years to demonstrate compliance with UK GDPR, even if other personal data is deleted sooner at your request.
• All other data: retained for a maximum of 2 years from the date of collection, or until you request deletion.

// 06 — Accuracy

We rely on you to provide accurate information when you submit a form on this website. If any of the personal data we hold about you is inaccurate or out of date, please contact us via our contact form and we will correct or update it promptly. We do not enrich or update your data from third-party sources.

// 07 — Security

We take appropriate technical and organisational measures to keep your personal data secure:

• Encryption in transit: all connections to this website are encrypted via HTTPS.
• Storage security: personal data is stored in an access-controlled cloud data store that is not publicly accessible.
• Access controls: access to stored personal data is limited to authorised personnel at DAWNSTRIKER who need it to fulfil the stated purpose.
• Email verification: StrikeProfile requests require email verification before any action is taken, reducing the risk of fraudulent submissions.
• No unnecessary copies: we do not export or duplicate personal data outside of our primary data store except as required to respond to your request.

No method of transmission over the internet is 100% secure. While we take all reasonable steps to protect your data, we cannot guarantee absolute security.

// 08 — Your Rights

You have a clear way to exercise your rights. Under UK GDPR you are entitled to:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate or incomplete data.
• Erasure — ask us to delete your data ("right to be forgotten"). Note: we may retain the minimum consent audit record required to demonstrate lawful processing.
• Portability — receive your data in a structured, machine-readable format.
• Restriction — ask us to limit how we use your data while a dispute is resolved.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing. Withdrawal will result in no scan being conducted and your data being deleted, subject to the consent audit record exception above.

To exercise any of these rights, use our contact form. We will respond within one calendar month as required by UK GDPR.

// 09 — Our Data Protection Responsibilities

Everyone at DAWNSTRIKER who handles personal data understands their obligations under UK GDPR and the Data Protection Act 2018. As a small, early-stage team, this means:

• We do not share personal data with colleagues unless there is a clear need to do so for the stated purpose.
• We do not process personal data on personal or unsecured devices.
• We review this privacy policy whenever our data practices change and update it accordingly.
• We treat company information and domain details submitted via the StrikeProfile form with the same confidentiality as we would any client engagement.
• No scan is ever conducted without prior verification that the submitter is authorised to approve it.

// 10 — Data Storage & Processors

Your personal data is stored with a third-party cloud infrastructure provider that acts as a data processor on our behalf under a Data Processing Agreement aligned with UK GDPR requirements. This provider is based in the United States. Data transfers to the United States are protected by Standard Contractual Clauses (SCCs) approved under UK GDPR, providing equivalent safeguards to those required within the United Kingdom.

Our website is delivered via a cloud hosting and content delivery network. This provider may process request metadata (such as your general geographic region and browser type) as part of providing network infrastructure and security services.

Transactional emails (including your StrikeProfile confirmation link and any notifications) are sent via a third-party email delivery service acting as a data processor on our behalf. This service receives your email address solely for the purpose of delivering the email. It does not use your data for any other purpose.

We do not use third-party analytics, advertising trackers, or cookies on this website.

If you wish to know the identity of our specific data processors, you may request this information via our contact form.

// 11 — Right to Complain

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:

We would appreciate the opportunity to address your concerns directly before you contact the ICO.

// 12 — Changes to This Policy

We may update this policy as our services develop. We will update the effective date at the top of this page and, where changes are material, notify affected users by email. Continued use of the website after changes are posted constitutes acceptance of the revised policy.