Privacy Notice & Cookie Policy
TriageForge · triageforge.co.uk · UK GDPR · DPA 2018 · DUAA 2025
This notice explains what personal data the TriageForge website collects, why we collect it, how long we keep it, and what rights you have under the United Kingdom General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018), and the Data (Use and Access) Act 2025 (DUAA).
Plain-English summary. This website sets no cookies, uses no tracking, runs no analytics scripts. The server keeps standard web-server logs for 30 days for security and to generate aggregated traffic reports. We don’t sell, share, or trade personal data with third parties. If you email us, we keep the correspondence as long as we need it to reply and then delete it.
1. Who we are (data controller)
The data controller for personal data processed by this website is:
Stuart Paul Thomas, trading as TriageForge
Whitby, North Yorkshire, England
privacy@triageforge.co.uk · contact@triageforge.co.uk
ORCID: 0009-0008-4518-0064
The scale and risk profile of processing does not require formal registration with the Information Commissioner’s Office (ICO). All processing is conducted in the United Kingdom.
2. What data we collect
This website collects only the data that your browser sends automatically to any website you visit. It is recorded in standard Nginx web-server logs.
| Field | Example | Purpose |
|---|---|---|
| IP address | 86.168.*.* | Security, abuse prevention |
| Date and time | 22 May 2026 19:43 | Security monitoring |
| Page requested | /privacy.html | Understanding site usage |
| HTTP status code | 200 (OK) | Error monitoring |
| Referrer URL | google.com | How visitors find the site |
| User agent | Chrome 147 on macOS | Compatibility, abuse-detection |
If you email any of our addresses (contact@, privacy@, security@ triageforge.co.uk), we additionally process the content of your message and any personal data you choose to include in it, in order to reply.
3. Legal basis for processing
The legal basis for processing server-log data is legitimate interest under Article 6(1)(f) UK GDPR, supplemented by the recognised legitimate interests provisions introduced by the Data (Use and Access) Act 2025. The specific legitimate interests are:
- Maintaining the security and integrity of the website and the underlying infrastructure
- Detecting and preventing abuse, attacks, and unauthorised access
- Understanding aggregate patterns of site usage to improve content
The legal basis for processing email correspondence you send to us is consent under Article 6(1)(a) UK GDPR — you provide your data voluntarily for the purpose of receiving a reply — supplemented by legitimate interest for the period in which we retain the correspondence to respond to follow-ups or to comply with our own legal obligations.
4. Cookies
This website sets no cookies.
No first-party cookies, no third-party cookies, no tracking cookies, no session cookies, no analytics cookies, no advertising cookies are used anywhere on triageforge.co.uk. The DUAA 2025 introduced exemptions for low-risk statistical and appearance cookies, but the site does not rely on those exemptions because the site uses no cookies of any kind.
Because no cookies are set, no cookie consent banner is required under the Privacy and Electronic Communications Regulations 2003 (PECR).
5. Third-party services
Google Fonts
This website loads three typefaces (IBM Plex Serif, IBM Plex Sans, and IBM Plex Mono) from Google Fonts (fonts.googleapis.com and fonts.gstatic.com). When your browser requests these fonts, your IP address is transmitted to Google. Google states that it does not use font requests for tracking or profiling, and does not set cookies via Google Fonts. See the Google Fonts Privacy FAQ.
Our domain email is hosted with Google Workspace. When you send email to a @triageforge.co.uk address, your message and metadata are processed by Google as our sub-processor under the Google Workspace data-processing terms.
Hosting
This website is hosted on Google Cloud Platform in the europe-west2 (London) region. Google acts as a data processor under standard cloud-hosting terms. No data is transferred outside the United Kingdom in the ordinary course of operating the site.
No other third-party services, analytics platforms, advertising networks, or social-media trackers are used on this website.
6. Data retention
Server access logs are automatically rotated and deleted after 30 days. No log data is archived, exported, or retained beyond this period.
Email correspondence is retained for as long as we need it to handle your enquiry, plus a reasonable additional period (typically up to 24 months) to handle any follow-up. After that it is deleted from our mailbox.
7. Data sharing
Your personal data is not shared with any third party for marketing, profiling, analytics, or commercial purposes. The only sub-processors involved in operating the site are the hosting and email providers identified in section 5 above.
8. Your rights
Under the UK GDPR and the Data (Use and Access) Act 2025, you have the following rights in respect of personal data we hold about you:
- Right of access — obtain a copy of personal data we hold about you
- Right to rectification — correction of inaccurate or incomplete data
- Right to erasure — deletion of your data (server logs auto-delete after 30 days)
- Right to restriction — ask us to restrict processing
- Right to object — object to processing based on legitimate interest
- Right to data portability — receive your data in a portable, machine-readable format
- Right to withdraw consent — where processing is based on consent (e.g., email correspondence)
To exercise any of these rights, email privacy@triageforge.co.uk. Requests will be acknowledged within 30 calendar days and resolved without undue delay.
9. Complaints
Complain to the controller
Under the Data (Use and Access) Act 2025, you have the right to complain directly to the data controller before approaching the regulator. To do so, email privacy@triageforge.co.uk with the subject line “Data protection complaint”. Your complaint will be acknowledged within 30 days and resolved without undue delay.
Complain to the ICO
If you are unhappy with our response, or you would prefer to complain directly to the regulator, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk/make-a-complaint
10. Automated decision-making
This website does not perform automated decision-making (including profiling) that produces legal effects concerning you or that significantly affects you. Aggregated server-log analytics are read by the site owner and used to inform editorial decisions only; they do not produce decisions about individuals.
11. How we protect your data
The website is served exclusively over HTTPS (TLS 1.2+) with HSTS enforced. Server access is restricted to the site owner using public-key SSH. Software is kept patched on a routine schedule. The site is hardened against the OWASP Top 10 and standard SANS web-application risks. A security.txt file at /.well-known/security.txt describes the route for reporting security issues affecting this domain.
12. Changes to this notice
This notice may be updated from time to time. The current version will always be available at this URL. Material changes will be noted with an updated date below.
Last updated: 22 May 2026 · Version: 1.0