Ki-Ki

What I actually do for you

• Cloudflare engineering

  Custom firewall rules, Workers, bot mitigation, and routing that keeps your real users fast and your noisy traffic under control. I use the same playbook I run on my own projects.

• Web foundations and hosting sanity

  Static site builds or rebuilds, cache rules, TLS, and server settings checked so that your site is fast, predictable, and not hanging off a mystery control panel nobody remembers.

• Email and DNS clean up

  Fixing SPF, DKIM, DMARC, and DNS records so your messages stop falling into spam or bouncing. Clear diagrams so you know which services touch your domain.

• Evidence grade logging and monitoring

  Traffic analysis, custom fingerprinting at the edge, and timelines you can drop straight into an internal report or complaint response if you ever need to justify what happened.

• Governance and GDPR reality checks

  Records of processing, retention, and lawful basis that match actual practice. No template dump, just focused corrections where you are exposed.

• SAR handling and difficult requests

  Search patterns, redaction approaches, reply wording, and a clear decision trail if you apply exemptions. The goal is defensible, not performative.

• Website policies and accessibility basics

  Privacy notices, cookies, terms, and accessibility basics cleaned up so that users and regulators see something coherent instead of four conflicting policy pages.

• Plain English advice for leaders

  Short written briefings that explain risk in clear language so boards, trustees, and managers can make decisions without pretending to be network engineers.

Signs you probably need help

• The site feels slow or brittle and nobody is sure whether it is the host, Cloudflare, or some old plugin.
• Your IT or web person left and took most of the context with them.
• You have policies, but nobody can remember when they were last checked against reality.
• You dread SARs or FOI requests because everything feels scattered and ad hoc.
• You keep seeing SPF or DMARC warnings from services you rely on.
• Colleagues forward you odd traffic alerts or error messages and expect you to guess what is going on.

If any of that sounds familiar, this page is for you.

How working together usually works

Scope, content, and boundaries

My role is technical. I keep your stack honest and your paperwork closer to reality, but I do not run your campaigns for you.

In practice that means:

• I focus on infrastructure, logging, governance, and processes. I do not act as a publisher, editor, investigator, or legal representative.
• Any limited support with neutral site copy or basic blog content is for SEO and clarity only, is agreed in advance, and is only published with your written approval.
• I do not draft, upload, or assist with allegations about individuals, naming and shaming pieces, or reputational campaigns. That is your decision and your responsibility.
• You remain responsible for what your organisation publishes, including anything you decide to say about specific people or disputes.

For the full position, including how responsibility for content is handled, see the Neutral infrastructure policy and the Terms of use.

If your board asks who I am and why I care

Ki-Ki exists because too many small organisations are left to juggle security, governance, and complaints on their own. I would rather help you do this properly than watch another preventable mess unfold.

If you want background before you introduce me to colleagues, you can share:

• Why choose Ki-Ki for a fuller picture of how I work and what you can expect.
• The Ki-Ki mission for the longer story and how this links to my public work at The Reasonable Adjustment.

Ways of working together

Start the conversation

Tell me where you feel exposed. It might be odd web traffic, flaky email, old policies, unhappy service users, or a mix of everything. I will be honest about what is realistic to fix and in what order.