Ki-Ki

Web foundations for SMEs

Privacy policy and data protection

This page explains how Ki-Ki collects, uses, and protects personal data for visitors and clients. It reflects how the site runs today and it will be kept under active review as the service and tooling evolve.

Ki-Ki is run from the United Kingdom and is subject to UK data protection law, including the UK GDPR and the Data Protection Act 2018.

Last updated: November 2025. This policy is subject to ongoing updates as Ki-Ki grows and as the technical stack changes. Significant changes will be reflected on this page with a fresh date.

Contents

1. Who runs Ki-Ki and who this policy covers

1.1 Data controller

Ki-Ki is run by an individual, currently Kieron JH, based in the North East of England. For the purposes of data protection law, Ki-Ki (run by Kieron JH) is the data controller for personal data collected through this website and in the course of providing services.

Contact for privacy and data protection:

1.2 Who this policy applies to

This policy applies to:

  • People who visit ki-ki.co.uk
  • People who contact Ki-Ki by email or through the contact form
  • Clients and prospective clients who work with Ki-Ki on web, email, Cloudflare, or related projects

It does not cover personal data processed by your own systems as a separate controller, such as your own employee records, customer databases, or case management tools.

2. Summary of how Ki-Ki uses personal data

Ki-Ki collects limited personal data, mainly:

  • Technical and security logs when you visit the site
  • Contact details and messages when you get in touch
  • Basic business contact information for clients and prospective clients

This data is used to:

  • Keep the website secure and functioning
  • Reply to enquiries and deliver work
  • Invoice and manage client relationships

Ki-Ki does not run advertising, does not sell personal data, and does not track people across other websites.

3. What data is collected

3.1 Website visits and security telemetry

Ki-Ki uses Cloudflare and static hosting to deliver the site, apply basic protection, and inspect unusual traffic patterns. When you visit the site, the following types of information are generated and may be logged:

  • IP address and rough network location based on that address
  • Browser type and version, device type, and operating system
  • Pages visited, time and date of visit, and referring site if supplied
  • Requests that trigger security checks, such as repeated or unusual activity
  • Network level information, such as the autonomous system (ASN) associated with your connection

Some of this telemetry may be forwarded to Discord as security alerts, for example when a Cloudflare Worker detects suspicious or automated traffic. These alerts are used to improve protection, diagnose issues, and understand how the site is being probed or accessed.

3.2 Contact and enquiries

If you contact Ki-Ki using the email link or the on site form, the following information is collected:

  • Your name
  • Your email address
  • The content of your message and any information you choose to share

The contact form is currently handled by Formspree, which passes your message through to the Ki-Ki inbox.

3.3 Client and prospective client information

If you go on to work with Ki-Ki as a client, additional information will be held, typically:

  • Organisation name and public contact information
  • Names and email addresses of key contacts
  • Notes about your technical setup that are needed to do the work
  • Invoices, payment records, and contractual correspondence

Where possible, technical work is carried out using business accounts and generic admin addresses rather than personal accounts.

3.4 Use of AI tools (ChatGPT)

Ki-Ki sometimes uses ChatGPT and similar tools to assist with drafting emails, documentation, or technical explanations. This may involve providing short excerpts of information you share, for example to help rewrite a technical summary in clearer language.

When doing this, Ki-Ki:

  • Avoids sending more personal data than is needed for the task
  • Avoids including full names or direct identifiers wherever possible
  • Does not use AI tools to make automated decisions that have legal or similarly significant effects on individuals

3.5 Email and business records

If you email Ki-Ki directly, the email provider will process your message and metadata such as sending IP, mail headers, and timestamps. These are standard parts of email transport and security.

Emails and files may be stored locally and in cloud mail storage for as long as needed to manage the relationship, handle legal obligations, and maintain sensible records.

3.6 Information you should avoid sending

Ki-Ki does not need sensitive personal information about you or your service users in order to provide most web, email, and Cloudflare support. Unless there is a clear and agreed reason to do so, please do not send:

  • Health information about identifiable individuals
  • Criminal records or alleged offences
  • Data about children or vulnerable adults
  • Financial account numbers or card details

If work ever requires access to personal data that you control, this will be discussed in advance and, where appropriate, handled under a separate written agreement that sets out roles and responsibilities.

4. Lawful bases for processing

Ki-Ki relies on the following lawful bases, depending on the context:

  • Contract: to take steps at your request before entering a contract, and to deliver services once agreed
  • Legitimate interests: to keep the site secure, understand traffic at a high level, improve services, and manage relationships with clients and suppliers
  • Consent: where you choose to give information that is not strictly necessary, such as optional details in an enquiry

Where legitimate interests are used, Ki-Ki considers whether the processing is necessary, balanced, and reasonable in light of your rights and expectations.

5. Cookies and similar technologies

Ki-Ki does not currently use marketing cookies or cross site tracking cookies.

Cloudflare and the hosting stack may set limited cookies or use similar mechanisms that are strictly necessary for security and performance. For example:

  • To distinguish legitimate visits from automated or abusive traffic
  • To route requests efficiently through the content delivery network

If Ki-Ki introduces non essential cookies or analytics in future, this policy will be updated and, where required, a consent mechanism will be added.

6. Sharing personal data with others

Ki-Ki shares personal data with a small number of service providers who support the service. These providers only receive data they need in order to supply their function.

Current key providers include:

  • Cloudflare: content delivery, security, and logging at the network edge
  • Porkbun: static web hosting and domain management
  • Formspree: processing contact form submissions
  • Discord: receiving security alerts and telemetry from Cloudflare Workers
  • Email provider: sending and receiving email
  • OpenAI (ChatGPT): occasional drafting and rewriting support, with minimised input

Ki-Ki does not sell personal data and does not share it with advertisers or data brokers.

Personal data may be disclosed if required by law, for example in response to a valid court order or regulatory request, or where it is necessary to protect the rights, property, or safety of someone.

7. International transfers

Many of the tools used by Ki-Ki are global services, which means personal data may be transferred outside the United Kingdom when:

  • Cloudflare routes traffic through data centres in other countries
  • Hosting or email infrastructure sits on servers located outside the UK
  • Third party processors store or back up data in other regions

Where this happens, Ki-Ki relies on safeguards provided by those services, such as standard contractual clauses or equivalent mechanisms recognised under UK law. The goal is to keep your rights protected even when data moves across borders.

8. How long data is kept

Ki-Ki keeps personal data only for as long as it is reasonably needed for the purposes described above, and then deletes or anonymises it.

As a guide:

  • Website security logs: retained by Cloudflare for limited periods in line with their standard retention, unless specific entries need to be kept longer for security or legal reasons
  • Enquiry emails: kept while the conversation is active and for a reasonable period afterwards, for example to follow up or check previous advice
  • Client records and invoices: kept for the duration of the relationship and for several years afterwards, to meet legal and tax obligations
  • Security alerts in Discord: kept for operational and audit purposes, then removed or allowed to age out in line with standard usage

Exact retention periods may vary depending on context, for example if there is a dispute, regulatory interest, or a need to preserve logs as evidence of abuse.

9. Security

Ki-Ki takes technical and organisational steps to reduce the risk of data loss, misuse, or unauthorised access. These include:

  • Use of Cloudflare to protect against common web threats
  • Static site hosting to minimise moving parts and attack surface
  • Encryption in transit using HTTPS
  • Use of strong passwords and, where available, multi factor authentication on key accounts
  • Limited use of third party scripts and no embedded advertising networks
  • Selective logging and monitoring focused on security and reliability, not surveillance of individuals

No internet facing system can be completely immune from risk. Ki-Ki aims to keep exposure low and respond sensibly to any issues that do arise.

10. Your rights

Under UK data protection law, you have rights over your personal data. These include:

  • Access: ask for a copy of personal data held about you
  • Rectification: ask for inaccurate information to be corrected
  • Erasure: ask for personal data to be deleted in some circumstances
  • Restriction: ask for use of your data to be limited in specific situations
  • Objection: object to processing based on legitimate interests where you feel your interests outweigh the controller’s
  • Portability: receive certain data in a structured, commonly used format and ask for it to be transmitted to another controller where technically feasible

If you want to exercise any of these rights in relation to Ki-Ki, email [email protected] with enough information to identify you and your connection to Ki-Ki. A response will normally be provided within one month, in line with legal obligations.

There may be limits or exemptions in certain situations. If that applies, the reasoning will be explained where possible.

11. Complaints

If you have questions or concerns about how Ki-Ki handles personal data, the first step is to make contact directly:

Email: [email protected]

You also have the right to raise a concern with the UK regulator:

Information Commissioner’s Office (ICO)
Website: ico.org.uk
Telephone: 0303 123 1113 (from within the UK)

You can contact the ICO at any time. It is usually more efficient to try to resolve matters with the controller first.

12. Children

Ki-Ki is aimed at adults who run or support organisations. It is not designed for children and does not knowingly collect personal data from children.

If you believe personal data relating to a child has been collected by mistake, please get in touch so that it can be reviewed and, if appropriate, removed.

13. Changes to this policy

Ki-Ki’s technical setup and services will continue to evolve. This policy will be updated when that meaningfully affects how personal data is collected or used.

The “last updated” date at the top of this page shows when the policy was most recently revised. In cases where changes are significant, reasonable steps will be taken to draw attention to them, for example by a short notice on the site.