Privacy Policy

Who we are

This website is operated by JustAppSec Limited, a company registered in England and Wales (Company No. 16602827). When this policy refers to “we”, “us”, or “our”, it means JustAppSec Limited.

JustAppSec Limited is registered as a data controller with the Information Commissioner's Office. Registration reference: ZC068280. Download registration certificate (PDF).

You can contact us via the contact page.

Cookies

We do not use cookies. No tracking cookies, analytics cookies, or advertising cookies are set by this site.

Local storage

Some features of this site store small amounts of data in your browser's local storage. This data never leaves your device and is not accessible to us or any third party.

• Threat model editor - saves your author name preference and autosave setting between sessions.
• Currency preference - remembers whether you chose to view prices in GBP or USD.

You can clear this data at any time by clearing your browser's site data for justappsec.com.

Analytics

We use Vercel Analytics and Vercel Speed Insights to understand how the site is used and how it performs. These tools operate without cookies and do not track individuals across sites. The data collected is aggregated and anonymised. Vercel's privacy policy is available at vercel.com/legal/privacy-policy.

Contact form

If you submit a message via our enquiry form, we receive your name, email address, and message content. We use this information to respond to your enquiry and to consider whether our services are a fit for you. We do not add you to any mailing list or share your details with third parties.

The lawful basis for this processing is our legitimate interests in responding to business enquiries and assessing whether we can help you. You have the right to object to this processing at any time (see “Your rights” below).

Form submissions are handled by our hosting provider (Vercel) and notifications are delivered to us via Microsoft 365. We keep your contact details and message for up to two years from the date of your enquiry, after which we delete them.

If you arrive at this site via a link containing campaign parameters (such as utm_source or utm_campaign) or a Google Ads click identifier (gclid), those values are recorded alongside your form submission to help us understand which channels are effective. The page you were on before visiting this site (the HTTP referrer) may also be recorded for the same purpose. This information is used internally and is not shared with third parties beyond the processors listed in this policy.

Infrastructure and processors

This site is served via Cloudflare, which acts as a content delivery network and reverse proxy. Requests to justappsec.com pass through Cloudflare's network before reaching our hosting provider. Cloudflare may log request metadata including IP addresses. Their privacy policy is available at cloudflare.com/privacypolicy.

Our hosting provider (Vercel) may retain standard server logs including IP addresses, request paths, and timestamps. These logs are used for security and infrastructure purposes in accordance with Vercel's data retention policies.

Your rights

Under UK GDPR and the Data Protection Act 2018, you have the following rights regarding your personal data:

• Access, correction, and deletion. You may request a copy of, correction to, or deletion of any personal data we hold about you.
• Right to object. Where we process your data on the basis of legitimate interests, you have the right to object. We will stop processing unless we have compelling legitimate grounds that override your interests, or the processing is necessary for legal claims.
• Right to complain.You have the right to make a complaint to the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

To exercise any of these rights, contact us via the contact page.

Changes to this policy

We may update this policy from time to time. The “last updated” date at the top of this page reflects the most recent revision. Continued use of the site after changes constitutes acceptance of the updated policy.