Privacy Notice

doratlpt.com is operated by Cytadel Cyber ("we", "us"). This notice explains what personal data we collect through this website, why, and your rights under the UK GDPR / EU GDPR.

1. Information we collect

Through the contact form we collect what you submit: your name, work email, organisation, role, entity type, and the message you write.

Through the optional scope-check email affordance (the "Email me my results" button inside the Am-I-in-scope tool on the Who Needs TLPT page) we collect the email address you enter together with the answers you gave and the indicative verdict the tool returned. The answers themselves are entity-profile choices (entity category, systemic-importance flag, lighter-regime flag, transaction-volume flag); we do not capture any other identifying information about the entity.

We also collect anonymised request metadata (timestamp, country, user agent) for spam protection and operational logging.

2. Why we collect it

We use submitted information to respond to your enquiry, to send your scope-check verdict back to the address you entered, and to keep a record of the conversation. We do not add you to a marketing list without your explicit opt-in. We do not sell or share personal data with third parties for marketing purposes.

3. Legal basis

We rely on legitimate interests (replying to enquiries about our services and sending you results you have explicitly requested) and, where relevant, consent (for any optional updates you specifically request).

4. Where your data is processed

Form and scope-check submissions are processed by Cloudflare Workers (EU edge) and delivered through Postmark (ActiveCampaign) as our transactional email provider. Postmark is the data processor for the email-delivery step; we are the data controller. Postmark processes mail through US infrastructure; ActiveCampaign is certified under the EU-US Data Privacy Framework, which provides the lawful transfer mechanism under the EU GDPR.

5. Cookies and analytics

This site uses two analytics tools with different consent profiles:

Umami (umami.is) is always on and cookieless. It captures the page URL, referrer, country, browser and screen size in aggregate, sets no cookies, uses no local storage, assigns you no persistent identifier, and does not track you across sites. No personal data and no IP address is stored. Because no personal data is processed on this path, no consent is required under the EU ePrivacy Directive or the EU/UK GDPR.

Google Analytics 4 runs only after you accept consent. If you accept on the consent banner shown at the bottom of the page, we additionally load Google Analytics 4 with IP anonymisation enabled. Until you accept, Google Analytics operates in Consent Mode v2 with all storage categories denied: no cookies are set, no client identifier is generated, and no tracking pings are sent. Google LLC is certified under the EU-US Data Privacy Framework, which provides the lawful transfer mechanism under the EU GDPR. Your consent choice is stored locally on your device (browser localStorage) so the banner is not shown again. You can withdraw consent at any time by clearing your browser site data for doratlpt.com.

We do not run Meta Pixel, LinkedIn Insight, TikTok Pixel, or any other third-party advertising trackers.

6. Retention

We retain enquiry data for as long as needed to respond and maintain a record of any commercial relationship that follows. Inactive enquiries and scope-check results are deleted after 24 months unless we are required to keep them for legal or regulatory reasons.

7. Your rights

You have the right to access, correct, delete, or restrict processing of your personal data, and to lodge a complaint with the ICO (UK) or your local supervisory authority. Contact info@doratlpt.com to exercise these rights.

8. Updates to this notice

We may update this notice as our practices evolve. The "Last updated" date at the top of this page will reflect any changes.