Last reviewed: 2026-06-28

Privacy Notice

This notice is maintained by Dephiant Consulting Inc. to explain how we collect and use personal data when you interact with this website and our advisory services.

The headings below are the structure required for GDPR / UK GDPR compliance. Specific factual claims (controller registration number, DPO contact, named sub-processors, retention windows) must be confirmed and finalised by Dephiant counsel before this notice is relied upon. Treat any bracketed text as a placeholder.

1. Data controller

Dephiant Consulting Inc. ("Dephiant", "we", "us") is the data controller for personal data collected via this website and during our advisory engagements.

Postal address, registered office, and (where applicable) representative under Article 27 GDPR: [to be confirmed].

2. Personal data we collect

  • Contact form / lead capture: name, work email, company, the message you send, and the lead reference we generate.
  • Site assistant (chat): a randomly generated visitor identifier (no name unless you provide one), the messages you and the assistant exchange, and any resource you click through.
  • Assessment: the answers you submit, the score we generate, your IP address in hashed form, and your User-Agent.
  • Server logs: truncated IP, User-Agent, request path, response status, retained for security and operational purposes.

3. Lawful bases (GDPR Art. 6)

  • Consent for analytics cookies and any marketing communications.
  • Legitimate interests for responding to inbound inquiries, securing the site, and preventing abuse.
  • Performance of a contract for client engagements.
  • Legal obligation where retention or disclosure is required by law.

4. Recipients and sub-processors

We use a small set of vetted providers to host the site, send transactional email, and run the AI assistant. Authoritative list is maintained at /cookies and reviewed at least annually.

Current categories: hosting (Lovable Cloud / Cloudflare Workers), database and authentication (Supabase), email delivery (Gmail Workspace via API), AI inference (Lovable AI Gateway). Counsel to confirm named entities and transfer mechanisms.

5. International transfers

Where personal data is transferred outside your jurisdiction (for example, between the EEA / UK and the United States), we rely on European Commission adequacy decisions or Standard Contractual Clauses, supplemented by technical and organisational measures (encryption in transit and at rest, access controls, audit logging).

6. Retention

  • Contact / lead records: 24 months after last interaction.
  • Chat conversations: 90 days unless tied to an active matter.
  • Assessment submissions: 12 months from submission.
  • Server logs: 30 days.

Counsel to confirm windows match contractual and statutory obligations.

7. Your rights

Subject to applicable law you can request access, rectification, erasure, restriction, portability, and objection. To exercise any of these rights, submit a Data Subject Request at /dsar. You also have the right to lodge a complaint with your local supervisory authority.

8. Contact

Privacy questions: privacy@dephiantconsultinginc.com.

Security disclosures: see our security page and security.txt.