Legal

Privacy Policy

Effective date: 16 June 2026  ·  Last updated: 16 June 2026

1. Who We Are

Orthrus Guard IT Consulting ("Orthrus Guard", "we", "us", or "our") is an IT consultancy providing cloud migration, on-premises infrastructure, and FinOps services. Our website is located at https://orthrus-guard.cc.

For questions about this Privacy Policy, you can reach us at: [email protected]

2. Information We Collect

We collect only the minimum information necessary to provide our services. We collect personal data through two channels:

Email contact — when you email us directly at [email protected], we may receive:

  • Your name and email address
  • Your company name (if provided)
  • The content of your message

Orthy — website chat assistant — our website includes an interactive chat widget ("Orthy") that invites you to describe your IT consulting needs. If you choose to engage, Orthy may collect:

  • Your name
  • Your work email address
  • Your company name (optional)
  • Your area of interest and follow-up answers you provide during the conversation

Use of the Orthy chat widget is entirely voluntary. You may close it at any time without providing any information. A privacy notice is presented to you inside the chat before any contact details are requested, and your acknowledgement is recorded.

We do not use tracking pixels, behavioral analytics, or third-party advertising cookies on this site. No analytics tools or visitor-tracking software are deployed on this website.

3. How We Use Your Information

Information you provide — whether via email or through the Orthy chat widget — is used solely to:

  • Respond to your enquiry
  • Provide the consulting services you have requested
  • Fulfil our contractual obligations
  • Follow up on your expressed interest in our services (where you have provided your contact details via Orthy)

We do not sell, rent, or share your personal data with third parties for marketing purposes. The lawful basis for processing email enquiries and Orthy chat submissions is Article 6(1)(b) GDPR (steps taken at your request prior to entering a contract) and, where a service engagement follows, Article 6(1)(b) for the performance of that contract. Where we retain business correspondence or lead records beyond the active engagement, we rely on Article 6(1)(f) GDPR (our legitimate interest in maintaining accurate business records).

4. Legal Basis for Processing (GDPR)

Where the General Data Protection Regulation (GDPR) or the UK GDPR applies, we process personal data on the following lawful bases:

  • Article 6(1)(b) — Contract / Pre-contractual steps: Processing your enquiry and delivering the consulting services you have requested.
  • Article 6(1)(c) — Legal obligation: Where we are required to retain records under applicable accounting, tax, or regulatory law.
  • Article 6(1)(f) — Legitimate interests: Maintaining accurate business correspondence and lead records to manage our ongoing client relationships, defend legal claims, and operate our business. We have balanced this interest against your rights and interests; given the limited volume and sensitivity of the data processed, we are satisfied that our legitimate interests are not overridden by your interests or fundamental rights.

If you are located in the EU or UK and wish to object to processing carried out on the basis of our legitimate interests, please contact us at [email protected].

5. Data Retention

We retain personal data only for as long as necessary for the purpose for which it was collected, subject to the following guidelines:

  • Pre-contractual enquiries (no engagement): Email correspondence is retained for up to 12 months from the date of last contact, after which it is deleted unless a business relationship has been established.
  • Client engagement records: Where a service engagement proceeds, correspondence and related records are retained for 7 years from the end of the engagement, in line with standard commercial and tax record-keeping obligations in applicable jurisdictions.
  • Legal hold: Where records are subject to a legal hold, regulatory inquiry, or ongoing dispute, they are retained until that matter is resolved, regardless of the above periods.

At the end of any applicable retention period, personal data is securely deleted or anonymized.

6. Data Sharing and Third Parties

We use the following third-party services on this website:

  • Google Fonts — to render typefaces. Google may log your IP address when fonts are loaded. See Google's Privacy Policy.

We do not share personal information from email correspondence with third parties except where required by law or as described below. The following sub-processors may handle personal data on our behalf:

  • Cloudflare, Inc. — network security, DDoS mitigation, and content delivery. Cloudflare processes connection metadata (including IP addresses) to protect this website. See Cloudflare's Privacy Policy.
  • Business email service provider — our domain email ([email protected]) is hosted by a third-party email provider. Messages you send to us are stored on their servers in accordance with their data processing terms.

Lead submissions made through the Orthy chat widget are stored in a server-side database hosted on our web server and are also delivered to us by email via our business email service provider. No third-party CRM or lead management platform is used. We will not disclose your data to any other third party without your consent, except where legally required (e.g., court order, regulatory obligation).

7. Cookies

This website does not set first-party cookies. However, Cloudflare — our network security and content delivery provider — may set the following cookies on your device for security and performance purposes:

  • __cf_bm — set by Cloudflare's bot management service. This cookie lasts 30 minutes and is strictly necessary to distinguish legitimate visitors from automated bots. It does not track you across third-party websites.
  • cf_clearance — set when Cloudflare requires a security challenge to be completed (e.g., where bot or DDoS activity is detected). This cookie confirms that the challenge was passed and allows continued access. It expires after 30 minutes to 24 hours depending on site configuration.

These cookies are classified as strictly necessary and are set by Cloudflare as a third-party service provider, not by Orthrus Guard. They are not used for advertising, profiling, or cross-site tracking. No other cookies are set by this website.

8. Security

We implement technical and organizational measures to protect personal data against unauthorized access, loss, or disclosure. These include:

  • HTTPS encryption for all site traffic
  • Content Security Policy and other HTTP security headers
  • No server-side storage of visitor contact data via web forms (data is transmitted by email only)

Additional organizational controls include:

  • Access to email correspondence and client records is restricted to authorized personnel on a need-to-know basis.
  • Strong authentication controls are applied to all accounts used in connection with business operations.
  • We review our data handling practices periodically to ensure continued alignment with applicable data protection law.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data. To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (or as required by applicable law).

EU / UK — General Data Protection Regulation (GDPR / UK GDPR)

  • Right of access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17): Request deletion of your personal data where there is no compelling reason for its continued processing.
  • Right to restriction of processing (Art. 18): Request that we limit how we use your data in certain circumstances.
  • Right to data portability (Art. 20): Receive data you have provided to us in a structured, machine-readable format, where processing is based on consent or contract.
  • Right to object (Art. 21): Object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
  • Right to lodge a complaint: You have the right to lodge a complaint with your local data protection supervisory authority (e.g., your national Data Protection Authority in the EU, or the UK ICO at ico.org.uk).

California, USA — California Consumer Privacy Act (CCPA / CPRA)

  • Right to know: Request disclosure of the categories and specific pieces of personal information we have collected about you, and the purposes for which it is used.
  • Right to deletion: Request deletion of personal information we have collected, subject to certain exceptions (e.g., legal obligations).
  • Right to opt-out of sale or sharing: We do not sell or share personal information for cross-context behavioral advertising. This right is therefore not applicable.
  • Right to non-discrimination: We will not discriminate against you for exercising any CCPA rights.
  • Right to correct: Request correction of inaccurate personal information we hold about you.

Canada — Personal Information Protection and Electronic Documents Act (PIPEDA)

  • Right of access: Request access to personal information we hold about you and how it has been used or disclosed.
  • Right to accuracy: Request correction of inaccurate or incomplete personal information.
  • Right to withdraw consent: Withdraw consent to the collection, use, or disclosure of your personal information at any time, subject to legal and contractual restrictions. Withdrawal may affect our ability to provide services to you.
  • Right to file a complaint: Lodge a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.

10. International Data Transfers

Some of our service providers may process personal data outside the European Economic Area (EEA) or the United Kingdom. Where such transfers occur, we ensure that appropriate safeguards are in place in accordance with GDPR Chapter V and UK GDPR:

  • Google LLC (Google Fonts): Google is certified under the EU-US Data Privacy Framework, which provides an adequacy mechanism recognised by the European Commission for transfers to the United States. Google also offers Standard Contractual Clauses (SCCs) as an additional safeguard. See Google's Data Privacy Framework page.
  • Cloudflare, Inc.: Cloudflare participates in the EU-US Data Privacy Framework and offers SCCs for transfers to the United States and other countries. See Cloudflare's GDPR Trust Hub.
  • Business email service provider: Data transfers by our email provider are governed by that provider's data processing agreement, which includes SCCs or equivalent transfer mechanisms where required.

You may request a copy of the applicable transfer safeguards by contacting us at [email protected].

11. Children's Privacy

This website is intended for business professionals and is not directed at children. We apply the following minimum age thresholds consistent with applicable law:

  • EU / UK (GDPR): We do not knowingly collect personal data from individuals under the age of 16.
  • United States (COPPA): We do not knowingly collect personal data from children under the age of 13.
  • Canada (PIPEDA): We do not knowingly collect personal data from individuals under the age of 13.

In practice, we apply the highest applicable threshold (age 16) as a universal standard. If you believe we have inadvertently collected personal data from a child, please contact us immediately at [email protected] and we will promptly delete such data.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact:

Orthrus Guard IT Consulting
General enquiries: [email protected]
Privacy & data protection: [email protected]
Website: https://orthrus-guard.cc

Note on Data Protection Officer (DPO): As a small business that does not engage in large-scale systematic processing of personal data or sensitive data categories, Orthrus Guard is not required to appoint a formal Data Protection Officer under Article 37 GDPR. The point of contact for all data protection queries is the email address above.