Privacy Policy

1. Introduction

Virtual Factory Solutions Ltd. (trading as “VFS” and operating the “Zeodyn” brand) (“we”, “us”, or “our”) is the data controller responsible for your personal data. We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).

This Privacy Policy explains how we collect, use, and protect information when you use our website at zeodyn.com and related services (the “Service”). If you are located in the European Economic Area (EEA), we also process your data in compliance with the EU General Data Protection Regulation (EU GDPR).

2. Data controller

Virtual Factory Solutions Ltd.
Registered in England and Wales
Email: privacy@zeodyn.com

3. What data we collect

We collect minimal data to operate the Service:

• URLs submitted for scanning: When you use the Zeodyn Scanner™, the URL you submit is processed to generate your report. URLs are not linked to your identity.
• Email addresses (optional): If you voluntarily provide your email address (e.g. to receive launch notifications), we store it solely for that purpose.
• Technical data: We may collect standard server log data including IP addresses, browser type, and referring pages. This data is used for security monitoring and service operation only.
• Cookies: We use essential cookies only. See our Cookie Policy for details.

4. Analytics

We use Plausible Analytics, a privacy-friendly, cookie-free analytics service hosted in the European Union. Plausible collects no personal data, sets no cookies, and does not track individual visitors across sites. All data is aggregated and anonymous.

Key points:

• No cookies are set by our analytics.
• No personal data is collected.
• No cross-site tracking.
• All data is aggregated and anonymous.
• Plausible is compliant with UK GDPR, the Data Protection Act 2018, PECR, EU GDPR, and CCPA without requiring visitor consent.

For details on how Plausible handles data, see their data policy.

5. How we use your data

We use the data we collect to:

• Provide and operate the Zeodyn Scanner™.
• Generate and store scan reports.
• Send launch notifications if you have opted in.
• Monitor and protect the security of the Service.
• Comply with legal obligations.

6. Legal basis for processing

We process your personal data on the following legal bases under Article 6(1) UK GDPR:

• Contractual necessity (Art. 6(1)(b)): Processing URLs you submit to provide the scanning service and generate your report.
• Legitimate interests (Art. 6(1)(f)): Processing technical data (server logs, IP addresses) to maintain the security and integrity of the Service, and to prevent abuse.
• Consent (Art. 6(1)(a)): Processing email addresses for optional notifications, where you have given explicit consent. You may withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)): Where we are required to process data to comply with applicable law.

7. Data sharing

We do not sell your personal data. We may share data with:

• Infrastructure providers: We use Microsoft Azure (UK South region) to host the Service. Data is processed and stored within the United Kingdom.
• Analytics: We use Plausible Analytics, which is hosted in the European Union. Plausible does not collect personal data or set cookies. See section 4 for details.
• DNS and security: We use Cloudflare for DNS resolution and DDoS protection. Cloudflare processes requests at global edge nodes. Cloudflare acts as a data processor and is certified under the EU–US Data Privacy Framework.
• Legal requirements: We may disclose data if required by law, court order, or governmental regulation.

8. Data retention

• Scan results: Retained for 30 days from the date of the scan, after which they are automatically deleted.
• Email addresses: Retained until the relevant notification is sent or you request deletion, whichever is earlier.
• Server logs: Retained for up to 90 days for security monitoring purposes.

9. International transfers

Our primary hosting infrastructure is in the United Kingdom (Microsoft Azure, UK South region). In addition:

• Plausible Analytics is hosted in the European Union. No personal data is transferred, as Plausible does not collect any.
• Cloudflare processes DNS and security requests at global edge nodes. Cloudflare is certified under the EU–US Data Privacy Framework and operates as a data processor under appropriate safeguards.

Where any transfer of personal data outside the UK is required, we ensure appropriate safeguards are in place in accordance with UK GDPR, including standard contractual clauses or adequacy decisions as applicable.

10. Your rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data (“right to be forgotten”).
• Object to or restrict processing of your data.
• Request portability of your data.
• Withdraw consent at any time (where processing is based on consent).
• Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, contact privacy@zeodyn.com. We will respond within one month.

11. Children's privacy

The Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will promptly delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make changes, we will update the “Effective” date at the top of this page. We encourage you to review this page periodically.

13. Contact

For privacy enquiries, contact privacy@zeodyn.com.