Privacy Policy

Privacy policy and data protection information for trigosec

Privacy Policy

TL;DR: I don’t use cookies, I don’t track you, and by default only minimal technical data is processed to serve the site and produce aggregate statistics, and I don’t do ads. If you share information with me, it’s because you want a free consultation, try the DORA RoI Health Check or we’re working together on a project. Your data is yours, not mine, and I never sell it.

I’m committed to protecting your privacy and complying with GDPR and German data protection laws. This policy explains what data I collect (spoiler: very little), why I collect it, and how I handle it.

As a visitor to trigosec.com

Your privacy matters to me, so I don’t track individual visitors. As someone browsing this website:

  • No ads and no data resale: I do not sell personal data or share it for advertising purposes
  • No cross-site tracking: I do not use tracking cookies or third-party ad pixels
  • No attempt to identify you: I do not build profiles or track you across sessions
  • Limited third-party processing: Cloudflare and Plausible process limited technical data as described below to serve the site and provide aggregate statistics

I use Plausible Analytics to understand general website usage patterns (for example: which pages are popular and basic device information). This data is aggregated and I cannot use it to identify individual visitors. Plausible is an EU-based service and you can see what they collect in their data policy.

I only collect personal information when you decide to contact me or share your email with me.

When you contact me or work with me

I only collect personal information when you actively choose to share it with me. This happens in three main scenarios:

1. Free consultation requests

When you book a free 1-hour consultation through Calendly or contact me directly:

  • Your email address and name - So I can respond to you and schedule our meeting
  • Any information you share during our consultation - To provide you with relevant advice
  • Meeting details - Calendly handles the scheduling and shares basic information needed for our appointment

I use this information solely to provide the consultation you requested. I don’t add you to marketing lists or share your information with anyone else.

2. Project collaboration

When we work together on a project:

  • Contact information - Email, phone, and other details needed for project communication
  • Project-related information - Technical requirements, business context, and other details necessary to deliver the work
  • Billing information - Handled through invoicing, not stored in any customer database

This information is used exclusively for project delivery and communication.

3. DORA RoI Health Check

When you use the DORA RoI Health Check:

  • Contact information - Your email address (work email)
  • Where your email goes - When you submit your email address, it is sent to a Google Apps Script endpoint and recorded in a Google Sheet so I can follow up
  • Partner sharing for embedded versions - If the Health Check is embedded on a partner site, the partner collects your email on their site and shares it with me so I can follow up. Their privacy policy applies
  • Email domain processing - I derive your email domain (the part after “@”) and send it to an endpoint on this website to check it against a small watch list that controls an optional returning-visitor message. For embedded partner versions, the partner may also perform this domain check on their side to enable their returning-visitor message (see partner privacy policy)
  • Your RoI file and results - Your RoI ZIP file and validation results are processed locally in your browser and are not uploaded to my servers

Your email address is used to follow up with you about the RoI Health Check and offer help interpreting and resolving issues.

The services I use and your data

I’m transparent about the third-party services that power this website and my business:

Website hosting and performance

  • Cloudflare hosts this website and provides security protection. They may process basic request information (IP addresses, request types) to deliver the website to you. See Cloudflare’s privacy policy.

Analytics

  • Plausible Analytics provides privacy-friendly website statistics. They don’t use cookies, don’t track individuals, and keep all data in the EU. See Plausible’s privacy policy for full details.

Scheduling

  • Calendly handles appointment booking for free consultations. When you book a meeting, Calendly processes your email and scheduling preferences. See Calendly’s privacy policy.

Communication and collaboration

  • Google Workspace powers my email (@trigosec.com), file sharing, and calendar. When we communicate via email or share files, Google processes this information to deliver these services. See Google’s privacy policy.
  • Google Apps Script and Google Sheets record email addresses submitted via the DORA RoI Health Check so I can follow up. See Google’s privacy policy.
  • Partner lead capture - For embedded versions of the Health Check, a partner collects your email on their site and shares it with me for follow-up. Their privacy policy applies.

Professional networking

  • LinkedIn is where I share updates about my work. If you connect with me there, LinkedIn’s privacy policy applies. See LinkedIn’s privacy policy.

Important notes about these services:

  • I only share information with them that’s necessary for the service they provide
  • None of these services have access to information beyond what’s needed for their specific function
  • I don’t sell or share your data with any of these providers for marketing purposes
  • Your data stays within reputable, GDPR-compliant services

Data controller

Controller (data controller):

trigosec
Owner: Germán Fuentes Capella
Wertheimer Str. 11
81243 Munich, Germany
Email: hello@trigosec.com

For full legal information, see the Impressum.

I process personal data only when there is a legal basis under GDPR Article 6. In practice, this means:

  • Website delivery and security (Cloudflare): Legitimate interests (GDPR Article 6(1)(f)) to operate, secure, and defend the website.
  • Aggregate website analytics (Plausible): Legitimate interests (GDPR Article 6(1)(f)) to understand website usage in aggregate without identifying you.
  • Consultation requests and inquiries: Steps prior to entering into a contract and responding to your request (GDPR Article 6(1)(b)).
  • Project delivery: Performance of a contract (GDPR Article 6(1)(b)) and, where applicable, legal obligations such as tax and bookkeeping requirements (GDPR Article 6(1)(c)).
  • DORA RoI Health Check email capture: Legitimate interests (GDPR Article 6(1)(f)) to provide access to the tool and proactively follow up about the health check and next steps (not for advertising or reselling data).

Data retention and your rights

How long I keep your information:

  • Website analytics: Plausible keeps aggregate data according to their retention policy
  • Consultation inquiries: I keep our correspondence to reference if you contact me again
  • Project work: I retain project communications and files as long as is allowed under applicable law and necessary for the project
  • DORA RoI Health Check: I keep the email and our correspondence to reference if you contact me again

Your rights:

  • Access: You can ask what information I have about you
  • Correction: You can ask me to correct any inaccurate information
  • Deletion: You can ask me to delete your information (except what I’m legally required to keep)
  • Portability: You can ask for a copy of your information in a common format
  • Objection: You can object to how I process your information
  • Complaint: You can lodge a complaint with a supervisory authority, including in the EU member state where you live or work

To exercise these rights, just email me at hello@trigosec.com.

Why you should trust me

I’m a one-person consultancy focused on security and compliance. I understand the importance of data protection because it’s literally part of what I help my clients with.

  • No advertising business model - I don’t make money from your data, I make money from providing valuable services
  • Minimal data collection - I only collect what I need to provide the service you’re asking for
  • Transparent approach - This policy explains exactly what I do, and you can contact me anytime with questions
  • European standards - I’m based in Germany and follow EU data protection principles

This privacy policy is designed to comply with:

  • GDPR (General Data Protection Regulation)
  • German Federal Data Protection Act (BDSG)
  • Other applicable European privacy regulations

Since I don’t use cookies and I don’t track individual visitors, you won’t see any annoying cookie banners or consent forms on this website.

Changes to this policy

I may update this policy occasionally to reflect changes in my services or legal requirements. Any significant changes will be announced through my usual communication channels (like LinkedIn updates).

Questions?

If you have any questions about this privacy policy, your data, or your rights, please contact me at hello@trigosec.com. I’m happy to explain anything or discuss your specific situation.

Last updated: March 2026

This privacy policy reflects my commitment to respecting your privacy while providing valuable security and compliance services. It’s written in plain language because privacy policies should be understandable, not intimidating.