Back home

Privacy policy

How we handle your data.

We collect as little as possible, store it securely, and never sell or trade it. This page explains exactly what we keep, why, and what you can do about it.

Last updated · 2026-04-27

Who we are

Infyniq operates this website — a tech studio building websites, CRMs, custom applications, social & SEO campaigns. Reach us at [email protected].

Cyprus · Serving Worldwide

What we collect

When you contact us. Name, email and message — only what you type into our forms. Used to reply to you and schedule a meeting. Nothing else.

When you accept the cookie banner. We record one anonymous row with: your country (derived server-side from Cloudflare's CF-IPCountry header — never geolocated), the website that sent you here (if any), and a coarse classification of your client: device (mobile / tablet / desktop), browser family (Chrome, Safari, Firefox, …) and operating system. We never store raw IP addresses. No page views, scroll depth, time-on-page, click events or campaign parameters are tracked — just that one consent row.

When you decline the cookie banner. We still record the decision so the dashboard can show an opt-in rate, but the row is reduced to: country, the referring website, and the fact that analytics was declined. Device, browser and OS are not captured.

When you choose cookies. Your choice itself is stored — so we know which categories to honour and when to re-ask. Consent decisions are retained for compliance.

Cookies

Cookies fall into three categories. You control which of the optional ones are active through the banner (or by reopening it above).

Strictly necessary

· Always on

Keep the site secure and functional — without them you couldn't sign in, submit forms, or keep your own cookie preferences.

  • infyniq_consent

    12 months

    Remembers which cookie categories you accepted.

  • next-auth.session-token

    Up to 14 days

    Keeps admin users signed into the dashboard.

  • next-auth.csrf-token

    Session

    Anti-CSRF token for the admin sign-in form.

Analytics

· Optional

Let us count visitor decisions and break them down by country, device class, browser and operating system — aggregated only, one row per cookie-consent decision. We never log page views, scroll depth, time-on-page or any per-click events. Raw IPs are never stored.

  • _ga, _ga_*

    2 years

    Google Analytics 4 — distinguishes unique visitors and stores session state.

  • _gid

    24 hours

    Legacy Google Analytics — may be set by tags loaded via Google Tag Manager.

Marketing

· Optional

Let the ad platforms we work with attribute conversions and show you relevant content elsewhere. We don't run our own UTM or campaign tracking on this site — anything in this category comes from third-party tags fired through Google Tag Manager.

  • _gcl_au

    3 months

    Google Ads conversion linker — fired by tags configured in our Tag Manager container.

Third parties

Google Analytics 4. A lightweight script from Google counts visits. We've enabled IP anonymisation and use Google's Consent Mode v2, so Google knows what kind of storage you allowed before doing anything.

Google Tag Manager. Lets us add marketing tags (ads, retargeting) without redeploying the site. Each tag respects your consent — marketing tags only fire with marketing consent.

Cloudflare Turnstile. Our contact form uses Turnstile to block spam. Turnstile is privacy-preserving and doesn't use tracking cookies.

Cloudflare R2 & SMTP. We store our own project imagery in Cloudflare R2, and outgoing email goes through a standard SMTP provider. Neither stores data about your visit.

Your rights

Under GDPR and comparable laws, you can ask us to:

  • Access tell you exactly what data we hold about you.
  • Correct fix anything that's wrong or out of date.
  • Delete remove your data, except where we must keep it for legal reasons.
  • Object or restrict stop us from processing your data for specific purposes, like marketing.

To exercise any of these, email [email protected]. We respond within 30 days.

Retention
  • Contact form messages — up to 24 months, unless we're in an active commercial relationship.
  • Visitor records — the consent decision, country, referrer and (for opt-ins only) device / browser / OS are kept for up to 26 months. Aggregates may be kept longer — they can't identify anyone.
  • Dashboard accounts — kept while the account is active; deleted on request.
Changes

If we meaningfully change how we handle your data we'll bump the consent version, which reopens the banner so you re-confirm your choices. The Last updated date above also moves.

Talk to us

Any question about this policy — or about anything you see on the site — email [email protected].

[email protected]