Privacy Policy

Summary

Domma is committed to protecting your privacy. We collect minimal data necessary to improve our service and provide you with a better experience. You have full control over your data and can opt-out at any time.

What Data We Collect

Domma collects limited data to understand how our framework is used and to improve the user experience. The data we collect includes:

Page Views: URL, page title, referrer, timestamp
Browser Information: User agent, screen resolution, viewport size
IP Address: Automatically anonymised before storage (last octet masked for IPv4, last 80 bits for IPv6) for analytics and security purposes
User Preferences: Theme selection, UI settings, and other preferences stored in your browser's localStorage
Consent Information: Your acceptance of this privacy policy and timestamp

We do NOT collect: Personal information (name, email, address), payment information, passwords, or any sensitive personal data unless you explicitly provide it through forms or user registration.

How We Use Your Data

Your data is used exclusively for the following purposes:

Analytics: Understanding which pages and features are most popular
Service Improvement: Identifying bugs, improving performance, and enhancing documentation
Security: Preventing abuse, identifying malicious activity, and protecting our infrastructure
User Experience: Remembering your preferences (theme, settings) for a personalised experience

We do not sell, rent, or share your data with third parties for marketing purposes.

Where Your Data Is Stored

Your data is stored in two locations:

Backend Server: Analytics data (page views, browser info, anonymised IP addresses) is stored on our secure backend server. This data is automatically deleted after 90 days in compliance with GDPR storage limitation requirements.
Your Browser (localStorage): User preferences (theme, settings, consent information) are stored locally in your browser's localStorage. This data never leaves your device and can be cleared at any time through your browser settings.

We do not use traditional cookies. All persistent data is stored using the Web Storage API (localStorage).

Your Rights Under GDPR

Domma is fully compliant with the General Data Protection Regulation (GDPR). If you are in the European Economic Area (EEA), you have the following data protection rights which you can exercise at any time:

Self-Service GDPR Tools

For registered users, we provide self-service tools to exercise your GDPR rights instantly without needing to contact us. All tools require authentication and are accessible through your account dashboard.

1. Right of Access (GDPR Art. 15)

You have the right to know what personal data we hold about you and how we process it.

For Registered Users: Log in to your account and visit the Privacy Dashboard to view a complete summary of all data we hold about you, including:
- Profile information (name, email, role, account creation date)
- Page view history (anonymised)
- Blog posts (if applicable)
- Contact submissions and feedback
- Session activity
API Endpoint: GET /api/gdpr/data-summary (requires authentication)
For Non-Registered Users: Contact us at privacy@dcbw-it.co.uk with your request. We will provide you with a summary of any data we can identify as yours within 30 days.

2. Right to Data Portability (GDPR Art. 20)

You have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format.

For Registered Users: Log in to your account and visit the Privacy Dashboard. Click "Export My Data" to download a complete JSON file containing all your personal data. The export includes:
- User profile information
- All page views associated with your account
- Blog posts you've created
- Contact submissions and feedback
- Metadata (export date, format version, GDPR article reference)
The exported data is in JSON format, making it easy to import into other systems.
API Endpoint: GET /api/gdpr/export (requires authentication)
For Non-Registered Users: Contact us at privacy@dcbw-it.co.uk to request a data export.

3. Right to Erasure / "Right to be Forgotten" (GDPR Art. 17)

You have the right to request deletion of your personal data from our systems.

For Registered Users: Log in to your account and visit the Privacy Dashboard. Click "Delete My Account" to permanently delete your account and all associated data.
- What gets deleted: User account, page views, blog posts (or anonymised)
- What gets anonymised: Contact submissions and feedback (content retained for service improvement, but personally identifiable information is removed)
- Confirmation required: You must confirm your email address and provide your password
- This action is irreversible - all data is permanently deleted and cannot be recovered
API Endpoint: DELETE /api/gdpr/delete-account (requires authentication + password confirmation)
For Non-Registered Users: Contact us at privacy@dcbw-it.co.uk to request data deletion. We will process your request within 30 days.

4. Right to Object / Opt-Out of Tracking

You have the right to object to the processing of your personal data for analytics purposes.

Do Not Track (DNT): We respect the Do Not Track browser setting. If you enable DNT in your browser, we will not track your browsing activity or collect analytics data. No action required on our part.
Cookie Consent: Reject analytics cookies through our cookie consent banner (appears on first visit). You can change your preferences at any time by clicking "Cookie Settings" in the footer.
Clear Local Storage: Clear your browser's localStorage to remove all locally stored preferences and consent information.
Private Browsing: Use your browser's private/incognito mode to prevent tracking.

5. Right to Rectification

If you believe any personal data we hold about you is inaccurate or incomplete, you have the right to request correction.

For Registered Users: Update your profile information through your account settings.
For Non-Registered Users: Contact us at privacy@dcbw-it.co.uk with the correction request.

6. Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances. Contact us at privacy@dcbw-it.co.uk to discuss your specific situation.

Additional Privacy Protections

Beyond GDPR requirements, Domma implements the following privacy-first practices:

IP Anonymisation: All IP addresses are automatically anonymised before storage (GDPR Art. 5(1)(c) - Data minimisation)
90-Day Auto-Deletion: Analytics data is automatically deleted after 90 days (GDPR Art. 5(1)(e) - Storage limitation)
DNT Respect: We honour the Do Not Track browser setting
No Third-Party Tracking: We do not share your data with advertisers or third-party trackers
Minimal Data Collection: We only collect data necessary for service improvement

Data Security

We take reasonable measures to protect your data:

All data transmission uses HTTPS encryption
Analytics data is stored on secure, access-controlled servers
We regularly review and update our security practices
We do not store sensitive information that could identify you personally

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make changes, we will update the "Last Updated" date below and may notify users through a banner or other means.

Continued use of Domma after changes to this policy constitutes acceptance of the updated terms.

Cookies and Tracking Technologies

For detailed information about how we use cookies and similar tracking technologies, please see our Cookie Policy.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Email: privacy@dcbw-it.co.uk
Website: About Us
Cookie Policy: View Cookie Policy
Feedback: Send Feedback

Last updated: January 2026
Version: 2.0 (GDPR Enhanced)