Privacy notice

Who is responsible

TheTechDodo is the controller responsible for the personal data described in this notice. For any privacy question or request — and for TheTechDodo's full business registration details (legal name, KvK/VAT number, and registered address), which are provided on request — contact [email protected].

What this page covers

This notice covers inquiries submitted through TheTechDodo lead forms on the homepage and Direct Booking Leak Audit page, and the consent-based analytics and tracking tools used on this website.

What we collect

The forms may collect the information you submit: name, email address, company name, website URL, business type, service interest, current booking system, Google Ads usage, OTA usage, biggest current issue, monthly traffic or booking volume if known, and message.

The forms also include service and security context: service code, lead source, landing page, selected service, a hidden spam-check field, and a Cloudflare Turnstile response. The form handler may add basic operational context such as the submission time, browser user agent, and coarse country information if available.

Why we collect it

TheTechDodo uses this information to respond to inquiries, check whether the service is a fit, prepare the next step, and protect the form from spam or abuse.

Our lawful basis

For handling inquiries, the lawful basis is taking steps at your request before entering a possible contract, together with TheTechDodo's legitimate interest in responding to and qualifying business inquiries (Article 6(1)(b) and 6(1)(f) GDPR). Protecting the forms from spam and abuse relies on legitimate interest. Analytics and advertising cookies are used only on the basis of your consent (Article 6(1)(a) GDPR), which you can give or withdraw at any time.

Where it goes

Inquiry details are processed by a Cloudflare Pages Function and sent through Resend as email to TheTechDodo's inbox. V1 lead storage is email-only. TheTechDodo does not store form submissions in a CRM, database, spreadsheet, newsletter tool, analytics platform, or advertising platform.

Processors

• Cloudflare Pages: website hosting and Pages Function execution.
• Cloudflare Zaraz: consent management and tracking orchestration.
• Cloudflare Turnstile: spam and bot protection for the forms.
• Resend: transactional email delivery.
• Google Analytics 4: website analytics, loaded only after Analytics consent is given.
• Google Ads: connected with Conversion Linker. Advertising and remarketing features (including Google Signals) are activated only after you accept the Advertising purpose — see "Cookies and tracking" below. Campaign conversion tracking is not yet active.

International data transfers

Some processors listed above — in particular Google — may process personal data outside the European Economic Area, including in the United States. Where that happens, the transfer relies on the processor's own safeguards, such as the EU-US Data Privacy Framework and/or the European Commission's Standard Contractual Clauses. Cloudflare and Resend may likewise process limited data outside the EEA under comparable safeguards.

How long we keep it

Inquiry emails are kept only as long as needed to handle the inquiry and normal business administration. If an engagement starts, relevant business records may be kept as part of that work and administration.

Your rights

You can ask for access, correction, deletion, or objection related to your personal data by contacting [email protected].

Cookies and tracking

This website uses Cloudflare Zaraz as its consent and tracking layer. On your first visit, Zaraz shows a consent modal where you can accept or decline each purpose. Your choice is stored in a cookie named zaraz-consent. You can change your choice at any time using the cookie settings button at the bottom-left of every page.

Analytics (Google Analytics 4) — GA4 is loaded only if you accept the Analytics purpose. It collects standard browsing data such as pages visited, referrer, and coarse device information, processed by Google. GA4 runs server-side through Cloudflare Zaraz, which stores GA4 state in first-party cookies on this domain (for example cfz_google-analytics_v4 and cfzs_google-analytics_v4). These hold identifiers such as a GA4 client ID and session ID, page and engagement counters, and — if you also accept Advertising — a remarketing audience identifier. They are kept for up to about 12 months.

Advertising (Google Ads & Google Signals) — If you accept the Advertising purpose, Google's advertising and remarketing features are activated. This includes Google Signals, which builds remarketing audiences and may send data to Google advertising domains (such as google.com and doubleclick.net) and set a remarketing identifier. This happens once you give Advertising consent, whether or not a paid campaign is currently running. Conversion tracking for specific campaigns is not yet active, as no conversion label is configured. If you do not accept the Advertising purpose, none of these advertising features run.

Cloudflare Turnstile is used for spam and security protection on inquiry forms. No third-party consent management platform (Cookiebot, OneTrust, or similar) is used. No Google Tag Manager container is used.

Last updated

June 12, 2026.