Privacy Policy
Last updated: 1 May 2026
This policy explains what information panoptic.ie collects, why, who processes it on our behalf, and the rights you have under the EU General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018.
Who we are
Panoptic IT Solutions is the data controller for personal data collected via this website.
- Cork office: Unit 38, Tramore Commercial Park, Tramore Road, Ballyphehane, Cork, T12 W6XN
- Kilkenny office: Unit 7, Block C, Newpark Shopping Centre, Kilkenny, R95 EYX7
- Email: privacy@panoptic.ie
What we collect and why
Information you give us
When you submit a contact form, book a discovery call, take the cybersecurity checklist, or subscribe to our newsletter, we collect the data you enter (typically name, email, phone, company, and your message). We use this only to respond to your enquiry, fulfil the service you requested, or send you the content you signed up for. The lawful basis is contract (Art 6(1)(b)) for service-related contact, or consent (Art 6(1)(a)) for marketing communications.
Information collected automatically
Our hosting provider (Vercel) records standard server logs: IP address, browser user agent, referring URL, request path, and timestamp. These logs are retained for diagnostic and security purposes for up to 30 days. Lawful basis: legitimate interest (Art 6(1)(f)) for security and abuse prevention.
Cookies and similar tracking technologies
We use cookies and similar storage to make the site work and, with your consent, to understand how it's used. Strictly necessary cookies are always on; everything else only loads after you opt in. You can change your choice any time: .
Cookies and trackers in detail
| Tracker | Category | Purpose | Lawful basis | Retention |
|---|---|---|---|---|
| CSRF token | Necessary | Prevents cross-site request forgery on form submissions. | Strictly necessary | Session |
| Cloudflare Turnstile | Necessary | Anti-bot challenge on contact and newsletter forms. | Strictly necessary | Session |
| Consent preference | Necessary | Remembers your cookie choices so we don't ask again. | Strictly necessary | 1 year (localStorage) |
| PostHog | Analytics | Product analytics — pageviews, clicks, form submissions, error tracking. | Consent | 12 months |
| Google Analytics | Analytics | Aggregate site usage statistics. | Consent | 14 months |
| Vercel Analytics | Analytics | Pageview counts and Core Web Vitals from real users. | Consent | 90 days |
| PostHog session replay | Session replay | Records mouse, scroll, and click activity (with form inputs masked) so we can debug user-experience issues. Off by default. | Consent | 30 days |
“Necessary” trackers do not require consent under the ePrivacy Directive Art 5(3) because they are strictly necessary for a service you have explicitly requested (e.g. submitting a form). Everything else requires your explicit, informed consent before it loads.
Where your data goes
We use the following processors. Each has a Data Processing Agreement in place with us, and each is committed to GDPR-compliant transfers (Standard Contractual Clauses where data leaves the EEA).
- Vercel (hosting, analytics, speed insights) — USA, with EU SCCs.
- PostHog (product analytics, error tracking, optional session replay) — EU region (Frankfurt).
- Google (Google Analytics) — USA, with EU SCCs and IP anonymisation enabled.
- Cloudflare (Turnstile anti-spam) — global edge network with EU SCCs.
- Resend (transactional email when you contact us or subscribe) — USA, with EU SCCs.
- Sanity (blog content management) — EU region.
Retention
- Form submissions and enquiries: kept for as long as needed to fulfil your request, plus up to 24 months for follow-up. You can ask us to delete sooner.
- Newsletter subscriptions: until you unsubscribe.
- Analytics events: 12 months in PostHog, 14 months in Google Analytics, 90 days in Vercel Analytics.
- Session recordings: 30 days, only if you opt in.
- Server logs: 30 days.
Your rights
Under the GDPR you have the right to:
- Access the personal data we hold about you
- Have inaccurate data corrected
- Have your data erased (the “right to be forgotten”)
- Restrict or object to processing
- Receive your data in a portable format and have it transmitted to another controller
- Withdraw consent at any time — doing so doesn't affect the lawfulness of processing before withdrawal
- Lodge a complaint with the Irish Data Protection Commission (dataprotection.ie) if you believe your rights have been breached
To exercise any of these rights, email privacy@panoptic.ie. We'll respond within 30 days.
How to withdraw consent
Click in the footer of any page to change your cookie preferences. Withdrawing analytics consent stops future data collection immediately; it does not retroactively delete events already collected with your consent. To erase historical data, email us at the address above.
Children
This site is intended for businesses. We do not knowingly collect data from children under 16. If you believe we have, contact us and we'll delete it.
Changes to this policy
We'll update this page when we change processors or what we collect. Material changes are reflected by a new “Last updated” date and, where the change affects consent categories, a fresh consent prompt.
Contact
Questions about this policy or your data: privacy@panoptic.ie or via our contact form.