Privacy Policy

Last updated: 2 May 2026

This policy describes how Leashed (“we”, “us”) processes personal data when you use our public website and related services. We process data in line with applicable law, including the EU General Data Protection Regulation (GDPR) where it applies.

1. Data controller

Leashed
Tagensvej 16A
2200 København
Denmark
Contact: contact@leashed.dk

2. Scope

This policy applies to information processed through our marketing website (including pages served via Cloudflare Pages, for example under leashed.dk or related hostnames). The site is primarily informational. There is no user login or customer account on this marketing site itself.

3. Data we process when you browse the site

When you load pages, technical data is processed so the site can operate. Our hosting provider Cloudflare handles requests and may process data such as IP address, HTTP headers, timestamps, and security-related signals as described in Cloudflare’s privacy policy. We do not run first-party advertising or analytics trackers on this site that profile you across the web.

Third-party assets (for example fonts or scripts loaded from CDNs) may process technical data according to those providers’ policies.

4. Cookies and similar technologies

We do not use first-party cookies for advertising or analytics on this marketing site. Essential or technical mechanisms may still apply through our host or your browser (for example security or session routing via Cloudflare). You can control cookies through your browser settings.

5. Client onboarding form and uploads

If you use our client onboarding flow (web form), you provide business contact details and may attach files. We process this information to assess your request and to engage with you about services.

5.1 Categories of data

• Company name, contact name, work email, phone (optional), company identifier (e.g. CVR) if you provide it
• Free-text message and language/locale
• Files you attach (e.g. PDF, Office documents, images), within the types and limits stated on the form
• A server-generated submission identifier associated with your upload batch

5.2 What we do with it

• Storage: Files and associated metadata are stored in Cloudflare R2 (object storage) under paths scoped to your submission. Access is restricted to what we need to operate the service.
• Email notification: We send a transactional email to our internal mailbox via Resend, containing the details you submitted and references to stored files. Resend processes the content needed to deliver that message; see Resend’s privacy policy. The submitter’s email may be used as reply-to so we can respond directly from our mail client.

5.3 Legal bases (GDPR)

We rely on Article 6(1)(b) GDPR (steps prior to entering into a contract / performance at your request) and/or Article 6(1)(f) GDPR (legitimate interests in handling serious business enquiries and onboarding materials), balanced against your rights.

5.4 Retention

We retain onboarding materials only as long as needed for evaluating and starting an engagement, and longer where required by law or a contract. When retention ends, we delete or anonymise data in line with our internal routines. For specific deletion requests, contact us at the email below.

6. Recipients and processors

We use carefully selected suppliers who process data on our instructions:

• Cloudflare, Inc. — hosting, Pages Functions (API route for onboarding), R2 storage, and related security and delivery services (may involve processing outside Denmark; Cloudflare provides appropriate safeguards such as standard contractual clauses where relevant).
• Resend — outbound transactional email delivery.

We do not sell your personal data. We may disclose information if required by law or to protect our rights.

7. International transfers

Some providers may process data in the United States or other countries. Where required, we rely on appropriate safeguards (e.g. EU Commission standard contractual clauses or adequacy decisions).

8. Your rights

Depending on applicable law, you may have the right to access, rectify, erase, restrict processing, object, data portability, and to lodge a complaint with a supervisory authority (in Denmark, the Danish Data Protection Agency — Datatilsynet). To exercise rights regarding data from the onboarding form, contact us at contact@leashed.dk.

9. Security

We use technical and organisational measures appropriate to the risk (including encrypted connections where applicable and access limits on storage). No online transmission or storage is completely risk-free.

10. Children

Our services are aimed at businesses and professionals. We do not knowingly collect personal data from children for marketing purposes.

11. Changes

We may update this policy from time to time. The “Last updated” date will change when we do. Material changes may also be indicated on the website where appropriate.

12. Contact

Questions about this policy or your personal data:
contact@leashed.dk