Data Stewardship

Where does your data reside in a serverless architecture?

We don't store what we don't need. Our privacy policy is engineered for the same precision we demand in code: zero bloat, maximum clarity, and absolute transparency regarding the minimal data required to verify intent.

Quick Verify

We do not use tracking pixels, third-party cookies, or analytics that compromise user anonymity. Your visit is your own.

Request full audit log

The Data Protocol

Collection Scope

Cuiko.click operates as a static interface with dynamic intent. We collect strictly voluntary inputs via the Contact page: Name, Email, and Message. This data is routed directly to our encrypted email infrastructure. No databases are queried, no cookies are set, and no user profiles are constructed. The "latency" of your data's stay is instantaneous—it exists only in transit and in the inbox of our operations team.

Fig 1. The infrastructure we trust.

Storage & Encryption

Because we utilize a static site architecture, there is no backend database to secure. This eliminates the vector of database injection attacks entirely. Email correspondence is handled via TLS (Transport Layer Security) encryption. We do not retain backups of form submissions beyond the active conversation thread. Once a candidate or client engagement concludes, data is purged from our mail servers according to standard retention policies.

Third-Party Logic

We maintain a strict ban on external data sharing. We do not sell, rent, or trade email addresses. We do not utilize Google Analytics, Facebook Pixels, or heat-mapping tools. The only external requests this site makes are to fetch standard libraries (fonts, CSS frameworks) via secure CDNs. No behavioral data is synced with advertising networks.

Compliance Lens

GDPR Right to be forgotten is native to our architecture (deletion is the default state).
CCPA We do not sell data. Therefore, no opt-out is required.
ISO Communication protocols adhere to ISO 27001 standards where applicable.

Need a DPA?

For enterprise clients requiring a Data Processing Agreement, our legal team provides standard documentation.

Operational Risks & Mitigation

Even a static site is subject to user-side risks. Here is how we architect against common failure points in the recruitment data lifecycle.

Mistake: Over-sharing in Initial Contact

Users often paste proprietary code or sensitive project scopes into the initial contact form, creating an unencrypted data trail.

Mitigation

We automatically scrub metadata from email headers and advise using our secure PGP key for code snippets (available on request).

Mistake: Phishing via Spoofed Domains

Candidates may receive emails claiming to be from Cuiko but sent from generic domains (e.g., @cuiko-hr.com).

Mitigation

Official communication originates strictly from @cuiko.click. We never request sensitive credentials via email.

Mistake: Public Wi-Fi Submission

Submitting personal data (email/name) over unsecured public networks intercepts potential traffic.

Mitigation

Our site enforces HSTS (HTTP Strict Transport Security), ensuring your browser forces an encrypted connection regardless of network.

Mistake: Persistence Assumption

Assuming that data submitted is stored indefinitely leads to complacency in data hygiene.

Mitigation

We practice ephemeral storage. If we do not engage in a contract within 90 days of contact, the thread is cryptographically shredded.

The Trade-off Matrix

Privacy is a series of engineering choices. Here is what we sacrificed to prioritize your data security.

No "Save Progress"

The Downside: If you close the browser while writing a long message, your draft is lost.

THE FIX: We recommend composing in your local editor and pasting final text.

No Auto-Reply

The Downside: You won't receive an immediate "We got your email" bot response.

THE FIX: We read every submission personally within 4 hours. Human verify beats bot acknowledge.

No User Accounts

The Downside: You cannot log back in to view previous correspondence history.

THE FIX: We CC you on all outgoing correspondence for your own records.

No Tracking

The Downside: We don't know if you opened our email or how long you stayed on this page.

THE FIX: We focus on the clarity of this page. If you have questions, the burden is on us to answer them clearly here.

Still have questions about data?

Direct inquiry to our compliance lead. We respond with code-level detail.

Contact Us Email Direct