junctional.io
EN-GB EN-US View on GitHub

Legal Privacy Policy

Last updated: 7 May 2026

Who we are

junctional.io is operated by Tetron Limited ("Tetron", "we", "us"), a company registered in England and Wales (company number 07749907) with a registered office at Kemp House, 160 City Road, London EC1V 2NX, United Kingdom. Tetron is the data controller for personal data processed through this website.

Tetron Limited is registered with the UK Information Commissioner's Office, registration number ZB148760.

For any privacy-related query, contact us at [email protected].

What this policy covers

This policy explains what personal data we collect when you visit junctional.io, why we collect it, who we share it with, and your rights under UK GDPR and the Data Protection Act 2018.

It applies only to junctional.io. It does not cover Tetron's product JIM (Junctional Identity Manager), which you deploy and operate on your own infrastructure; for that, your own organisation is the data controller.

A short summary

We have deliberately kept the privacy footprint of this site small.

  • We collect your email address only if you choose to subscribe to product updates.
  • Our analytics is self-hosted, cookieless, and anonymous. We do not know who you are.
  • We do not use third-party fingerprinting and we do not sell your data.
  • Marketing cookies (such as LinkedIn) only fire after you give explicit consent through our cookie banner. You can change your preferences at any time.

The rest of this policy explains the detail.

What we collect, and why

Newsletter subscriptions

If you subscribe to product updates, we collect:

  • Your email address
  • The date and time of subscription
  • Confirmation that you opted in (a double opt-in email is sent and we record the confirmation)

The signup form is provided by Mailjet, our email service provider. When the form loads, Mailjet may set technical cookies in your browser and process your IP address as part of delivering the form. Mailjet acts as our data processor under a written agreement.

  • Lawful basis: your consent. You can withdraw it at any time by clicking unsubscribe in any email we send.
  • Retention: we keep your email address for as long as you remain subscribed, plus 30 days after unsubscribe to honour the unsubscribe request and resolve any related queries.

Direct contact

If you email us at [email protected] (general enquiries) or [email protected] (privacy-related queries), or use a mailto link on the site, we receive your email address, any name you have set on your account, and the contents of your message.

  • Lawful basis: legitimate interests in responding to your enquiry and, where applicable, taking pre-contractual steps with you as a prospective customer or partner.
  • Retention: we keep correspondence for as long as needed to handle your enquiry and any follow-up; commercial enquiries and pre-contractual records are retained for up to 6 years, in line with the UK Limitation Act 1980.

Analytics

We use Umami, self-hosted on our own infrastructure, to understand which pages are visited and how the site is performing. Umami is cookieless: it does not set cookies, does not fingerprint your browser, and does not track you across sessions or websites. What we see is anonymous and aggregated (page paths, referrers, country derived from IP without storing the IP, browser family).

  • Lawful basis: legitimate interests in understanding aggregate site usage. Because no personal data is processed, no consent is required under UK PECR.
  • Retention: aggregated analytics data is retained indefinitely; no personal data is stored in the first place.

Hosting and content delivery

The site is hosted on OVHcloud servers located in the United Kingdom. Standard web server logs (IP address, request URL, user agent, response status) are retained for security and operational purposes. These logs are not used to profile or track individual visitors.

  • Lawful basis: legitimate interests in site security, debugging, and abuse prevention.
  • Retention: typically 30 days, after which logs are deleted.

Cloudflare

We use Cloudflare in front of the site for DNS resolution, content delivery, and bot mitigation. When you visit junctional.io, your request first passes through Cloudflare's global edge network before reaching our origin server.

To deliver these services, Cloudflare may set strictly necessary cookies in your browser, including:

  • __cf_bm – Cloudflare's bot management cookie, used to distinguish humans from automated traffic. Typically expires within 30 minutes of inactivity.
  • cf_clearance – set only if you are challenged and pass a security check, to remember that result for the rest of your session.

These cookies are essential to the security and integrity of the site. They do not track you across other websites, are not used for advertising, and cannot be disabled without breaking the site's security posture. Under UK PECR they fall under the strictly necessary exemption and do not require consent.

Cloudflare also processes your IP address transiently to route traffic and enforce rate limits. We do not store these IP addresses ourselves beyond the standard server log retention noted above.

Cookies and similar technologies

We use a cookie consent banner to manage non-essential cookies on junctional.io. The banner appears the first time you visit and gives you three choices of equal weight: Accept all, Reject all, or Customise to set preferences per category. You can change your choices at any time using the Cookie preferences link in the footer.

Your consent choice is remembered for 12 months. After that period, the banner will appear again so you can confirm or update your preferences. We do not pre-tick any non-essential category.

We group cookies into two categories.

Strictly necessary (always active)

These cookies are essential to the site's security, basic operation, and your ability to record a consent choice. They are set without consent under the UK PECR strictly necessary exemption and cannot be disabled.

  • __cf_bm (Cloudflare): bot management, expires within 30 minutes of inactivity.
  • cf_clearance (Cloudflare): records that you have passed a security challenge, set only if you are challenged.
  • cc_cookie (junctional.io): records your cookie consent choice so we don't ask again for 12 months.

Marketing (consent required)

These cookies help us measure the effectiveness of our marketing campaigns on third-party platforms. They are blocked until you accept this category.

  • LinkedIn Insight Tag: measures conversions and audience characteristics for our LinkedIn campaigns. Sets cookies including bcookie, lidc, and UserMatchHistory. Data is shared with LinkedIn (Microsoft Ireland Operations Limited) under their own privacy terms.

Cookies set by our newsletter signup widget

The newsletter signup form on this site is provided by Mailjet, our email service provider. When the form loads, Mailjet sets technical cookies in your browser that are required for the form to function and to track double opt-in confirmation. These cookies are set whether or not you interact with the form, because the form is embedded directly in the page.

These cookies are not used to track you across other websites or to build a marketing profile of you. They exist solely to operate the newsletter signup. If you would prefer they are not set, you can use your browser's controls to block third-party cookies or to block the Mailjet domain (mjt.lu).

If we add new cookies to any category, we will update this policy and may re-prompt for consent where required.

Who we share your data with

We share personal data only with the processors we need to run this site:

Processor Purpose Location
Mailjet (Sinch group) Newsletter form, double opt-in, email delivery EU (France)
OVHcloud Website hosting and server logs United Kingdom
Cloudflare DNS resolution, content delivery, bot mitigation Global (edge network)
LinkedIn (Microsoft Ireland) Marketing measurement and audience targeting (only if you consent to marketing cookies) EU/Global
Microsoft 365 Business email handling EU/UK

We do not sell your data. We do not share it with advertising networks. We do not use it for profiling or automated decision-making.

International transfers

Most of our processors are based in the UK or the European Union. Where data is transferred outside the UK (for example, through Cloudflare's global edge network), we rely on the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, or an applicable adequacy decision, as appropriate.

International visitors

junctional.io is operated from the United Kingdom and Tetron's processing of personal data is governed by UK GDPR and the Data Protection Act 2018. The protections described in this policy apply to all visitors, regardless of where you are located.

If you are visiting from the United States, you may have additional rights under state laws such as the California Consumer Privacy Act (CCPA/CPRA), the Virginia Consumer Data Protection Act (VCDPA), or similar legislation. Where those laws apply to our processing, we will honour the rights they grant you. To make a state-specific request, email [email protected] and tell us which jurisdiction's rights you are exercising; we will treat the request the same way we treat a UK GDPR subject access request.

We do not sell personal information as that term is defined under US state privacy laws, and we do not share personal information for cross-context behavioural advertising.

Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Erase your data (the "right to be forgotten")
  • Restrict or object to processing
  • Receive your data in a structured, machine-readable format (data portability)
  • Withdraw consent at any time, where we rely on consent (for example, the newsletter)

To exercise any of these rights, email [email protected]. We aim to respond within one calendar month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have mishandled your data: https://ico.org.uk/concerns/ or by telephone on 0303 123 1113.

External links

junctional.io contains links to external services including GitHub, LinkedIn, X (formerly Twitter), and our parent company site tetron.io. We do not control those sites and are not responsible for their content or privacy practices. Following one of those links sends you to that site, where that site's privacy policy applies.

Changes to this policy

We may update this policy from time to time. The "last updated" date at the top reflects the most recent change. Material changes will be communicated to newsletter subscribers by email.

Contact

For any privacy-related question, including subject access requests:

Tetron Limited
Kemp House, 160 City Road
London EC1V 2NX
United Kingdom
[email protected]