Privacy Policy
Last updated: 21 March 2026
1. Who We Are
EA Technology Consulting Ltd trading as Blankitt ("we", "us", "our") operates the following services:
- blankitt.com — marketing website
- draw.blankitt.com — IT infrastructure diagram editor
- portal.blankitt.com — customer portal for endpoint management
This policy explains how we collect, use, and protect your data across all three services.
2. What Data We Collect
Analytics Data
When you consent, we use Google Analytics 4 (GA4) to collect anonymised usage data including page views, device type, browser, and approximate geographic region. We also use Cloudflare Web Analytics, which is entirely cookie-free and does not collect personal data.
Account Data
When you create an account on draw.blankitt.com or portal.blankitt.com, we collect your email address, name, and password (stored as a salted hash). We never store passwords in plain text.
Diagrams & Projects
Diagrams created in Blankitt Draw are stored locally in your browser by default. If you choose to save to the cloud, diagram data is stored on our servers (Cloudflare D1). Diagrams may contain device names, IP addresses, and network topology that you enter.
Attribution Data
When you consent to analytics, we capture UTM campaign parameters and referrer information to understand how you found us.
3. Cookies & Similar Technologies
| Name | Purpose | Category | Duration |
|---|---|---|---|
| _ga | Google Analytics visitor ID | Analytics | 2 years |
| _ga_* | GA4 session state | Analytics | 2 years |
| _gid | GA4 session ID | Analytics | 24 hours |
| blankitt-consent | Your cookie preferences | Essential | Persistent |
| draw-auth-token | Authentication (Draw) | Essential | Session |
| token | Authentication (Portal) | Essential | Session |
| blankitt-draw-projects | Crash recovery | Essential | Persistent |
| draw-sidebar-width, draw-landing-theme, blankitt-theme | UI preferences | Functional | Persistent |
| utm_source, utm_medium, utm_campaign (sessionStorage) | Campaign attribution | Analytics | Session |
Cloudflare Web Analytics does not use cookies or collect personal data. It is loaded on all pages regardless of your cookie preferences.
4. How We Use Your Data
- Improve our products and user experience
- Understand aggregate usage patterns
- Provide and secure your account
- Communicate about your account or service changes
We do not sell your personal data to third parties.
5. Legal Basis for Processing (GDPR)
- Consent — Analytics cookies are only set after you actively consent
- Contract — Account data is processed to provide the service you signed up for
- Legitimate interest — Essential cookies for security and functionality
6. Your Rights (GDPR)
If you are in the EU, EEA, or UK, you have the right to:
- Access the personal data we hold about you
- Rectify inaccurate data
- Request erasure of your data
- Data portability (receive your data in a structured format)
- Restrict processing
- Object to processing
- Withdraw consent at any time via the "Cookie Settings" link in the footer
7. Your Rights (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know what personal information we collect and how it is used
- Request deletion of your personal information
- Opt out of the "sale" or "sharing" of personal information (we do not sell data)
- Non-discrimination for exercising your rights
8. Global Privacy Control
We honour the Global Privacy Control (GPC) browser signal. If your browser sends a GPC signal, analytics cookies will be automatically disabled without requiring further action from you.
9. Data Retention
- GA4 data: retained for 14 months (Google default)
- Account data: retained while your account is active. Deleted upon request.
- Cloud projects: retained while your account is active. Deleted upon request.
- Server-side analytics: IP addresses are hashed with SHA-256. Raw events retained for 90 days.
10. International Transfers
Your data may be processed by:
- Google LLC (United States) — for analytics
- Cloudflare Inc. (global network) — for hosting, analytics, and CDN
Both providers maintain appropriate safeguards for international data transfers.
11. Children's Privacy
Our services are not directed at individuals under 16. We do not knowingly collect data from children.
12. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via the website. The "last updated" date at the top reflects the most recent revision.
13. Contact Us
For privacy-related questions or to exercise your rights:
- Email: privacy@blankitt.com
- General enquiries: hello@blankitt.com