// Privacy

Privacy Policy

Effective July 16, 2026

What this policy covers

This policy covers this website — handcrafted.solutions. It explains what the site collects, why, and who else sees it.

It does not cover the work itself. Once you hire us, whatever you share during a site survey, an installation, or a service call — floor plans, camera placements, gate codes, network details, billing — isn’t covered by this policy. That’s part of the work we do for you.

The short version

  • This site is a set of pages and one contact form. No accounts, no logins, no database.
  • We use Google Analytics to count visits and see which pages — and which of our ads — bring people here. It sets cookies and reports your visit to Google. That’s the one tracker on this site.
  • We show no ads on this site, and we don’t sell your information. We do advertise on Google, so we measure when an ad click turns into an inquiry.
  • No session recording. No data brokers. No social media pixels.
  • Our Contact page also uses Cloudflare’s invisible spam check — opening that page shows Cloudflare your IP address, whether or not you submit anything.
  • If you fill out the contact form, it becomes an email in our inbox — nowhere else.

What we collect

The contact form. It asks for six things, and it won’t send until you’ve filled in all of them:

  • your name
  • your email address
  • your phone number
  • the service you’re interested in
  • your property type
  • your message

That’s what reaches us. Nothing else on this site asks you for anything.

Two anti-spam values. The form also sends a hidden field that a real person never sees or fills in, and a timestamp of when the form loaded in your browser (so we can spot submissions sent faster than a human could type). Both are used only to decide whether a submission is genuine. Neither is stored, and neither is passed on to anyone. If either says “bot,” we throw the entire submission away and no email is sent.

Your IP address. When you submit the form, our server passes your IP address to Cloudflare — where our host provides it — so Cloudflare can run its anti-spam check. We don’t store it, we don’t log it, and it is not in the email we receive. Cloudflare also sees your IP simply because you opened the Contact page — more on that below.

Visit statistics. Google Analytics runs on every page. It records the pages you view, the page you came from, your device and browser type, your approximate location (city level, derived from your IP address — Google states GA4 doesn’t log or store the address itself), and a random identifier stored in a cookie so it can tell returning visitors from new ones. If you arrived by clicking one of our Google ads, the click carries an ad-click ID that Analytics records, so we can tell which ads actually bring in work. None of this identifies you by name, and we see it only as aggregate counts.

Nothing else. No newsletter signup. No file uploads. No location, camera, or microphone — the site turns those browser features off outright and never asks for them.

Why we collect it

The form: to answer you. We use what you send to reply to your request, and if you want the work, to quote it and schedule it.

The analytics: to run the business sensibly. We look at which pages people read, which services get interest, and which of our Google ads lead to real inquiries — so we spend our ad budget on what works. We don’t use it to identify or follow individuals.

Submitting the form does not put you on a mailing list. This website has no mailing list, and it sends you no automated email — not even a confirmation. The only email your submission creates is the one that lands in our inbox.

Where your submission goes

When you press send:

  1. Cloudflare checks you’re a person. This sends a challenge token to Cloudflare, along with your IP address where our host provides it.
  2. If our spam checks fail, we discard it. It goes no further. No email is sent, and we contact nobody.
  3. If it passes, we email it to ourselves. Our server hands it to Microsoft’s Graph API, which sends it from our website mailbox (website@handcrafted.solutions) to contact@handcrafted.solutions — an address on that same mailbox. Your name, email, phone, property type, service and message are in that email. Your email address is set as the reply-to, so when we answer, the reply goes straight to you. There is no CC and no BCC.

A copy is also kept in that mailbox’s Sent Items. The website itself keeps nothing — there’s no database to keep it in.

Who else is involved

Four services touch this site. Here’s each one, and why.

Google — visit statistics and ad measurement, every page

Every page runs Google Analytics. The Analytics script itself is served from our own site, but the measurement data it gathers is sent by your browser directly to Google — so Google receives the visit data described above, along with your IP address, on each page you view. We use it for aggregate statistics and to measure our Google Ads campaigns — we advertise on Google; we don’t show ads here, and we don’t use Analytics data to advertise to you elsewhere. Google processes this data as described in the Google privacy & terms for partner sites. You can block Analytics entirely with Google’s own opt-out browser add-on — the site works identically without it.

Cloudflare — spam protection, Contact page only

Our contact form uses Cloudflare Turnstile, an anti-bot check that usually runs invisibly; you’d only see a challenge if Cloudflare thinks something’s off. Two things worth knowing:

  • Just opening the Contact page loads Turnstile from Cloudflare (challenges.cloudflare.com). Your browser connects to Cloudflare directly, so Cloudflare receives your IP address whether or not you ever submit the form.
  • When you submit the form, our server also sends your IP address to Cloudflare to validate the check, where our host provides it.

This happens on the Contact page and nowhere else. No other page on this site contacts Cloudflare.

Cloudflare says Turnstile processes signals such as your IP address, TLS fingerprint, and browser user-agent, and that its purpose “is not to identify, profile or target any individuals but solely to detect and block bots.” It’s spam protection — not analytics, not advertising. See Cloudflare’s Turnstile Privacy Addendum.

Microsoft — email delivery and storage

We use Microsoft’s Graph API to send contact form submissions to our own inbox, and Microsoft 365 to hold and read that email. The details you submitted are in the message Microsoft delivers and stores. See the Microsoft Privacy Statement.

Microsoft Azure — hosting

This site runs on Azure Static Web Apps. Like any web host, Microsoft’s servers receive what your browser sends to fetch a page: your IP address, your browser’s user-agent, and the page you asked for. That’s how the page reaches you.

We have not turned on request logging of any kind. That’s a choice, not a limitation — it means we do not collect, review, or keep your IP address or any record of your browsing here. What Microsoft keeps in its own platform logs, and for how long, is Microsoft’s to answer, not ours; we can’t access it and can’t control it. Same Microsoft Privacy Statement.

That’s the entire list. Beyond Analytics: no ad network serving ads here, no data broker, no error-tracking or session-recording tool, no social media pixel. Our fonts and icons are still served from our own domain — not from Google Fonts or any other content network.

Nobody uses this site to serve you ads or follow you around the web on our behalf. Two third parties do process visit signals for their own stated purposes: Google, as described above and in its partner-sites policy; and Cloudflare, which processes bot-detection signals when you open the Contact page — it states these are used solely to detect and block bots, and to improve Turnstile itself.

Links out. We link to our Google reviews, our Facebook page, and our LinkedIn page. They’re ordinary links — nothing loads from Facebook or LinkedIn unless you click. Clicking the reviews link sends them no referrer at all. Clicking Facebook or LinkedIn tells them you came from handcrafted.solutions, but not which page you were on.

Cookies

This site sets two cookies, both belonging to Google Analytics: _ga and _ga_ESWGDQD07H. They hold a random identifier — not your name, not your email — so Analytics can tell a returning visitor from a new one. They last up to two years, and clearing this site’s data in your browser removes them. Blocking them (with the opt-out add-on above, or any content blocker) breaks nothing.

That’s all. No advertising cookies, no session cookies, no login cookies — there’s nothing to log in to.

Two footnotes, because “cookies” aren’t the only thing a site can put on your device:

  • Your theme preference. The site saves one item in your browser’s local storage, under the key nuxt-color-mode, holding the display theme. It’s written automatically when a page loads. It holds no identifier and no personal information, it’s never sent to us or anyone else, and it isn’t used to track you. Clearing this site’s data removes it.
  • Reload recovery. If a page fails to load properly, or you leave a tab open across a site update, the site briefly writes nuxt:reload and nuxt:reload:state entries to your browser’s session storage so it can reload cleanly. They hold a page path, a timestamp, and — when recovering across a site update — the page’s own render state. Your browser discards them when you close the tab.

Cloudflare Turnstile sets no cookies on this site and stores nothing in your browser under our domain — we checked, including after it had completed a verification. What Cloudflare does on its own domain is covered by its Turnstile Privacy Addendum.

How long we keep it

The website keeps nothing. Once your submission is emailed, the site has no copy — there’s no database and no log.

The email is a different matter, and we’re not going to pretend otherwise. Your inquiry sits in our Microsoft 365 mailbox as ordinary business correspondence — the delivered message, plus the copy in Sent Items — and we keep it as long as we need it to answer you, quote the work, and support the job afterward. We’re not going to invent a number of days here that we don’t actually enforce.

If you want your inquiry deleted, ask us. We’ll delete it from our mailbox.

Your choices

There isn’t much to choose from, which is the point.

  • Don’t want to use the form? Call 801-876-6300 or email contact@handcrafted.solutions. Same people, same inbox.
  • Want your inquiry corrected or deleted? Email contact@handcrafted.solutions or call 801-876-6300 and tell us. We’ll fix it or delete the email. You don’t have to give a reason.
  • Don’t want to hear from us again? Say so, and we’ll stop.
  • Don’t want to be counted in our analytics? Install Google’s opt-out add-on, or use any ad/content blocker — most block Analytics by default. The site works identically either way, form included.
  • Want the cookies and theme preference off your device? Clear this site’s data in your browser.
  • Do Not Track. Your browser may send a Do Not Track signal. We don’t respond to it, and honesty requires saying so plainly: Google Analytics runs whether or not that signal is set. If you want to be sure you’re not counted, use the opt-out or a blocker above — those actually work.

Security

  • No accounts, no passwords, no customer records stored on this website. There’s no database here to breach.
  • Every page is served over HTTPS.
  • The site can’t reach your camera, microphone, or location. We’ve disabled those browser features for this site, and nothing on it asks for them.
  • Your inquiry lives as email in our Microsoft 365 tenant, protected by Microsoft’s infrastructure and our own account controls.
  • The credentials the site uses to send that email are stored as protected settings on our host — never in the code, never in the pages we send to your browser.

No website can promise perfect security, and we won’t. What we can say is that we kept the attack surface small on purpose. The less we hold, the less there is to lose.

Children

This site is for property managers, HOA boards, and business owners hiring low-voltage security and networking work. It isn’t directed at children and holds nothing of interest to them. We don’t ask anyone’s age, and we don’t knowingly collect information from anyone under 13. If we learn we’ve received a child’s information through the form, we’ll delete it.

Changes to this policy

If we change this policy, we’ll post the new version on this page and update the effective date at the top. If a change materially affects how we handle your information, we’ll say so here plainly rather than quietly swapping the text.

July 16, 2026: we added Google Analytics. Earlier versions of this page said the site had no analytics and set no cookies; both were true then and aren’t now. The “short version”, “What we collect”, “Who else is involved”, “Cookies”, and “Your choices” sections above describe exactly what changed.

Contact us

Questions about this policy, or about anything we hold on you:

Handcrafted Solutions
Eagle Mountain, Utah
contact@handcrafted.solutions
801-876-6300

We’d rather you asked than wondered.