Document status
This policy describes the current website implementation and may be updated as the site, providers, or contact workflow change. It is provided for public transparency and is not legal advice.
1. Scope
This policy applies to the public Kandefer Group website and the contact form available on the site.
It does not describe separate product websites, customer systems, or third-party services that may have their own privacy terms.
2. Information collected through the contact form
When a visitor submits the contact form, the site collects the submitted full name, work email address, organization or publication when provided, inquiry type, and message.
The form also processes limited technical information needed to protect and operate the submission flow, such as request metadata, a bot-protection token, and a rate-limit identity derived from request headers.
3. Security and abuse prevention
The contact flow uses Cloudflare Turnstile to help distinguish legitimate submissions from automated or abusive activity.
The contact endpoint uses application-level rate limiting backed by Upstash Redis or an equivalent production configuration. Cloudflare edge controls may also be used in front of the application.
These controls are used to protect site availability and reduce misuse. They are not guarantees that every abusive request will be blocked.
4. Email delivery and service providers
Validated contact inquiries are delivered using Resend and routed to Kandefer Group's Google Workspace email infrastructure for review.
If acknowledgement emails are enabled, the submitter may receive a short confirmation email. The acknowledgement does not include the full submitted message.
Kandefer Group may use hosting, security, email, and infrastructure providers as necessary to operate the website and contact workflow.
5. Storage, retention, and protection
The application does not store contact submissions in its own database.
Submitted inquiries are transmitted through HTTPS and provider infrastructure. Protection at rest is managed by the relevant providers, such as hosting, email delivery, rate-limiting, and email workspace services.
The site does not claim custom application-level encryption for stored inquiry content. Operational logs are intended to stay minimal and should not include full submitted messages, secrets, API keys, or raw verification tokens.
6. Use of inquiries and updates
Contact information and message content may be used to review, route, and respond to inquiries, maintain the contact workflow, and protect the website from misuse.
Kandefer Group does not publish a response-time commitment through this website and may choose not to respond to inquiries that are not relevant, appropriate, or actionable.
This policy may be updated as the website, provider configuration, or operational practices change.