Privacy policy

Return to index

Last updated: 26 March 2025

18 August 2023 was the last update, and the only change made on 26 March 2025 was to remove the verbiage about cookies/PHP, because the new Minifree website as of this date is purely static HTML (orders processed entirely via email). This policy will be changed again if necessary, if the situation changes.

And now, the policy:

Minifree Ltd (Registered in England, No. 9361826) is responsible for management of data provided by a customer, or otherwise anyone who contacts Minifree Ltd, and every step is taken to ensure that this data is handled securely; this includes things like customer name, address, telephone number and so on, when placing an order on the website. Minifree Ltd operates from England, in the United Kingdom, and it is a legal entity there.

Any data that is held by Minifree is held for the amount of time required by British law, and you have the right at any time to request a copy of all data that Minifree Ltd holds about you. You give consent to Minifree Ltd holding any such data, when you provide it; you also have the right to withdraw such consent, and request deletion of said data; however, Minifree also still need to hold onto to certain data for things like tax returns, for a minimum period of time under British law. So, Minifree will honour deletion requests when it is legal to do so, and no sooner than that.

It is not the policy of Minifree Ltd to share any data, under any circumstances, with any party, unless required to by law (the exception is for shipping companies, when shipping an order; see below); and only by court order, or otherwise if required legally to do so (for example, filing of tax returns to HMRC, the UK tax authority). Of course, Minifree Ltd is a British company and has to pay taxes, so at least the British government may be able to know certain information. Minifree submits micro accounts because it is only a small company, so very little information is ever made available publicly on Companies House (essentially just information about Minifree’s overall assets/liabilities).

Regarding cookies: there are no cookies. We party like it’s 1999. As of 26 March 2025, a new website replaced the old one. The old one was a WooCommerce site, which heavily used cookies, PHP, JavaScript, you name it. The new website is purely static HTML, and orders are processed manually via email. This paragraph will be changed in the future, if this situation changes (for example if Minifree adopts use of a payment processor such as Stripe).

This fact, in the previous paragraph, is extremely relevant for privacy policy purposes, as it pertains to internet security. Since Minifree’s website is no longer running any sort of database on it, that is one more attack vector removed. Minifree does run an internal database, for customer orders, but none of that is accessible from any of Minifree’s internet-facing servers.

An exception to sharing of data is as follows: when Minifree Ltd ships your order, your name, address (for shipping), email address and telephone number is supplied to a shipping company. Minifree alternates, depending on country, between these couriers, at this present time (as of 18 August 2023): DPD (rarely), UPS, DHL, Fedex. These are selected via the company at address: interparcel.com (website) – on interparcel, it’s possible to select between various couriers as listed here on this page. That means interparcel will also hold such data, for a certain period of time as required.

WEB HOSTING: Minifree Ltd’s website, https://minifree.org/, is not hosted under any outsourced third party hosting provider. The company director of Minifree Ltd, Leah Rowe, self-hosts the server from a lab used by Minifree Ltd. This is done securely, encrypted, on a securely configured machine with ports blocked from outside such as SSH, with measures taken generally to prevent unauthorized access. This is done, precisely to avoid the inherent security risk of outsourced web hosting services. Minifree Ltd email is also self-hosted. That means: any data you send to Minifree, any email you send, absolutely anything at all, is hosted on a server that only Minifree Ltd has any access to. Minifree Ltd takes security extremely seriously, and it’s specifically for security reasons that Minifree Ltd infrastructure is self-hosted in this way. (also freedom. when you run the server yourself, you have freedom over your hosting and how it’s implemented)

Minifree not only blocks ports, but whitelists ports such as SSH, so it’s extremely unlikely that anyone other than the owner(s) of Minifree Ltd would ever have access to Minifree Ltd servers.

Minifree Ltd servers are physically secured, in a way to greatly diminish the chance of physical intrusion. Heavily under lock and key (several locks, and several keys, in a secure building), and cameras are used internally at Minifree’s lab. These cameras are not based on proprietary technology, they are under Minifree’s control exclusively. We don’t use any cloud-based solutions for that, because those are inherently insecure. There is no cloud, only other people’s computers!

Minifree Ltd will of course delete any data it holds, even without being asked to, when that is legally permitted and when the information is no longer required as part of any contract and/or provision of goods/services.

If you have any questions, you can contact Minifree Ltd and best efforts will be made to answer them.

ENCRYPTION: All access to the Minifree website is done only by TLS encryption (https://). Absolutely all of it. Non-encrypted http:// is not permitted in Minifree Ltd’s web server; an automatic HTTP to HTTPS redirect is in place, and the server also enables HSTS (HyperText Strict Transport Security). Minifree Ltd email can also be encrypted; a GPG key is listed on the contact page, for end to end encrypted email communication between you and the company.

ALSO: Minifree Ltd is signed up to Information Commissioner’s Office and renews this every year. The ICO regulates data protection and data handling by companies in the UK.

tl;dr Minifree Ltd takes privacy and security very seriously. In fact, this is the precise purpose of the company, to provide secure, privacy-respecting computing devices to customers, so of course we also take our own security seriously. If you have any concerns, you can always contact Minifree Ltd. If you have any questions, or complaints, please contact Minifree Ltd and your queries will be dealt with as quickly and efficiently as possible.

Markdown file for this page: https://minifree.org/privacy.md

Site map

This HTML page was generated by the Libreboot Static Site Generator.

How to order: please email Minifree your name, address and telephone number; say what you want and an invoice will be provided, with payment instructions.