What we collect, why, and how to ask us to delete it.

If you fill out the contact form, we get the message. That is all.

We do not run analytics, advertising pixels, retargeting, or any third-party tracking on this site. We do not set cookies. We do not sell, rent, or share your information with anyone for marketing purposes. The only data we have about you is what you typed into the contact form, plus a small amount of technical information your browser sends automatically with any web request.

If you want your data removed at any time, email [email protected] and ask. There is no form to fill out and no waiting period.

Pharos Lumen is operated by Gabriel Gonzalez Brito.

Pharos Lumen is a single-operator systems and architecture practice based in Charlotte, North Carolina. Gabriel is the sole person who reads, processes, or acts on anything submitted through this site. If you have any question about this policy, what we know about you, or how to change or delete it, the contact point is [email protected].

Only the contact form, plus the technical headers every web request sends.

When you submit the contact form on pharoslumen.com, we receive and store the fields you filled in:

• Name - so we know how to address you in a reply.
• Email address - so we can reply.
• Company - so we can understand the context of the problem.
• Company size - the range you selected from the form's dropdown.
• Area of interest - which of the three service lines you selected.
• Your message - the free-text description of the problem you want to talk about.

Alongside the form data, our server records a small amount of technical metadata that every web request includes by default:

• The page you submitted from (e.g. the home page contact section, or the floating "Contact Us" pill).
• Your browser's user-agent string (the standard identifier that every browser sends, e.g. "Chrome on Windows 11").
• The hostname of the request (always pharoslumen.com or a related subdomain).
• A timestamp.

Our hosting provider, Cloudflare, may also log your IP address in their infrastructure-level access logs for security and abuse prevention. We do not store your IP in our own database, and we do not look at the Cloudflare logs unless we are diagnosing a suspected security issue.

That is the complete list. We do not collect financial information, government identifiers, health information, or anything else not listed above. The contact form is the only ingestion surface on the site.

To reply, to qualify the conversation, and to keep a working record of the inquiry.

Everything we collect serves one of three purposes:

• Respond to your inquiry - we need a name and email to write back.
• Qualify the engagement - the company, size, and interest fields help us know in advance whether the problem you are bringing matches what we actually do well. If it does not, we say so on the first call and point you toward someone better suited.
• Maintain a pipeline record - we keep an internal record of who has reached out so a later conversation can pick up where the previous one left off. This is normal consulting CRM hygiene; we do not use the record for marketing.

The legal basis for processing this information is our legitimate business interest in responding to a business inquiry that you initiated. We do not process your data for any purpose you did not implicitly consent to by submitting the form.

Gabriel, and a small set of named infrastructure providers.

The only human who reads inquiries is Gabriel. We do not have employees, contractors, or marketing partners. We do not share your submission with anyone for any reason other than the providers below, who store the data on our behalf as part of the technical infrastructure that runs the site:

• Cloudflare - hosts the website (Cloudflare Pages), stores the contact submissions in Cloudflare D1 (a US-region SQLite database), and forwards email sent to the pharoslumen.com domain. See Cloudflare's privacy policy.
• GitHub - our internal pipeline automatically creates a private prospect-profile file in a private GitHub repository when a new inquiry comes in, so the inquiry is not lost if a single system fails. The repository is private and accessible only to Gabriel. See GitHub's privacy statement.
• Discord - we send a small notification (the inquirer's name, company, and a short message preview) to a private Discord channel that only Gabriel can see, so an inquiry triggers a phone push. The full submission is never posted to Discord, only the notification preview. See Discord's privacy policy.

As long as the conversation is active. After that, we delete it on request.

There is no automatic deletion schedule for contact submissions because a single-operator practice may legitimately want to remember a conversation from months ago. In practice:

• Active inquiries - we keep the record while the conversation is ongoing and through any resulting engagement.
• Closed or non-responsive inquiries - we keep the record so a later return inquiry can be picked back up with the right context.
• On request - we delete your record from our database, from the backup GitHub repository, and from the Discord notification (where possible) within a reasonable period of receiving an email asking us to.

Cloudflare's own infrastructure logs follow Cloudflare's retention schedule, which is independent of our database. If you need those purged, the request must go to Cloudflare directly.

HTTPS in transit, private storage at rest, single-operator access.

Every form submission travels over HTTPS. The database is stored inside Cloudflare D1 with access restricted to credentials held only by Gabriel. The backup GitHub repository is private. There is no shared dashboard, no employee access, and no third-party tool that can read submission data.

No system is perfectly secure, and we will not pretend otherwise. If we ever become aware of a security incident affecting your data, we will notify the affected people by email as quickly as we can confirm the scope.

Ask, and we will do it.

You can email [email protected] and ask us to do any of the following:

• Tell you what we have on file about you.
• Correct anything inaccurate.
• Delete your record.
• Stop reaching out to you (we will not send any further messages, and your contact information will be marked do-not-contact in the pipeline).

If you live in a US state with its own privacy law (California, Virginia, Colorado, Connecticut, Utah, Texas, and others), and that law grants you specific rights, we will honor those rights in good faith whether or not the law's revenue thresholds technically require us to. The simplest path is to email and ask. We are small enough that a real person reads every request.

We do not require you to create an account or verify your identity through any third-party system to exercise these rights. We will use the email address on file to confirm the request came from you.

This site is not directed at anyone under 16.

Pharos Lumen is a B2B systems and architecture practice. The contact form is intended for business decision-makers. We do not knowingly collect information from anyone under 16, and we have no use for it if we receive it. If you believe a minor has submitted information through this site, email us and we will delete it.

We operate in the United States. We do not target visitors outside it.

Pharos Lumen serves US-based businesses. We do not market to the European Union, the United Kingdom, or other regions with their own data protection regimes, and we do not run targeted advertising or behavioral tracking that would extend those regimes to us. If you are visiting from outside the United States and choose to submit the contact form, your information will be stored on US-region infrastructure (Cloudflare's US data centers and GitHub's US infrastructure), and it will be handled under this policy.

If you would prefer that we not store your submission and instead reply to you and immediately delete the record, say so in your message and we will do that.

When the site changes in a way that affects data, this page changes with it.

If we start using a new infrastructure provider, add a feature that collects new information, or change how long we keep records, we will update this policy and update the effective date at the top of the page. We do not version-bury changes inside the policy. If a change is material (new collection, new sharing, new retention), we will surface a notice on the home page banner area for a reasonable window.

If you want to be told personally about material changes, email us and ask to be on a one-line "policy changes" notification list. We will only use that list for that purpose.