Red Kestrel Consulting Limited ("we," "us") is committed to protecting your data. This policy explains how we collect and use your information when you use our website, in line with the UK General Data Protection Regulation (UK GDPR). By using this site, you acknowledge and accept this policy. Where we rely on Consent for specific data collection (such as marketing or non-essential cookies), we will ask for your explicit, unambiguous permission at the time of collection. We may change this policy. By using this site or our products, you agree to the policy and any subsequent changes. This policy was last updated on 23 October 2025.
| Data Controller: | Red Kestrel Consulting Limited |
|---|---|
| Contact Email for Privacy Issues: | [email protected] |
We collect different types of data, but we will not sell, distribute, or lease your personal information to third parties unless legally required to do so.
When you browse our site, we automatically collect non-identifiable data solely for statistics and service improvement. Our Lawful Basis for this is Legitimate Interest (to maintain a secure and effective website).
If you request a trial, fill out a form, or buy a product, we collect specific information to fulfill your request.
For Free Trial / Web Forms:
Lawful Basis: Legitimate Interest. Our legitimate interest is to process and manage your specific request for a free trial or information, and to ensure we can communicate necessary service details related to that request.
For Product Purchases:
Lawful Basis: Performance of a Contract.
When you use our free online CSR/Certificate Decoder or SSL Checker, we automatically log information specifically to investigate errors and improve service stability.
Data Collected: In the event of an error or operational failure, we may log the input data (CSRs, Certificates, hostnames, etc.) and related server diagnostics that led to the error.
Purpose: The sole purpose of this collection is to investigate and fix technical problems, ensure service security, and continuously improve product functionality.
Lawful Basis: Legitimate Interest. Our legitimate interest is to maintain an effective, secure, and reliable free service for the benefit of all users.
We NEVER sell or give this information to third parties unless legally required to do so.
Our Core Commitment: Our licensed software products, including SslDecoder and CertAlert, are designed to run entirely within your local environment or private network.
SslDecoder: The product itself NEVER sends any data over a network, including Certificate Signing Requests (CSRs), Certificates, private keys, or the decoded information.
CertAlert: This tool runs on your private network, scans machines as configured by you, and writes reports of certificates found to disk. No certificate data is transmitted outside your organization unless you explicitly configure the tool to send email reports to external addresses.
All cryptographic material and scanned data remains strictly within your controlled environment.
Data for Support and Improvement (User-Initiated): Since these tools process data locally, we do not automatically receive usage data or error reports. If you experience a technical issue and decide to contact us for support, we may ask you to voluntarily share the specific failed cryptographic object, error logs, or specific non-personal diagnostic logs to investigate and fix the problem.
The decision to share any internal data with us, and what is included, rests entirely with you, the user.
Any data voluntarily shared with us for support purposes (e.g., error logs or failed cryptographic objects) is processed based on Legitimate Interests and Performance of a Contract. This voluntary support data is never given to third parties.
We do not use cookies. If we decide to use non-essential cookies in the future, we will update this policy and ask for your consent first. Note that any affiliate links you click may use cookies as dictated by the external site.
We use Cloudflare, Inc. ("Cloudflare") as a content delivery network (CDN) and security provider. Cloudflare processes user traffic to our website to improve performance and security, such as mitigating DDoS attacks and caching static content. As part of this service, Cloudflare may collect information such as IP addresses, security fingerprints, and system configuration information. This processing is based on our legitimate interest in providing a fast and secure website. For more information on Cloudflare's privacy practices, please see the Cloudflare Privacy Policy.
As a data subject under UK GDPR, you have the right to control your personal information. You can contact us to exercise the following rights:
If you believe we have handled your data poorly, you have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner's Office (ICO).