Contact and project details
Name, email, optional phone number, the requested work, timing, and the message you choose to send. We use this to assess and reply to the enquiry.
Privacy, data & security
Tecknomancy protects its own house and builds client systems so that business data, payment accounts, and operational control remain clear.
Privacy notice
Tecknomancy is operated by Piergiulio Bariatti, trading as Tecknomancy. For the Tecknomancy website, enquiries, and Tecknomancy account area, Tecknomancy is the data controller.
For privacy questions or requests, use the . Last updated: 24 June 2026.
When we build or manage a client system, the client normally decides why and how their customers’ information is used. The client remains the data controller for that business data; Tecknomancy provides agreed technical services and support.
Information we handle
We minimise what is collected and do not ask for sensitive information in a first project enquiry.
Name, email, optional phone number, the requested work, timing, and the message you choose to send. We use this to assess and reply to the enquiry.
Username, email, optional phone number, password hash, account-verification details, and security-related timestamps. Where a registration security event needs investigation, we may also record the remote IP address supplied by the web server, the event type, and its time. Passwords are never stored in readable form.
Bookings, orders, customer records, staff access, or reporting information only where a client system needs it and the client has agreed the scope and responsibilities.
Why information is used
We use information to reply to an enquiry, create and protect an account, deliver or support agreed work, keep necessary business records, prevent misuse, and meet legal or accounting duties.
Depending on the work, the lawful basis is usually steps toward a contract or performance of a contract, legitimate interests in operating and securing the service, consent for optional communications where required, or a legal obligation.
We do not sell personal information or use a project enquiry as a licence to add someone to marketing.
Access is limited to the people and suppliers needed to run, support, secure, or legally account for the service.
Hosting, email, database, backup, and payment providers may process data only as needed to provide their part of the service.
Where a provider processes information outside the UK, the relevant safeguards and provider terms are considered before that provider is used for the agreed service.
How information is protected
The Tecknomancy account and enquiry flows use encrypted transport on the live site, password hashing, verification and reset controls, CSRF checks, secure cookie settings, session rotation and expiry, server-side rate limiting, protected configuration, and access-controlled runtime data. Registration safeguards may create a limited account-security record where there is a failed security check or a completed registration, so we can prevent and investigate misuse. We continue to review the controls as the system grows.
Passwords are hashed, email confirmation is required, reset links are single-use and time-limited, and account attempts are throttled.
Secrets, credentials, and operational runtime data stay outside public pages or behind server-side access rules.
If an issue is identified, we investigate, contain it, and work with affected clients on the steps required for their system and legal responsibilities.
Ownership & payments
A payment-enabled system is designed around the client’s own merchant relationship and operational needs.
Client content, customer records, orders, and permissions belong to the client’s business. Tecknomancy keeps reusable, non-client-specific TecknoCore components and development methods.
Where payments are in scope, the client opens and owns the provider account. SumUp, Stripe, PayPal, Square, or another suitable provider can be assessed against the project—not selected by hidden default.
Systems are designed so card details go to the chosen payment provider rather than being sent to Tecknomancy. Orders, payment status, refunds, and fulfilment rules are built and tested as agreed.
Important: a payment connection is never just a button. Provider approval, merchant-account terms, delivery or refund rules, tax handling, webhooks, testing, and the client’s operating process are agreed before a payment feature goes live.
Your rights
Subject to applicable law, you can ask for access to personal data, correction, erasure, restriction, objection, or portability, and withdraw consent where consent is the basis. Tecknomancy account holders can download their profile information and delete the account from their account page.
For information in a client’s own system, the client business is normally the right first contact. We assist that client under the agreed support arrangement where appropriate.
Account data remains until deletion or a lawful reason requires limited retention. Enquiries and client-service records are kept only for as long as needed to respond, deliver work, resolve issues, and meet legal or accounting duties. Essential cookies support login, security, and form operation. We keep daily aggregate totals of public-page visits and the pages being reached so we can improve the site; this contains no IP address, user agent, account identifier, or individual browsing record.
Account-security records are separate from those anonymous visit totals. When a registration security event occurs, the record may include the remote IP address supplied by the web server, the event type, and time. It is restricted to the configured administrator, used to prevent, investigate, or respond to suspected misuse, fraud, unauthorised access, or service interference, and normally deleted after 90 days. We may retain a relevant record longer only where reasonably necessary for an active investigation, a legal claim, a compliance duty, or to establish, exercise, or defend legal rights. We do not use these records for marketing or visitor analytics.
We do not add advertising or analytics cookies without updating this notice and providing any required choice.