Privacy Policy

001 // SUMMARYWhat this is

Knight CTO is a one-person consulting practice. This page explains what personal information I collect, why, what I do with it, and how I protect it. Plain language, no boilerplate filler. If anything is unclear, email boris@knightcto.com and I will explain.

Two-sentence summary: I collect the minimum information needed to respond to you and deliver any engagement you sign. I never sell your data, never share it with marketing networks, and never train AI models on client matter content.

002 // WHOWho I am

Knight CTO is operated by Boris Knight, a sole practitioner consulting business based in Walnut Creek, California. There is no team, no subprocessing, and no offshore staff. When you correspond with Knight CTO, you are corresponding with Boris.

• Business name: Knight CTO
• Operator: Boris Knight
• Address: Walnut Creek, California, United States
• Email: boris@knightcto.com
• Site: https://knightcto.com

003 // WHAT I COLLECTInformation collected

From website visitors

The website is plain HTML hosted on bare-metal infrastructure I operate. There are no third-party tracking pixels, no Google Analytics, no Meta pixel, no LinkedIn Insight tag, no advertising SDKs. Nginx access logs capture standard server metadata (IP address, timestamp, requested URL, user agent) for operational purposes. Logs are retained for 30 days and are not analyzed for marketing.

From contact-form submissions

If you submit the contact form, I collect the fields you provide: name, firm or organization, email, and a description of what you would like to discuss. The submission is delivered to my Knight CTO inbox by email and is retained for follow-up.

From scheduled calls

If you book a call through the calendar page, the calendar provider (Google Workspace) collects your email address and any details you provide on the booking form. Their privacy practices are governed by the Google Workspace Privacy Notice. I see only the booking metadata required to take the call.

From signed engagements

If we work together, I will receive whatever firm and matter information is necessary to deliver the engagement. That information is governed by the engagement letter and any non-disclosure agreement we sign, in addition to my obligations under California Rule of Professional Conduct 1.6 when working with attorneys.

004 // WHAT I DO WITH ITHow information is used

• To reply to your message and deliver any service you have requested.
• To prepare for and conduct the calls or engagements we arrange.
• To produce a written record of the work, including invoices.
• To send you operational emails about active engagements (status updates, deliverables, scheduling).

Information is not used for advertising, behavioral targeting, or model training. I do not enrich submissions against third-party databases.

005 // WHO I SHARE IT WITHDisclosures and processors

I share personal information only with the following narrow set of services:

• Google Workspace — email, calendar, document storage. The boris@knightcto.com inbox lives here. Subject to Google's Cloud Data Processing Addendum.
• Porkbun — domain registrar and DNS for knightcto.com.
• ReliableSite — bare-metal server provider that hosts the website and contact-form handler. They have no application-level access to submission content.
• Anthropic — when I use Claude to draft outbound communications, the input may include public information about the recipient (firm name, public bio details). Anthropic's Commercial Terms apply.

I do not sell personal information. I do not share it with marketing networks, ad platforms, data brokers, or affiliates.

006 // SECURITYHow information is protected

Knight CTO uses encrypted transport for all submissions (HTTPS / TLS). Inbound mail is delivered to a Google Workspace mailbox protected by two-factor authentication. The contact-form handler runs on a hardened Linux server with firewall, fail2ban, and minimal public surface area. Application secrets and credentials are never committed to source control. I do not run third-party tracking or analytics.

007 // RETENTIONHow long I keep things

• Server access logs: 30 days, then rotated.
• Contact-form submissions: retained as email until I have a clear reason to delete them. Send a request to boris@knightcto.com if you want yours removed.
• Engagement records (signed clients): per the engagement letter and applicable professional-conduct rules, typically the duration of the engagement plus seven years.

008 // YOUR RIGHTSYour rights

California residents and EU/UK residents have rights to know, access, correct, and delete personal information held about them. Send a request to boris@knightcto.com from the address you used to contact me, and I will respond within 30 days. There is no charge.

To stop receiving emails from me at any time, reply with STOP or unsubscribe and I will remove you from further outreach. Legitimate engagement correspondence is excluded — that goes to active clients and is governed by our engagement letter.

009 // CHANGESChanges to this policy

Material changes will be posted on this page with a new effective date. Active engagement clients will be notified by email if a change affects matter handling.

010 // QUESTIONSContact

Questions about this policy or your information go to: boris@knightcto.com.