LEGAL · 001.
Knight CTO is a one-person consulting practice. This page explains what personal information I collect, why, what I do with it, and how I protect it. Plain language, no boilerplate filler. If anything is unclear, email boris@knightcto.com and I will explain.
Two-sentence summary: I collect the minimum information needed to respond to you and deliver any engagement you sign. I never sell your data, never share it with marketing networks, and never train AI models on client matter content.
Knight CTO is operated by Boris Knight, a sole practitioner consulting business based at 1839 Ygnacio Valley Rd, Ste B, Walnut Creek, CA 94598. There is no team, no subprocessing, and no offshore staff. When you correspond with Knight CTO, you are corresponding with Boris.
The website is plain HTML hosted on bare-metal infrastructure I operate. There are no third-party tracking pixels, no Google Analytics, no Meta pixel, no LinkedIn Insight tag, no advertising SDKs. Nginx access logs capture standard server metadata (IP address, timestamp, requested URL, user agent) for operational purposes. Logs are retained for 30 days and are not analyzed for marketing.
I run a self-hosted analytics tool (Umami) on the same bare-metal infrastructure to count page views and understand which pages get traffic. It sets no cookies, does not fingerprint visitors, does not track you across sites, and sends no data to any third party. Page-view records are aggregated; IP addresses are hashed daily and are not stored in identifiable form.
If you submit the contact form, I collect the fields you provide: name, firm or organization, email, and a description of what you would like to discuss. The submission is delivered to my Knight CTO inbox by email and is retained for follow-up.
If you book a call through the calendar page, the calendar provider (Google Workspace) collects your email address and any details you provide on the booking form. Their privacy practices are governed by the Google Workspace Privacy Notice. I see only the booking metadata required to take the call.
If we work together, I will receive whatever firm and matter information is necessary to deliver the engagement. That information is governed by the engagement letter and any non-disclosure agreement we sign, in addition to my obligations under California Rule of Professional Conduct 1.6 when working with attorneys.
Information is not used for advertising, behavioral targeting, or model training. I do not enrich submissions against third-party databases.
I share personal information only with the following narrow set of services:
I do not sell personal information. I do not share it with marketing networks, ad platforms, data brokers, or affiliates.
Knight CTO uses encrypted transport for all submissions (HTTPS / TLS). Inbound mail is delivered to a Google Workspace mailbox protected by two-factor authentication. The contact-form handler runs on a hardened Linux server with firewall, fail2ban, and minimal public surface area. Application secrets and credentials are never committed to source control. The only analytics tool in use is the self-hosted Umami instance described in section 003.
California residents and EU/UK residents have rights to know, access, correct, and delete personal information held about them. Send a request to boris@knightcto.com from the address you used to contact me, and I will respond within 30 days. There is no charge.
To stop receiving emails from me at any time, reply with STOP
or unsubscribe and I will remove you from further outreach.
Legitimate engagement correspondence is excluded — that goes to active
clients and is governed by our engagement letter.
Material changes will be posted on this page with a new effective date. Active engagement clients will be notified by email if a change affects matter handling.
Questions about this policy or your information go to: boris@knightcto.com.