Privacy Policy

Transparency, Security & Data Minimization

Effective Date: January 7, 2026 Status: 100% On-Premise

At Leleasley.uk, we believe privacy is a fundamental right. We operate on a principle of "data minimization"—collecting only what is strictly necessary to keep our services secure and functional. We do not sell data, track you for ads, or monetize your information.

1. Hosting & Jurisdiction

All services are self-hosted on private infrastructure located within the United Kingdom. We do not rely on public cloud hyperscalers (AWS, Azure, Google Cloud) for storage or compute. This ensures that your data remains physically within our control and jurisdiction.

2. Data We Collect

We only store what is strictly required for authentication, security, and troubleshooting.

👤
Account Identity
Your username, email address, and group memberships. These are required to identify you and grant access to specific services.
🛡️
Security Logs
Login attempts, IP addresses, and timestamps. Used to detect brute force attacks via Fail2Ban and Authelia.
🍪
Essential Cookies
Session cookies used strictly for authentication. We do not use third-party tracking, advertising, or analytics cookies.
🎬
Service Usage
For media services (Jellyfin/Plex), watch history and progress are stored locally to allow you to resume playback across devices.

3. Infrastructure & Third Parties

We self-host the majority of our services to maintain control. However, traffic passes through selected infrastructure providers for security and connectivity.

  • Cloudflare: Used for DNS, DDoS protection, and CDN. Traffic flows through their network; they may log IP addresses for security purposes.
  • Notification Services: We use Telegram/Discord for system status alerts. No personal user data is transmitted in these system-level alerts.
  • Metadata Providers: Media services may fetch posters/metadata from external sources (TMDB, TVDB). These requests are anonymized where possible.

4. Security Measures

We employ industry-standard security practices to protect your data:

  • Encryption in Transit: All traffic is secured via TLS (HTTPS) using strict transport security (HSTS).
  • Encryption at Rest: Sensitive credentials and backups are encrypted using standard algorithms (AES-256).
  • Access Control: Services are guarded by a reverse proxy and require Multi-Factor Authentication (2FA/Passkeys) where supported.

5. Data Retention

We do not hold data longer than necessary.

# RETENTION POLICY [Logs] Security Logs: 30 days (Rolling retention) Access Logs: 14 days [Accounts] Active Data: Retained while account is active Deleted Data: Purged immediately upon request [Cookies] Session ID: Expires on browser close or timeout

6. Your Rights

You have the right to access, correct, or request deletion of your personal data at any time. As this is a private homelab service, please contact the administrator directly for any data requests.

✉️ Contact Administrator