Privacy and Cookies
EventHelix.com is a documentation and marketing site for our systems engineering tools. This page describes what data the site collects, what it stores in your browser, and which third-party services it contacts when you load a page.
Last updated: 2026-05-13.
Cookies
The site sets no tracking, analytics, or advertising cookies. The following strictly-necessary cookies are set by the hosting and delivery infrastructure:
| Cookie | Set by | Purpose | Lifetime |
|---|---|---|---|
ARRAffinity | Microsoft Azure App Service (our host) | Pins your session to a single backend instance while you are browsing, so pages load consistently. | Browser session. |
ARRAffinitySameSite | Microsoft Azure App Service (our host) | Same purpose as ARRAffinity, delivered with a SameSite attribute for modern browsers. | Browser session. |
Under the EU ePrivacy Directive these are classified as strictly necessary cookies — they are required to deliver the service you requested and are not used for tracking or profiling. No consent is required to set them.
Cloudflare (our CDN, see below) does not set any cookies on our regular pages. On the VisualEther trial-request page (and only that page), the Cloudflare Turnstile anti-bot widget is loaded; Turnstile may set short-lived strictly-necessary cookies and localStorage/sessionStorage items in your browser to verify that you are a real visitor before the form is accepted. The cookies most commonly seen are:
| Cookie | Set by | Purpose | Lifetime |
|---|---|---|---|
__cf_bm | Cloudflare Turnstile | Cloudflare Bot Management — confirms the form submission came from a real browser, not a script. | 30 minutes. |
cf_chl_* | Cloudflare Turnstile | Short-lived challenge state during the verification handshake. | Session, cleared on success. |
These are classified as strictly necessary under the EU ePrivacy Directive — they are required to prevent fraudulent / automated trial-license requests, and they are not used for tracking, profiling, or advertising.
Browser storage
This site uses exactly one entry of localStorage:
| Key | Purpose | Lifetime |
|---|---|---|
eh-theme | Remembers whether you chose the light or dark color scheme via the theme toggle in the navigation bar. | Persists until you clear it. |
Under the EU ePrivacy Directive and GDPR this is a strictly necessary / functional storage item — it is only created when you click the theme toggle, it stores a preference you explicitly set, and it is not used for identification, tracking, or analytics. No consent is required for storage of this kind.
You can clear this value at any time through your browser's site-data or privacy settings.
Analytics and tracking
None.
The site does not run Google Analytics, Facebook Pixel, Hotjar, Clarity, Segment, or any other analytics, tracking, or advertising script. We do not fingerprint visitors. We do not track you across pages or sessions.
Third-party resources loaded by the site
All fonts, stylesheets, and scripts required to render the site are hosted on EventHelix.com. The site does not load Google Fonts, jsDelivr, or any other third-party CDN at page load, so no IP address or request metadata is transmitted to a third party simply by visiting a page — with the single, page-specific exception described below.
The only third-party requests that may be made are:
- Cloudflare Turnstile (VisualEther trial-request page only). When you open the VisualEther trial form, your browser fetches the Turnstile widget JavaScript from
challenges.cloudflare.comand Turnstile may make additional anti-bot signal requests to that domain. Cloudflare receives your IP address, user agent, and request metadata as part of operating Turnstile. Turnstile does not profile users for advertising and does not track you across sessions; it issues a one-time token that we verify server-side before accepting your trial-license request. The token is bound to a single submission and is discarded by us after use. If you do not open the trial-request page, no Turnstile request is made. - YouTube embeds (tutorial pages only). Videos are embedded through the privacy-enhanced
youtube-nocookie.comdomain, which does not set tracking cookies until you press play. If you do not interact with the video, no personalized data is sent to YouTube. - Outbound links to Medium, GitHub, Twitter / X, LinkedIn, and Facebook in the page footer and article bodies. These are plain links — they only contact the third party if you click on them. We use
rel="noopener"to avoid leaking window-level context.
Service providers (data processors)
The following providers process data on our behalf to deliver the website. All are bound by Data Processing Agreements and process data only for the purposes listed.
- Microsoft Azure (App Service) — hosts the origin server. Receives page requests and form submissions. Azure sets the strictly-necessary
ARRAffinitycookies described above. - Microsoft Azure (Functions, Key Vault, Storage) — hosts our license-issuance service. Receives the trial-form submission and the merchant-of-record purchase notification, generates the license file, and triggers email delivery. Stores signing keys in Azure Key Vault.
- SendGrid (Twilio) — sends the license-delivery email containing the license file to the address you provided on the form or at checkout. SendGrid receives only the recipient name, email address, and the license file. It is not used for newsletters or marketing.
- FastSpring (Bright Market, LLC) — merchant of record for VisualEther and EventStudio purchases. Handles payment processing and tax calculation; see the dedicated section below.
- Cloudflare, Inc. — sits in front of the site as our CDN, TLS terminator, and DDoS protection layer. Every request to EventHelix.com transits Cloudflare's edge, so Cloudflare briefly processes your IP address, request headers, and the URL requested. Cloudflare also operates the Turnstile anti-bot widget on our trial-request page (described above). We do not use Cloudflare Web Analytics, Zaraz, Bot Fight Mode, or any paid analytics / tag-management features — those are disabled on our account. Cloudflare's Network Error Logging endpoint (
a.nel.cloudflare.com) is wired up at the edge but currently configured with a 0% sample rate, so no error reports are sent from visitors' browsers in practice.
Trial and purchase forms
Filling in a trial-request or order form on the VisualEther or EventStudio pages submits the information you enter (name, email, organization) directly to EventHelix so we can deliver the trial license or process the order. We do not share that data with third parties for marketing purposes. Contact us at support@eventhelix.com if you would like your information removed.
The VisualEther trial form runs through Cloudflare Turnstile as an anti-bot check before submission (see "Third-party resources loaded by the site" above). Turnstile produces a one-time verification token; that token plus the form fields are submitted to our license-issuance service running on Microsoft Azure, where the token is verified with Cloudflare and discarded. Purchase orders go through FastSpring (our merchant of record) — see the dedicated section below.
FastSpring — Merchant of Record for purchases
VisualEther and EventStudio purchases are processed by FastSpring (Bright Market, LLC, trading as FastSpring), which acts as the merchant of record. When you buy a license:
- Your payment, billing address, and tax-related information are collected and stored by FastSpring directly. EventHelix does not receive your full payment-card details at any point.
- FastSpring is responsible for tax (US sales tax, VAT, GST) calculation, collection, and remittance in your jurisdiction, and appears as the seller of record on your receipt.
- After your payment clears, FastSpring notifies our order-processing pipeline with your name, email, the product variant purchased, and order metadata (but not your payment-card data); we then issue and email your license file via SendGrid.
- FastSpring's privacy policy applies to the payment data it holds; see https://fastspring.com/privacy/.
We may transition to Lemon Squeezy (Lemon Squeezy LLC) as merchant of record for future products. If and when that change is made, this page will be updated to reflect it.
Server logs
Our web host (Microsoft Azure) and Cloudflare keep standard access logs (IP address, user agent, requested URL, timestamp, referrer) for operational and security purposes — identifying attacks, debugging errors, and preventing abuse. These logs are retained only as long as needed for those purposes and are not used for profiling or advertising.
Legal bases for processing (GDPR)
For visitors in the EU / UK, we rely on the following legal bases under Article 6 of the GDPR:
- Performance of a contract (Art. 6(1)(b)) — processing trial-request and purchase form data to deliver the license you asked for, and processing order data received from our merchant of record to issue and email the license file.
- Legitimate interests (Art. 6(1)(f)) — operating the strictly-necessary session-affinity cookies, keeping short-lived server and CDN access logs for security and debugging, and running the Cloudflare Turnstile anti-bot check on the trial form to prevent fraudulent license requests. The interest pursued is delivering a working, abuse-resistant website; this is balanced against the limited, non-tracking nature of the data involved.
- Compliance with a legal obligation (Art. 6(1)(c)) — retaining purchase records to the extent required by tax and accounting law (handled by Lemon Squeezy as merchant of record).
- Consent (Art. 6(1)(a)) — only for the
eh-themebrowser-storage entry, which is created exclusively when you click the theme toggle.
Retention periods
- Trial-request form data (name, email, organization) — retained for up to 24 months after license issuance so we can support you during the trial and any follow-up evaluation, then deleted on request or on the next scheduled clean-up, whichever comes first.
- Purchase records (order metadata received from FastSpring: name, email, product variant, order ID) — retained for 7 years to meet tax, accounting, and license-reissuance requirements.
- Issued license files and their associated email address — retained for the lifetime of the license plus 12 months, so we can reissue the license file if you lose it.
- Microsoft Azure server access logs — retained for up to 90 days.
- Cloudflare edge logs — retained per Cloudflare's standard retention (typically a few days for HTTP request logs); we do not enable extended log retention.
- SendGrid delivery logs — retained per SendGrid's standard retention; we do not export or archive them.
After the periods above, data is deleted or irreversibly anonymized. You can request earlier deletion at any time (see "Your rights" below); we will comply unless we are required to retain a record for legal or tax reasons.
International data transfers
EventHelix.com Inc. is a Maryland corporation headquartered in the State of Washington, United States. Several of our service providers also process data in the United States and other jurisdictions outside the EU / UK:
- Microsoft Azure — origin hosting and license-issuance functions run in Azure regions that may be located outside the EU / UK.
- Cloudflare, Inc. (US) — global CDN edge; your request transits the nearest Cloudflare point of presence.
- SendGrid / Twilio Inc. (US) — email delivery.
- FastSpring (Bright Market, LLC) (US) — payment processing and merchant-of-record services.
For transfers of personal data from the EU / UK to these providers we rely on the European Commission's Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, together with the providers' own published transfer safeguards (Microsoft's EU Data Boundary commitments, Cloudflare's and SendGrid's SCC-backed Data Processing Addenda, and FastSpring's DPA). Copies of the relevant DPAs are publicly available from each provider.
Children's data
This site is a developer-tools marketing and documentation site aimed at professional engineers. It is not directed to children, and we do not knowingly collect personal data from anyone under the age of 16. If you believe a child has submitted personal data through one of our forms, contact support@eventhelix.com and we will delete it.
Your rights (EU / UK / California residents)
You have the right to request access to, correction of, or deletion of any personal data we hold about you. For most visitors we hold only short-lived session-affinity cookies and the operational log entries described above — no analytics profiles and no advertising identifiers. If you have submitted a trial or order form and want to exercise these rights, email support@eventhelix.com.
Contact
EventHelix.com Inc.
support@eventhelix.com