Privacy and Cookies
Privacy and Cookies
EventHelix.com is a documentation and marketing site for our systems engineering tools. This page describes what data the site collects, what it stores in your browser, and which third-party services it contacts when you load a page.
Last updated: 2026-05-09.
Cookies
The site sets no tracking, analytics, or advertising cookies. The following strictly-necessary cookies are set by the hosting and delivery infrastructure:
| Cookie | Set by | Purpose | Lifetime |
|---|---|---|---|
ARRAffinity | Microsoft Azure App Service (our host) | Pins your session to a single backend instance while you are browsing, so pages load consistently. | Browser session. |
ARRAffinitySameSite | Microsoft Azure App Service (our host) | Same purpose as ARRAffinity, delivered with a SameSite attribute for modern browsers. | Browser session. |
Under the EU ePrivacy Directive these are classified as strictly necessary cookies — they are required to deliver the service you requested and are not used for tracking or profiling. No consent is required to set them.
Cloudflare (our CDN, see below) does not set any cookies on our regular pages. On the VisualEther trial-request page (and only that page), the Cloudflare Turnstile anti-bot widget is loaded; Turnstile may set short-lived strictly-necessary cookies and localStorage/sessionStorage items in your browser to verify that you are a real visitor before the form is accepted. The cookies most commonly seen are:
| Cookie | Set by | Purpose | Lifetime |
|---|---|---|---|
__cf_bm | Cloudflare Turnstile | Cloudflare Bot Management — confirms the form submission came from a real browser, not a script. | 30 minutes. |
cf_chl_* | Cloudflare Turnstile | Short-lived challenge state during the verification handshake. | Session, cleared on success. |
These are classified as strictly necessary under the EU ePrivacy Directive — they are required to prevent fraudulent / automated trial-license requests, and they are not used for tracking, profiling, or advertising.
Browser storage
This site uses exactly one entry of localStorage:
| Key | Purpose | Lifetime |
|---|---|---|
eh-theme | Remembers whether you chose the light or dark colour scheme via the theme toggle in the navigation bar. | Persists until you clear it. |
Under the EU ePrivacy Directive and GDPR this is a strictly necessary / functional storage item — it is only created when you click the theme toggle, it stores a preference you explicitly set, and it is not used for identification, tracking, or analytics. No consent is required for storage of this kind.
You can clear this value at any time through your browser's site-data or privacy settings.
Analytics and tracking
None.
The site does not run Google Analytics, Facebook Pixel, Hotjar, Clarity, Segment, or any other analytics, tracking, or advertising script. We do not fingerprint visitors. We do not track you across pages or sessions.
Third-party resources loaded by the site
All fonts, stylesheets, and scripts required to render the site are hosted on EventHelix.com. The site does not load Google Fonts, jsDelivr, or any other third-party CDN at page load, so no IP address or request metadata is transmitted to a third party simply by visiting a page — with the single, page-specific exception described below.
The only third-party requests that may be made are:
- Cloudflare Turnstile (VisualEther trial-request page only). When you open the VisualEther trial form, your browser fetches the Turnstile widget JavaScript from
challenges.cloudflare.comand Turnstile may make additional anti-bot signal requests to that domain. Cloudflare receives your IP address, user agent, and request metadata as part of operating Turnstile. Turnstile does not profile users for advertising and does not track you across sessions; it issues a one-time token that we verify server-side before accepting your trial-license request. The token is bound to a single submission and is discarded by us after use. If you do not open the trial-request page, no Turnstile request is made. - YouTube embeds (tutorial pages only). Videos are embedded through the privacy-enhanced
youtube-nocookie.comdomain, which does not set tracking cookies until you press play. If you do not interact with the video, no personalised data is sent to YouTube. - Outbound links to Medium, GitHub, Twitter / X, LinkedIn, and Facebook in the page footer and article bodies. These are plain links — they only contact the third party if you click on them. We use
rel="noopener"to avoid leaking window-level context.
Service providers (data processors)
The following providers process data on our behalf to deliver the website. All are bound by Data Processing Agreements and process data only for the purposes listed.
- Microsoft Azure (App Service) — hosts the origin server. Receives page requests and form submissions. Azure sets the strictly-necessary
ARRAffinitycookies described above. - Microsoft Azure (Functions, Key Vault, Storage) — hosts our licence-issuance service. Receives the trial-form submission and the Lemon Squeezy purchase webhook, signs the
.licfile, and triggers email delivery. Stores the Ed25519 signing key in Azure Key Vault. - SendGrid (Twilio) — sends the licence-delivery email containing the
.licattachment to the address you provided on the form or at checkout. SendGrid receives only the recipient name, email address, and the licence file. It is not used for newsletters or marketing. - Lemon Squeezy LLC — merchant of record for VisualEther purchases. Handles payment processing and tax calculation; see the dedicated section below.
- Cloudflare, Inc. — sits in front of the site as our CDN, TLS terminator, and DDoS protection layer. Every request to EventHelix.com transits Cloudflare's edge, so Cloudflare briefly processes your IP address, request headers, and the URL requested. Cloudflare also operates the Turnstile anti-bot widget on our trial-request page (described above). We do not use Cloudflare Web Analytics, Zaraz, Bot Fight Mode, or any paid analytics / tag-management features — those are disabled on our account. Cloudflare's Network Error Logging endpoint (
a.nel.cloudflare.com) is wired up at the edge but currently configured with a 0% sample rate, so no error reports are sent from visitors' browsers in practice.
Trial and purchase forms
Filling in a trial-request or order form on the VisualEther or EventStudio pages submits the information you enter (name, email, organization) directly to EventHelix so we can deliver the trial licence or process the order. We do not share that data with third parties for marketing purposes. Contact us at support@eventhelix.com if you would like your information removed.
The VisualEther trial form runs through Cloudflare Turnstile as an anti-bot check before submission (see "Third-party resources loaded by the site" above). Turnstile produces a one-time verification token; that token plus the form fields are submitted to our licence-issuance service running on Microsoft Azure, where the token is verified with Cloudflare and discarded. Purchase orders go through Lemon Squeezy (our merchant of record) — see the dedicated section below.
Lemon Squeezy — Merchant of Record for purchases
VisualEther purchases are processed by Lemon Squeezy (Lemon Squeezy LLC), which acts as the merchant of record. When you buy a licence:
- Your payment, billing address, and tax-related information are collected and stored by Lemon Squeezy directly. EventHelix does not receive your full payment-card details at any point.
- Lemon Squeezy is responsible for tax (VAT / sales tax) calculation, collection, and remittance in your jurisdiction, and appears as the seller of record on your receipt.
- After your payment clears, Lemon Squeezy sends an
order_createdwebhook (containing your name, email, the product variant purchased, and order metadata — but not your payment-card data) to our licence-issuance service on Microsoft Azure, which signs and emails your.licfile via SendGrid. - Lemon Squeezy's privacy policy applies to the payment data it holds; see https://www.lemonsqueezy.com/privacy.
Server logs
Our web host (Microsoft Azure) and Cloudflare keep standard access logs (IP address, user agent, requested URL, timestamp, referrer) for operational and security purposes — identifying attacks, debugging errors, and preventing abuse. These logs are retained only as long as needed for those purposes and are not used for profiling or advertising.
Your rights (EU / UK / California residents)
You have the right to request access to, correction of, or deletion of any personal data we hold about you. For most visitors we hold only short-lived session-affinity cookies and the operational log entries described above — no analytics profiles and no advertising identifiers. If you have submitted a trial or order form and want to exercise these rights, email support@eventhelix.com.
Contact
EventHelix.com Inc.
support@eventhelix.com