Privacy
Policy
Last updated: April 2026 · Applies to white-mill.com
WhiteMill is a performance site production service. This policy explains what personal data we collect when you visit our website, how we use it, and what rights you have under the General Data Protection Regulation (GDPR) and other applicable laws.
1. Who we are
The data controller for this website is WhiteMill, reachable at [email protected]. When we say "we", "us", or "WhiteMill", we mean the operator of white-mill.com.
If you have any questions about this policy or how we handle your data, contact us directly at [email protected].
2. What data we collect and why
2.1 Contact form
When you submit the "Request Access" form, we collect:
- First and last name
- Email address
- Phone number (optional)
- Team size and monthly volume
- Your message / project description
Purpose: to respond to your enquiry and onboard your team.
Legal basis: Article 6(1)(b) GDPR — processing necessary to take steps at your request prior to entering a contract.
Retention: We retain contact form submissions for up to 24 months, then delete them unless an ongoing business relationship exists.
2.2 Analytics (Google Analytics 4)
With your consent, we use Google Analytics 4 to understand how visitors interact with our website — which pages are visited, how long sessions last, and where traffic comes from.
When you accept, Google Analytics sets the following cookies:
| Cookie | Purpose | Duration |
|---|---|---|
_ga |
Distinguishes unique visitors | 2 years |
_ga_DT956Z0F2H |
Maintains session state for GA4 | 2 years |
Data is processed by Google LLC. Google may transfer data to the United States. This transfer is covered by Standard Contractual Clauses (SCC) under Article 46 GDPR. For more information, see Google's Privacy Policy.
Legal basis: Article 6(1)(a) GDPR — consent. You can withdraw your consent at any time by clearing your browser's local storage or cookies.
2.3 Server logs
Our hosting provider automatically records standard server logs, which may include your IP address, browser type, referring URL, and the time of your request. These logs are used for security and technical diagnostics and are retained for up to 30 days.
Legal basis: Article 6(1)(f) GDPR — our legitimate interest in maintaining website security and performance.
2.4 Account security and free-sample review
When you create a WhiteMill account, we process your email address, password hash, optional Telegram/contact details, email verification status, dashboard activity, payment/order history, support messages, and administrator notes needed to operate the service.
When you request the free 5-site sample, we may also collect business-proof details you submit for review, such as a company website, LinkedIn company page, company Telegram handle/link, and your role in the team. We normalize these details into team-level anti-abuse signals so multiple members of the same organization cannot repeatedly claim the same free sample.
To protect the free 5-site sample from repeated abuse, we also store limited security signals such as hashed IP address, hashed user-agent, hashed device identifier, email domain, referral/UTM data, normalized business-proof signals, risk score, and review decisions. These signals are used only for fraud prevention, account security, and manual eligibility review.
Email-verification and password-reset tokens are stored in hashed form. Security-review records are retained only for limited operational, fraud-prevention, and support periods, after which they are deleted or reduced according to our retention routines.
Legal basis: Article 6(1)(b) GDPR for account/service operation and Article 6(1)(f) GDPR for fraud prevention and platform security.
3. Cookies
We use the following types of cookies:
| Type | Cookies | Required? |
|---|---|---|
| Functional | wm_cookie_consent — stores your cookie preference in localStorage (not a cookie, no data sent to server) |
Yes — needed to remember your choice |
| Analytics | _ga, _ga_DT956Z0F2H |
No — only with your consent |
We do not use advertising cookies, social media tracking pixels, or any third-party remarketing cookies.
How to manage cookies:
- Change your preference: clear your browser's localStorage (DevTools → Application → Local Storage → white-mill.com → delete
wm_cookie_consent) and reload the page. The banner will reappear. - Block all cookies via your browser settings (Chrome, Firefox, Safari, Edge all support this).
- Opt out of Google Analytics across all sites: Google Analytics Opt-out Browser Add-on.
4. How we share your data
We do not sell, rent, or trade your personal data. We share data only with the following processors:
| Processor | Purpose | Location |
|---|---|---|
| Google LLC (Analytics) | Website analytics | USA (SCC) |
| Cloudflare (form endpoint) | Forwards contact form data to us | EU/USA (SCC) |
| Telegram Messenger | Client notifications and support communication (clients only) | UAE / distributed |
We may disclose data if required by law, regulation, or valid legal process.
5. Your rights under GDPR
If you are located in the European Economic Area (EEA) or UK, you have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate or incomplete data.
- Erasure — ask us to delete your data ("right to be forgotten").
- Restriction — ask us to limit how we process your data.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interests.
- Withdraw consent — at any time, for processing based on consent (e.g., analytics).
To exercise any of these rights, email us at [email protected]. We will respond within 30 days.
You also have the right to lodge a complaint with your local data protection authority, for example the supervisory authority in your EU member state.
6. Data security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. Our website is served over HTTPS. Contact form submissions are transmitted via encrypted Cloudflare Workers endpoints.
No method of internet transmission is 100% secure. If you believe your data has been compromised, contact us immediately at [email protected].
7. Children's privacy
Our service is intended for professional use by marketing teams and is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has submitted data to us, contact us and we will delete it promptly.
8. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect any changes. For significant changes, we will notify active clients by email. Continued use of the site after changes constitutes acceptance of the updated policy.
9. Contact
For any privacy-related questions, requests, or complaints: