Privacy & Principles • ScotNet

UK GDPR

No cookies No trackers Security logs

ScotNet is a privately operated infrastructure project built to provide quiet, stable services without surveillance, profiling, behavioural tracking, or data monetisation. This platform is operated for personal and family use, not commercial exploitation.

Data Controller

ScotNet is operated privately by an individual based in the United Kingdom. For the purposes of UK GDPR, this operator acts as the data controller for any personal data processed by the services described on this site.

What We Do Not Do

No cookies
No trackers
No analytics beacons
No behavioural profiling
No advertising systems
No sale or transfer of personal data

What We May Log

Connection metadata for security and fault diagnosis
Abuse-prevention logs on public-facing services
Email headers strictly for spam filtering and mail routing
Firewall and intrusion detection events

Retention: Logs exist solely to keep systems secure and operational. They are not profiled, mined, marketed, shared, or exported. Typical retention does not exceed 30 days, unless extended temporarily during active security investigations or legal obligations.

Lawful Basis for Processing

Legitimate interest: Security logging, abuse prevention, and service reliability.
Consent: When users voluntarily submit data via contact forms.
Legal obligation: Where limited data must be retained to comply with UK law.

Contact Forms

If you send a message via the contact form, we process only what you submit (name, email, subject, message) plus limited technical metadata required to defend the service (origin IP address, timestamp, and user-agent). This information is used solely to deliver the message and protect ScotNet from spam and abuse.

Anti-spam controls: rate limiting, honeypot fields, content scoring, and signature checks.
DNSBL enforcement: submissions may be blocked if the sender IP is listed on bl.scott.ovh.
No third-party CAPTCHA: nothing is sent to external “human verification” vendors.

Note: Abuse-prevention metadata is retained only as long as necessary for security and troubleshooting, then rotated out.

DNS Services

ScotNet runs encrypted DNS (DoT/DoH) for trusted circles. The resolver is built for privacy and integrity: no advertising IDs, no behavioural profiles, and no resale of DNS data because, frankly, that’s not the point.

What we avoid: persistent per-user DNS analytics, tracking identifiers, or “usage monetisation”.
What may exist temporarily: short-lived operational logs for debugging faults, mitigating abuse, and maintaining performance.
Access: the resolver is not intended as an open public service and may be access-controlled.

DNSBL (Abuse Intelligence)

bl.scott.ovh is a DNS-based blocklist used to reduce abuse across ScotNet services (mail, web forms, and other public-facing endpoints). Listings are about IP reputation and security events, not people.

Listings may include an IP address and a short reason code/text explaining why it was listed.
Data is used for security enforcement and abuse reduction, not tracking or profiling.
Retention follows operational need; entries are removed when no longer required.

Back2You (b2y.scott.ovh)

Back2You is a small, privacy-first pet return page service. It is designed to work without accounts, adverts, trackers, or data brokerage.

Public pages show only the information the tag owner chooses to publish.
Finder contact routes are protected with the same anti-abuse controls as ScotNet contact forms.
No “social” tracking pixels, no ad networks, and no third-party analytics.

Status & Monitoring

ScotNet publishes service availability at status.scott.ovh. When embedded elsewhere, status indicators fetch simple uptime/badge data from that host. This is used to show whether services are up, not to identify visitors.

Monitoring principle: measure infrastructure health, not human behaviour.

Your Rights

The right to request access to any personal data held
The right to request correction of inaccurate data
The right to request erasure where data is no longer required
The right to restriction of processing in certain circumstances
The right to object to processing based on legitimate interests
The right to lodge a complaint with the UK Information Commissioner’s Office (ICO)

As this is a private, non-commercial infrastructure platform, data is processed only where technically required for service operation, security, or compliance with applicable law.

Policy Updates

This policy may be updated periodically to reflect infrastructure, legal, or security changes. The version displayed here is the current policy in effect.

Return to ScotNet

If you need to reach the operator, use the main site contact route.

Privacy (UK GDPR) v3 January | 2026.