Privacy Policy

Last updated: February 2025

1. Introduction

This privacy policy ("Policy") explains how we collect, use, store and protect your personal data when you use our software-as-a-service platform and related services ("Services"). We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are the data controller in respect of the personal data we process as described in this Policy. If you have any questions, please contact us using the details in Section 12.

2. Personal data we collect

We may collect and process the following categories of personal data:

  • Account and identity data: name, email address, password (stored in hashed form), and other details you provide when registering or updating your account.
  • Usage and technical data: IP address, browser type and version, device information, log-in and access times, pages viewed, and other data about how you use the Services.
  • Content and communications: data you upload, submit or store within the Services, and messages you send to us (e.g. support requests).
  • Payment and billing data: billing address and payment-related information. Card details are processed by our payment provider; we do not store full card numbers.

3. How we collect your data

We collect personal data when you: create an account; use the Services; contact us for support or enquiries; subscribe to marketing (where you have opted in); or when we obtain it from cookies and similar technologies on our website or within the Services, in accordance with our cookie policy and your preferences.

4. Legal basis and purposes

We process your personal data only where we have a lawful basis:

  • Contract: to provide the Services, manage your account, process payments and communicate with you about the Services.
  • Legitimate interests: to improve and secure the Services, analyse usage, prevent fraud, and enforce our terms, where such interests are not overridden by your rights.
  • Consent: where you have given clear consent (e.g. for marketing emails or non-essential cookies). You may withdraw consent at any time.
  • Legal obligation: where we must comply with UK law (e.g. tax, anti-money laundering, or regulatory requirements).

5. Who we share your data with

We may share your personal data with: (a) service providers who assist us (e.g. hosting, payment processing, email delivery, analytics), who act under our instructions and are bound by confidentiality and data protection obligations; (b) professional advisers (e.g. lawyers, accountants) where necessary; (c) regulators or law enforcement where required by law or to protect our rights. We do not sell your personal data. If we transfer data outside the UK, we ensure appropriate safeguards (e.g. UK adequacy decisions or standard contractual clauses) are in place.

6. How long we keep your data

We retain your personal data only for as long as necessary for the purposes set out in this Policy, including to satisfy legal, accounting or reporting requirements. When you close your account, we will delete or anonymise your data within a reasonable period, except where we must retain it for legal reasons. You may request earlier deletion subject to our legal obligations.

7. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction, in line with the UK GDPR. These include encryption, access controls, and staff training. No method of transmission over the internet or electronic storage is completely secure; we cannot guarantee absolute security but we will notify you and the ICO of a personal data breach where required by law.

8. Your rights (UK GDPR)

Under UK data protection law you have the right to:

  • Access: request a copy of your personal data.
  • Rectification: have inaccurate data corrected.
  • Erasure: request deletion of your data in certain circumstances.
  • Restriction: request that we limit processing in certain cases.
  • Data portability: receive your data in a structured, machine-readable format.
  • Object: object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent: where processing is based on consent.

To exercise any of these rights, please contact us using the details in Section 12. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.

9. Cookies and similar technologies

We use cookies and similar technologies to operate the Services, remember your preferences, and analyse usage. Essential cookies are necessary for the Services to function. We may also use optional analytics or marketing cookies where you have consented. You can manage your cookie preferences via your browser or our cookie banner. For more detail, see our cookie policy (if applicable) or contact us.

10. Children

Our Services are not directed at individuals under 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will delete it promptly.

11. Changes to this Policy

We may update this Policy from time to time. We will post the revised Policy on this page and update the "Last updated" date. If changes are significant, we will notify you by email or through the Services. We encourage you to review this Policy periodically.

12. Contact us

If you have questions about this Policy or wish to exercise your data protection rights, please contact us using the details provided on our website or in your Account settings. If we have a data protection officer (DPO), their contact details will also be available there.