UK GDPR compliance

Last updated: 08 September 2025

We design our services to uphold privacy principles: lawfulness, fairness, transparency, purpose limitation, minimisation, accuracy, storage limitation, integrity, and confidentiality.

Data processing principles

• Only collect what we need for defined purposes
• Keep data accurate and up to date
• Store data only as long as necessary
• Protect data with appropriate technical and organisational measures

Your rights

• Access: request a copy of your personal data
• Rectification: correct inaccurate details
• Erasure: request deletion where applicable
• Restriction: limit processing in certain cases
• Portability: receive data in a usable format
• Objection: object to certain processing

To exercise rights, contact [email protected]. We’ll verify identity and respond within statutory timelines.

DPA and subprocessors

A Data Processing Addendum (DPA) is available upon request. We work with carefully assessed subprocessors for hosting, payments, and communications. We maintain safeguards and audit trails.

Security and incidents

We use encryption in transit, access control, logging, and backups. If a security incident affects your data, we will notify you without undue delay and provide next steps.

Data location and transfers

Where data leaves the UK, we implement appropriate safeguards, including standard contractual clauses and vendor due diligence.

Contact for data requests

Email: [email protected]. We provide request forms during onboarding if preferred.