We are committed to protecting the privacy and personal data of our customers and their end users. Data protection, security, and compliance are built into how our platform operates and how services are delivered.

This page explains how personal data is processed, where it may be stored, and the safeguards in place to ensure compliance with the UK GDPR and EU General Data Protection Regulation (GDPR).

Roles and responsibilities under GDPR

Under GDPR, organisations have different responsibilities depending on whether they act as a data controller or a data processor.

You are the Data Controller

When you use the platform, you are the data controller for the personal data you collect and upload. This means you decide:

• what personal data is collected

• why it is collected

• the legal basis for processing

• how long the data is retained

You are responsible for ensuring that personal data is collected lawfully, used appropriately, and retained only for as long as necessary.

We act as a Data Processor

We act as a data processor on your behalf. This means we process personal data only according to your instructions and solely for the purpose of providing the services you use.

We do not use personal data for our own purposes, and we do not sell or share personal data outside of the services you control.

The entity responsible for processing data on your behalf can be contacted at:

5473 Blair Rd Ste 100, PMB 383313

Dallas, Texas 75231-4227

United States

Where personal data is stored

Personal data processed through the platform is stored and managed using secure, enterprise-grade cloud infrastructure.

Appropriate technical and organisational measures are in place to protect data against unauthorised access, loss, or misuse. These include encryption, access controls, secure authentication, and regular system monitoring.

Depending on configuration and features used, data may be stored or processed outside the United Kingdom or European Economic Area.

International data transfers

Where personal data is transferred outside the UK or EEA, appropriate safeguards are applied to ensure an equivalent level of protection.

These safeguards include recognised contractual protections and international privacy frameworks designed to support lawful cross-border data transfers in line with GDPR requirements.

Legal basis for processing

GDPR requires that personal data is only processed where a valid legal basis exists, such as consent, contractual necessity, legal obligation, or legitimate interests.

As the data controller, you are responsible for identifying and documenting the correct legal basis for your processing activities and for providing appropriate notices to individuals whose data you collect.

Data subject rights

Individuals have rights under GDPR, including the right to access, correct, or request deletion of their personal data.

We provide tools and processes to support you in responding to such requests and will act on your instructions where requests relate to data we process on your behalf.

You remain responsible for handling data subject requests across all systems you use.

Data security

Strong security measures are in place to protect personal data, including:

• encryption of data in transit and at rest

• role-based access controls

• secure authentication methods

• regular security testing and monitoring

• backup and recovery procedures

These measures are designed to reduce the risk of unauthorised access, loss, or corruption of personal data.

Data breaches

Procedures are in place to detect and respond to personal data breaches.

If a breach affecting personal data processed on your behalf is identified, you will be notified without undue delay so you can meet any regulatory or notification obligations.

Data retention and deletion

You control how long personal data is retained within the platform. Data can be deleted or anonymised when it is no longer required for your processing purposes.

Requests for deletion are handled in accordance with applicable data protection requirements.

Questions and support

If you have questions about how personal data is processed, stored, or protected when using the platform, please contact us via our support channels. We are committed to helping our customers operate confidently and in compliance with data protection laws.