Privacy Policy

1. Introduction

Safeliant (“we”, “us”, “our”) is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, share, and protect personal data when you visit our website (safeliant.com), use the Evidence Guard platform, or interact with us.

This policy applies to all users of our website and Service, including prospective customers, trial users, paying customers, and website visitors. Please read this policy carefully. By using our Service, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

Safeliant is the data controller for personal data processed through this website and the Evidence Guard service for the purposes described in this policy.

When we process personal data on behalf of our customers as part of the Evidence Guard service (e.g., consent evidence records, website scan data), we act as a data processor. Our obligations as a processor are governed by our Data Processing Agreement.

3. What We Collect

We collect the following categories of personal data:

3.1 Information You Provide

• Account information — Your name, email address, and organisation name when you create an account or sign up for a trial.
• Billing information — Payment details are processed securely by Stripe. We receive and store only a truncated card number, card type, and billing address. We never store full card numbers, CVVs, or other sensitive payment data.
• Communications — The content of messages you send us through our contact form, support requests, or email correspondence.
• Survey and feedback data — Information you provide when responding to surveys or providing product feedback.

3.2 Information We Collect Automatically

• Usage data — Pages visited, features used, actions taken within the platform, timestamps, and session duration.
• Device and browser information — IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
• Referral data — The URL that referred you to our website.
• Cookies and similar technologies — See our Cookie Policy for detailed information.

3.3 Information from Third Parties

• Authentication providers — If you sign in using a third-party provider (e.g., Google), we receive your name, email address, and profile picture as authorised by you.
• Payment processor — Stripe provides us with transaction status, payment method details (truncated), and billing events.

4. How We Use Your Data

We process your personal data for the following purposes:

• Providing the Service — To create and manage your account, process scans, generate evidence records and compliance reports, and deliver the core Evidence Guard functionality.
• Billing and payments — To process subscriptions, invoices, and payment transactions through Stripe.
• Communication — To send you transactional emails (account verification, password resets, scan notifications), respond to support requests, and provide product updates.
• Security and fraud prevention — To detect and prevent fraudulent activity, abuse, and security threats to our platform.
• Product improvement — To analyse usage patterns, diagnose technical issues, and improve the performance and usability of our Service.
• Legal compliance — To comply with applicable laws, regulations, and legal processes.
• Marketing — To send you marketing communications, but only where you have provided explicit consent. You can unsubscribe at any time.

We do not sell your personal data to third parties. We do not use your data for automated decision-making or profiling that produces legal effects.

5. Legal Basis for Processing

We process your personal data on the following legal bases under the GDPR:

• Contract performance (Article 6(1)(b)) — Processing necessary to provide the Service, manage your account, and fulfil our contractual obligations.
• Legitimate interest (Article 6(1)(f)) — Processing for product improvement, security, fraud prevention, and analytics, where our interests do not override your fundamental rights and freedoms.
• Consent (Article 6(1)(a)) — Processing for marketing communications and non-essential cookies. You can withdraw consent at any time.
• Legal obligation (Article 6(1)(c)) — Processing necessary to comply with tax, accounting, or other legal requirements.

6. Data Sharing

We share your personal data only in the following circumstances:

• Service providers (Sub-processors) — We share data with trusted third-party providers who assist in operating our Service. See our Subprocessors page for a complete list.
• Payment processing — Billing data is shared with Stripe to process payments. Stripe acts as an independent controller for fraud prevention purposes.
• Legal requirements — We may disclose data when required by law, regulation, legal process, or governmental request.
• Business transfers — In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction. We will notify you of any such transfer and any changes to applicable privacy terms.
• With your consent — We may share data for other purposes with your explicit consent.

We do not share your data with advertisers or data brokers.

7. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA) or the United Kingdom. When such transfers occur, we ensure appropriate safeguards are in place, including:

• European Commission adequacy decisions.
• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Other appropriate safeguards as required by applicable data protection law.

Details of international transfers and applicable safeguards are documented on our Subprocessors page.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Account data — Retained for the duration of your account plus 30 days after account deletion to allow for reactivation requests.
• Scan and evidence data — Retained according to your plan's retention period (as documented in your subscription terms). After plan expiry, data is available for export for 30 days before deletion.
• Billing records — Retained for the period required by applicable tax and accounting laws (typically 7 years).
• Support communications — Retained for 2 years after the last interaction, then anonymised or deleted.
• Analytics data — Aggregated and anonymised within 90 days of collection.
• Marketing consent records — Retained for 3 years after consent withdrawal for compliance documentation purposes.

9. Your Rights

Under the GDPR and applicable data protection laws, you have the following rights regarding your personal data:

• Right of access — You can request a copy of all personal data we hold about you.
• Right to rectification — You can request correction of inaccurate or incomplete personal data.
• Right to erasure — You can request deletion of your personal data, subject to legal retention requirements.
• Right to restrict processing — You can request that we limit processing of your data in certain circumstances.
• Right to data portability — You can request your data in a structured, commonly used, machine-readable format.
• Right to object — You can object to processing based on legitimate interest or for direct marketing purposes.
• Right to withdraw consent — Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
• Right to lodge a complaint — You have the right to lodge a complaint with your local data protection supervisory authority.

To exercise any of these rights, contact us at privacy@safeliant.com. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.

10. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption in transit and at rest, role-based access controls, regular security assessments, and comprehensive audit logging.

For a detailed description of our security practices, see our Security page.

11. Children's Privacy

The Evidence Guard service is designed for business use and is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Service. When we make material changes:

• We will update the “Last updated” date at the top of this page.
• We will notify registered users by email or in-app notification.
• For significant changes, we may request renewed consent where applicable.

We encourage you to review this page periodically to stay informed about how we protect your data.

13. Contact

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

• Privacy enquiries: privacy@safeliant.com
• General support: support@safeliant.com
• Postal address: Available upon request by contacting us at the email addresses above.

You also have the right to lodge a complaint with your local data protection supervisory authority if you believe your rights have not been respected.