Privacy Policy

Last updated: May 2026  ·  Effective immediately

1. Data Controller

SupraCloud Ltd (“SupraCloud”, “we”, “us”, “our”) is the data controller responsible for your personal data. We are registered in England and Wales.

Contact: rk@supracloud.co.uk
Website: https://supracloud.co.uk
ICO Registration:SupraCloud Ltd is registered with the Information Commissioner’s Office (ICO) as required under UK data protection law.

2. Data We Collect

We collect personal data in the following contexts:

  • Contact form: Name, company, email address, phone number, and message content submitted via our contact page.
  • Booking form: Name, company, email address, phone number, preferred availability, and brief description of requirements submitted when requesting a discovery call.
  • Direct communications: Name and email address when you contact us by email or via WhatsApp.
  • Analytics: We may collect anonymised usage data (pages visited, session duration, browser type) via privacy-respecting analytics tools. This data is not linked to your identity.

We do not collect payment card data directly. Any payment processing is handled by third-party providers under their own privacy policies.

3. Lawful Basis for Processing

We process your personal data on the following lawful bases under UK GDPR Article 6:

  • Legitimate interests (Article 6(1)(f)): Responding to enquiries, managing bookings, and conducting business operations where our interests are not overridden by your rights.
  • Contract performance (Article 6(1)(b)): Processing data necessary to enter into or perform a contract with you for our services.
  • Compliance with legal obligations (Article 6(1)(c)): Where we are required to process data to comply with applicable law.

4. How We Use Your Data

Your personal data is used to:

  • Respond to your enquiry or booking request
  • Schedule and conduct discovery calls or consultations
  • Provide the services you have engaged us for
  • Send relevant follow-up communications directly related to your enquiry
  • Comply with legal and regulatory obligations

We do not sell, rent, or share your personal data with third parties for marketing purposes.

5. Data Sharing

We may share your data with:

  • Email service providers (such as Resend) to send transactional emails. These providers act as data processors under our instructions.
  • Cloud service providers (such as Vercel) who host this website and may process data in the course of service delivery.
  • Professional advisers where required for legal or compliance purposes.

All third-party processors are contractually bound to handle your data in compliance with UK GDPR.

6. Retention Periods

We retain personal data for the following periods:

  • Enquiry and contact data: 2 years from the date of last contact, unless a commercial relationship is established.
  • Client data: 6 years from the end of the engagement, in line with UK statutory limitation periods.
  • Analytics data: Anonymised; no personal data is retained beyond the session.

You may request deletion of your data at any time (see Section 7 below).

7. Your Rights Under UK GDPR

Under the UK General Data Protection Regulation and the Data Protection Act 2018, you have the following rights:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your personal data where we have no legitimate reason to continue processing it.
  • Right to restrict processing: Request that we limit how we use your data in certain circumstances.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests, including direct marketing.
  • Rights related to automated decision-making: We do not make automated decisions that produce legal or significant effects about you.

To exercise any of these rights, email rk@supracloud.co.uk with “Data Rights Request” in the subject line. We will respond within 30 days as required by law.

8. Cookies and Tracking

This website uses only essential cookies required for core functionality (such as session management and security). We do not use advertising cookies, third-party tracking pixels, or cross-site tracking technologies without your explicit consent.

Our cookie banner allows you to accept or decline non-essential cookies. Essential cookies cannot be disabled as they are required for the website to function.

9. International Transfers

Where your data is processed by third-party service providers outside the UK or EEA, we ensure appropriate safeguards are in place in accordance with UK GDPR transfer requirements (such as UK adequacy decisions or Standard Contractual Clauses).

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or disclosure. These include encryption in transit (HTTPS), access controls, and secure third-party processors.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page will reflect any changes. Material changes will be communicated to active clients by email.

12. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection:

ICO website: ico.org.uk
ICO helpline: 0303 123 1113

We would appreciate the opportunity to address your concerns before you contact the ICO — please reach out to us at rk@supracloud.co.uk first.

13. Contact

For any privacy-related queries, to exercise your rights, or to raise a concern:

SupraCloud Ltd
Registered in England & Wales
rk@supracloud.co.uk

View Terms of Service →