Privacy Policy
This notice explains how Tidalux Ltd processes personal data under UK GDPR and the Data Protection Act 2018. We are registered with the ICO as a data controller (ZC091301).
Tidalux Ltd
Company No. 17019367 · ICO registration ZC091301Registered office: Studio 9, 50–54 St Paul's Square, Birmingham B3 1QS, United Kingdomlegal@tidalux.io · hello@tidalux.io
1. Who we are
We are Tidalux Ltd, a company registered in England and Wales (Co. No. 17019367). Our registered office is Studio 9, 50–54 St Paul's Square, Birmingham B3 1QS. We are registered with the Information Commissioner's Office (ICO Reg. ZC091301) as a data controller.
Our Data Protection contact is legal@tidalux.io. You can contact us there about any data protection matter.
2. What data we collect
We collect only the data we need. Depending on how you interact with us, this may include:
- Contact information — your name, email address and any message content when you contact us via our website forms.
- Account information — email address, hashed password and account preferences if you register for a Tidalux product or service.
- Billing information — name and address for invoicing. We do not store card details; payments are processed by Stripe (who are separately PCI-DSS compliant).
- Usage data — log data (IP address, browser type, pages visited) collected automatically via our infrastructure.
- Cookies — see our Cookie Policy for details.
- Newsletter — email address only, if you subscribe.
3. How we use your data
We use your data to:
- Provide and maintain our services to you.
- Respond to your enquiries and support requests.
- Process transactions and send related information (receipts, invoices).
- Send you service-related communications (e.g. downtime notices, policy updates).
- Send marketing communications — only with your explicit consent, and you can unsubscribe at any time.
- Comply with legal obligations.
- Improve our products and services (using anonymised analytics only).
4. Legal basis for processing (UK GDPR)
We rely on the following legal bases:
- Contract — processing necessary to fulfil a contract with you (e.g. providing services you have purchased).
- Legitimate interests — security monitoring, fraud prevention, product improvement.
- Consent — marketing emails, non-essential cookies. You can withdraw consent at any time.
- Legal obligation — where we must retain data for tax, accounting or other legal requirements.
5. Data sharing
We do not sell, rent or trade your personal data. We share it only where necessary:
- Stripe — payment processing.
- Infrastructure providers — UK-based server providers for hosting and email delivery.
- Legal/regulatory authorities — where required by law.
All third-party processors are subject to appropriate data processing agreements.
6. Data retention
We retain personal data only as long as necessary for the purpose for which it was collected, or as required by law. Account data is retained for the duration of your account plus 7 years for tax purposes. Enquiry data (contact form submissions) is retained for 2 years. You can request deletion at any time (see Your Rights below).
7. Your rights
Under UK GDPR, you have the right to:
- Access — request a copy of the data we hold about you (often called a subject access request or DSAR).
- Rectification — ask us to correct inaccurate data.
- Erasure — ask us to delete your data (subject to legal retention requirements).
- Restriction — ask us to restrict processing of your data.
- Portability — receive your data in a structured, machine-readable format.
- Object — object to processing based on legitimate interests.
- Withdraw consent — at any time, where processing is based on consent.
To exercise any of these rights, email legal@tidalux.io. We will respond within 30 days. You also have the right to lodge a complaint with the ICO at ico.org.uk.
8. Data security
We implement appropriate technical and organisational measures to protect your data, including encrypted connections (HTTPS/TLS), AES-256 encryption for sensitive stored data, regular security reviews, and access controls limiting who can access your data. Despite these measures, no internet transmission is 100% secure. If we become aware of a data breach that is likely to affect your rights, we will notify you and the ICO as required.
9. International transfers
We primarily process personal data in the United Kingdom and the European Economic Area. Where we use processors or sub-processors outside the UK/EEA, we put in place appropriate safeguards under UK GDPR (for example, the UK International Data Transfer Agreement or Addendum, or adequacy regulations), and we assess risk before any transfer proceeds.
10. Cookies
We use cookies for essential functionality, analytics and preferences. For full details, please see our Cookie Policy.
11. Changes to this policy
We may update this policy from time to time. The “last updated” date at the top of this page will always reflect the current version. We will notify registered users of material changes by email.
12. Contact us
For any questions about this policy or our data practices, please contact us at legal@tidalux.io or write to us at our registered office address above.