Legal

Privacy Policy

Last updated: January 2026

ShadowTrace Ltd ("ShadowTrace", "we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website, use our platform, or engage with our services.

ShadowTrace Ltd is registered in England and Wales. We act as a data controller for the personal data we process in connection with our services.

1. Information We Collect

1.1 Information You Provide

We collect information you voluntarily provide when you:

  • Create an account or register for our services
  • Request a demonstration or contact us for information
  • Subscribe to our newsletters or marketing communications
  • Participate in surveys, webinars, or events
  • Submit support requests or communicate with us

This may include your name, email address, job title, organisation name, telephone number, and any other information you choose to provide.

1.2 Information Collected Automatically

When you visit our website or use our platform, we automatically collect certain information, including:

  • Device information (browser type, operating system, device identifiers)
  • Log data (IP address, access times, pages viewed, referring URL)
  • Usage data (features used, actions taken within our platform)
  • Location data (derived from IP address at country/region level)

1.3 Cookies and Similar Technologies

We use cookies and similar tracking technologies to collect and store information. For detailed information about the cookies we use and how to manage your preferences, please see our Cookie Policy.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Service delivery: To provide, maintain, and improve our platform and services
  • Account management: To create and manage your account, authenticate users, and provide customer support
  • Communications: To respond to your enquiries, send service-related notices, and provide information you request
  • Marketing: To send promotional communications (where you have consented or where permitted by law)
  • Analytics: To understand how our services are used and to improve user experience
  • Security: To detect, prevent, and address fraud, security issues, and technical problems
  • Legal compliance: To comply with applicable laws, regulations, and legal processes

3. Legal Basis for Processing

Under UK and EU data protection law, we must have a legal basis for processing your personal data. We rely on the following bases:

  • Contract: Processing necessary to perform a contract with you or take steps prior to entering into a contract
  • Legitimate interests: Processing necessary for our legitimate business interests, such as improving our services, marketing, and fraud prevention, where these interests are not overridden by your rights
  • Consent: Where you have given clear consent for us to process your personal data for a specific purpose
  • Legal obligation: Processing necessary to comply with a legal obligation

4. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with:

  • Service providers: Third-party vendors who provide services on our behalf (e.g., hosting, analytics, payment processing), subject to contractual obligations to protect your data
  • Professional advisers: Lawyers, auditors, and insurers where necessary for professional advice or legal proceedings
  • Law enforcement: Where required by law, legal process, or governmental request
  • Business transfers: In connection with a merger, acquisition, or sale of assets, where your data may be transferred as part of that transaction

5. International Data Transfers

Your personal data may be transferred to, and processed in, countries outside the United Kingdom and European Economic Area. When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Transfers to countries with an adequacy decision
  • Other lawful transfer mechanisms under applicable data protection laws

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Retention periods vary depending on the context and our legal obligations.

When determining retention periods, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, and applicable legal requirements.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and penetration testing
  • Employee training on data protection
  • Incident response procedures

We are currently pursuing SOC 2 Type II and ISO 27001 certification, and operate in accordance with industry-standard security practices.

8. Your Rights

Under UK and EU data protection law, you have the following rights regarding your personal data:

  • Access: The right to request a copy of the personal data we hold about you
  • Rectification: The right to request correction of inaccurate or incomplete data
  • Erasure: The right to request deletion of your data in certain circumstances
  • Restriction: The right to request restriction of processing in certain circumstances
  • Portability: The right to receive your data in a structured, machine-readable format
  • Objection: The right to object to processing based on legitimate interests or for direct marketing
  • Withdraw consent: Where processing is based on consent, the right to withdraw consent at any time

To exercise any of these rights, please contact us using the details below. We will respond to your request within one month, or inform you if an extension is required.

9. Marketing Communications

You can opt out of receiving marketing communications from us at any time by:

Please note that even if you opt out of marketing communications, we may still send you service-related messages necessary for the administration of your account.

10. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to read the privacy policies of any third-party sites you visit.

11. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website with a new "Last updated" date. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, or if you wish to exercise your rights, please contact us:

ShadowTrace Ltd
Email: privacy@shadowtrace.ai
Address: [Registered Address]

14. Complaints

If you are not satisfied with our response to any complaint or believe our processing of your data does not comply with data protection law, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk
Telephone: 0303 123 1113