Legal

Privacy Policy

Last updated: March 2026

1. Introduction

Effigate ("we", "us", or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use the Effigate platform and website (collectively, the "Service").

By accessing or using our Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please discontinue use of the Service. This policy complies with the General Data Protection Regulation (GDPR), the UK GDPR, and other applicable data protection laws.

2. Data We Collect

We collect the following categories of information:

  • Account information: Name, email address, company name, and password when you register for an account.
  • Usage data: Log data, IP addresses, browser type, pages visited, features used, and interactions within the platform.
  • Business data: Project information, tickets, time logs, contracts, invoices, and other content you create within the platform as part of your service delivery operations.
  • Payment information: Billing details processed securely via Stripe. We do not store raw card data on our servers.
  • Communications: Messages you send to our support team or communications facilitated through the platform.

3. How We Use Your Data

We use collected data to:

  • Provide, operate, and maintain the Effigate platform and its features.
  • Process transactions, generate invoices, and manage subscriptions.
  • Send transactional notifications, security alerts, and product updates.
  • Improve platform performance, diagnose technical issues, and conduct analytics.
  • Comply with legal obligations and enforce our Terms of Service.
  • Respond to support requests and provide customer assistance.

Our legal bases for processing under GDPR include: contract performance, legitimate interests, legal obligation, and — where required — consent.

4. Data Sharing and Disclosure

We do not sell your personal data. We may share data only in these limited circumstances:

  • Service providers: Trusted third-party vendors (cloud hosting, payment processing, email delivery) who process data on our behalf under data processing agreements.
  • Legal requirements: When required by applicable law, court order, or governmental authority.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, with appropriate confidentiality protections.
  • With your consent: In any other circumstances where you have explicitly consented.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Upon account termination, we will retain your data for up to 90 days to allow for recovery, after which it is permanently deleted from our systems.

Financial records and invoices may be retained for up to 7 years to comply with legal accounting obligations. Anonymised or aggregated usage data may be retained indefinitely for analytical purposes.

6. Security

We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, schema-level tenant data isolation, role-based access controls, and immutable audit logs.

While we take every reasonable precaution to protect your data, no method of transmission over the internet is 100% secure. We encourage you to use a strong password and enable any available two-factor authentication.

7. Your Rights (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your personal data, subject to legal retention requirements.
  • Right to restriction: Request that we limit processing of your data in certain circumstances.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests or for direct marketing purposes.

To exercise any of these rights, please contact us at the address below. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.

8. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact our Data Protection team:

privacy@effigate.com
effigate.com