Privacy Policy - Terms & Conditions

Tracelight Ltd — Privacy Policy & Terms & Conditions

We are Tracelight Ltd (referred to as we, us and our in this Privacy Policy), a company incorporated in England and Wales with company registration number 15938877 and whose registered office address is Senna Building, Gorsuch Place, London, England, E2 8JF.

The information set out in this Privacy Policy is provided to individuals whose personal data we process (you or your) as data controller, in compliance with our obligations under the Data Protection Act 2018 and the UK GDPR.

This Privacy Policy includes:

1. Data controller details

2. How we collect your information

3. Information we collect and purpose for processing

4. Sharing your information

5. International transfers

6. Retention of personal data

7. Your rights in respect of your personal data

8. Automatic decision making

9. Security

10. Changes to this Privacy Policy

1. Data controller details

We are the data controller in relation to the processing of the personal information that you provide to us. Our contact details are as follows:

Address: Senna Building, Gorsuch Place, London, England, E2 8JF

Email: founders@tracelight.ai (please include "Personal Data Request" in your subject heading)

2. How we collect your information

Generally, the information we hold about you comes from the way that you engage with us, for example by:

• Engaging with us via our website or applications

• Providing information when subscribing to our services or newsletters

• Contacting us offline, for example by telephone, SMS, email or post

• Interacting with us using social media

We may also obtain information from publicly available sources, including public databases, registers and records.

3. Information we collect and purpose for processing

The types of personal data we collect will depend on the relationship we have with you.

Contact information (name and email address) Used for clients, potential clients, and subscribers. Processed to perform our contract with you, manage your account, communicate about services and fees, handle complaints, conduct market analysis, send relevant marketing communications, and comply with legal obligations including fraud prevention.

Payment information Used for clients only. Processed to issue and receive payments, maintain internal records, and comply with legal obligations including fraud prevention and anti-money laundering requirements.

Technical and device information / social networks Collected from all website visitors. Used for research and statistical purposes, analysing user traffic, ensuring proper administration of our site, improving user experience, and presenting content effectively across devices.

Cookies and web-tracking technology Collected from all website visitors. For US-based visitors (with consent via cookie banner): we use third-party services to associate your IP address and browsing behaviour with professional identity data to personalise our outreach. For EU/UK visitors: we use these technologies only to identify the organisation visiting our site and do not resolve individual-level data unless explicit consent is provided via a lead form.

We do not collect any Special Categories of Personal Data (including race, ethnicity, religious beliefs, health information, or genetic and biometric data), nor any information about criminal convictions and offences.

4. Sharing your information

Personal information we hold may be shared with:

• Members of our group (subsidiaries and holding companies)

• Regulators and fraud prevention agencies

• Third parties in the context of legal proceedings

• Professional advisers and auditors

• Service providers and agents who process information on our behalf

• A successor organisation in the event of a business sale or transfer

We may include links to third-party social media providers such as LinkedIn, but we will not share your information with such providers without your consent.

5. International transfers

We will not transfer personal data outside the UK and EEA unless:

• The country is covered by an adequacy decision under GDPR Article 45

• Appropriate safeguards are in place under GDPR Article 46 (e.g. Standard Model Clauses)

• A derogation under GDPR Article 49 applies, including where the transfer is necessary to perform a contract with you, necessary for legal claims, you have provided explicit consent, or it is of a limited nature serving our compelling legitimate interests

6. Retention of personal data

We will only hold your personal information for a period of 12 months since your last interaction with us, unless we are required or permitted by law to hold it for longer.

Where we no longer need your personal information, we will dispose of it securely.

In some circumstances you can ask us to delete your data (see Section 7).

We may anonymise personal data for research or statistical purposes, in which case we may use it indefinitely without further notice.

7. Your rights in respect of your personal data

In accordance with the Data Protection Act 2018 and the UK GDPR, you have the following rights:

Right to access — Request copies of the personal information we hold about you. One copy is provided at no cost; further copies may incur a reasonable fee.

Right to rectification — Have inaccurate or incomplete personal information corrected.

Right to erasure ("right to be forgotten") — Withdraw consent to processing and request deletion of your personal information.

Right to restriction — Stop or limit the way we use your personal information.

Right to data portability — Request transfer of your personal data to you or a third party in a structured, machine-readable format.

Right to object — Object to our use of your personal information, including for legitimate interests or marketing purposes.

To unsubscribe from marketing communications, follow the link in any email footer or contact us directly.

If you consider our use of your personal information to be unlawful, you have the right to lodge a complaint with the Information Commissioner's Office: www.ico.org.uk

8. Automatic decision making

We do not make decisions based solely on automated data processing, including profiling.

9. Security

We protect your information through appropriate technical and organisational measures, including:

• Encryption of data in transit and at rest where appropriate

• Access controls and confidentiality safeguards

• Regular risk assessments and audits to monitor threats and vulnerabilities

While we do our best to protect your personal information, we cannot guarantee the security of data transmitted over the internet. Please keep your login credentials confidential and do not share them with anyone.

10. Changes to this Privacy Policy

We may amend this Privacy Policy from time to time to keep it up to date, implement technical adjustments, or comply with legal requirements. We will always update this Privacy Policy on our site.

Last updated: 16 February 2026