Legal
Privacy Policy
v1 · Updated 2026-05-01
Last updated: 1 May 2026
This Privacy Policy explains how Appistry ("we", "us", "our") collects, uses, and protects information when you visit appistry.tech, request a consultation, or use any of the demo or hosted applications we operate (collectively, the "Service").
Appistry is operated as a sole trader based in Kent, United Kingdom. For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Appistry is the data controller for personal data described in this policy.
1. Who to contact
Questions, data-subject requests, or complaints can be sent to:
- Email: privacy@appistry.tech
- Post: Appistry, Kent, United Kingdom (full address available on request)
You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.
2. What we collect and why
We collect only what we need to respond to you, deliver the Service, and keep it secure.
When you submit a contact, consultation, or lead form
| Data | Why we need it |
|---|---|
| Name, email, phone (optional) | To reply to you and arrange follow-ups |
| Company, role, sector, website | To understand context for a useful response |
| Pain point, desired outcome, timeframe, budget, notes | To shape the right proposal |
| Marketing-consent flag | Only if you opt in — we record that you opted in |
| Privacy-consent flag | Required to submit the form |
Lawful bases: consent (you submit the form), legitimate interest (responding to your enquiry), and — where relevant — performance of a contract.
When you use a hosted demo or application
For demo and showcase apps that we operate on behalf of clients (for example, the Holborough Lakes Social platform), we may process additional information — such as your account profile, event sign-ups, ticket purchases, vendor profile, donations, photos you upload, and messages you send. The specific data depends on the application; that application's in-product privacy notice is the authoritative source. We act as the data processor for those operators (the operator is the controller); we act as the controller only for the underlying showcase site at appistry.tech.
When you log in to the admin workbench
Admin accounts authenticate via email + password or Google sign-in. We store the email address, display name, profile picture URL (Google only), session token, and an audit log of admin actions for security and accountability. Lawful basis: legitimate interest (security, traceability) and contract (delivering the admin service to authorised users).
Technical data
When you visit the Service, our hosting provider may log standard request metadata (IP address, user agent, referer, timestamp) for up to 30 days for security and abuse prevention. We do not use this data for profiling.
3. Cookies and similar technologies
We use essential cookies only. Specifically:
- A short-lived authentication session token (admin and signed-in app users only) so you stay logged in.
- A consent flag where required.
We do not use Google Analytics, advertising trackers, social-media pixels, or any third-party analytics on appistry.tech. Hosted demo applications may use their own essential session cookies; their in-product notice will say so.
4. Who we share data with
We only share personal data with a small number of carefully chosen processors:
- MongoDB Atlas / cloud hosting — to store form submissions and operate the database (UK / EU regions where available).
- Google LLC — only if you choose Google sign-in for the admin or app (authentication only, governed by Google's own privacy policy).
- Email delivery providers — only when we email you a receipt or reply.
- Professional advisors (accountants, legal counsel) where strictly necessary and bound by confidentiality.
We will never sell your personal data. We do not transfer data outside the UK or EEA except where the recipient is covered by an adequacy decision, the UK International Data Transfer Agreement, or an equivalent safeguard.
5. How long we keep it
| Data | Retention |
|---|---|
| Lead and consultation form submissions | Up to 24 months after last contact, then deleted or anonymised |
| Marketing-list entries (opt-in only) | Until you unsubscribe, then 30 days |
| Admin accounts and audit logs | While the account is active, plus 12 months for accountability |
| Server access logs | Up to 30 days |
| Hosted-app data | As specified in the operator's in-product privacy notice |
6. Your rights
Under UK GDPR you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectify — ask us to correct inaccurate data.
- Erase — ask us to delete your data ("right to be forgotten") in qualifying circumstances.
- Restrict — ask us to pause processing while a query is resolved.
- Object — object to processing based on legitimate interest, including direct marketing at any time.
- Portability — request a machine-readable copy of data you've provided.
- Withdraw consent — at any time where we rely on consent.
- Complain to the ICO (ico.org.uk).
To exercise any right, email privacy@appistry.tech. We will respond within one calendar month.
7. Security
We protect personal data with industry-standard measures: TLS encryption in transit, hashed passwords (bcrypt), least-privilege admin access, audit logging, and regular dependency updates. No system is perfectly secure; if you believe an incident has occurred, please email privacy@appistry.tech immediately.
8. Children
The Service is not directed at children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided us with data, please contact us and we will delete it.
9. Automated decision-making
We do not carry out automated decision-making or profiling that produces legal or similarly significant effects on you.
10. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top reflects the latest revision. Material changes will be highlighted on the homepage or by email where appropriate.
11. Questions
privacy@appistry.tech — we read every message and reply within a few working days.