Skip to main content

Privacy Policy

Effective date: 28th May 2026


1. Introduction

This Privacy Policy explains how ELLIPSE SOFTWARE GROUP LIMITED, a company incorporated in England and Wales with company number 16757915, trading as ellipse Software (“we”, “us”, “our”), collects, uses, stores, shares, and protects personal data.

This Policy applies to:

  • visitors to our websites;
  • representatives, employees, and contractors of our business customers;
  • users of our software, APIs, platforms, and services;
  • suppliers, partners, and professional contacts;
  • individuals who communicate with us.

We provide services primarily to businesses and organisations rather than consumers.


2. Data Controller

For the purposes of the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018, ELLIPSE SOFTWARE GROUP LIMITED acts as the data controller unless otherwise stated.

Contact details:

[email protected]

ELLIPSE SOFTWARE GROUP LIMITED
4th Floor Silverstream House
45 Fitzroy Street
London
W1T 6EB
United Kingdom


3. Personal Data We Collect

We may collect and process the following categories of personal data.

3.1 Identity & Contact Data

Including:

  • name;
  • employer or organisation;
  • job title;
  • business email address;
  • business telephone number;
  • billing or account contact information.

3.2 Account & Access Data

Including:

  • usernames and account identifiers;
  • authentication records;
  • IP addresses;
  • device identifiers;
  • browser and operating system information;
  • login history;
  • session metadata.

3.3 Technical & Operational Data

Including:

  • logs;
  • audit trails;
  • telemetry;
  • diagnostics;
  • monitoring data;
  • API requests and responses;
  • infrastructure and security events;
  • performance metrics;
  • crash and error reports.

3.4 Communications Data

Including:

  • emails;
  • support tickets;
  • meeting notes;
  • call recordings where applicable;
  • communications through our systems or websites.

3.5 Financial & Transaction Data

Including:

  • billing information;
  • invoice records;
  • payment status information;
  • transaction references.

We do not intentionally collect special category personal data unless explicitly agreed and appropriately documented.

We do not knowingly collect personal data from children under the age of 13.


4. How We Use Personal Data

We may process personal data for the following purposes:

  • providing, operating, maintaining, and securing the Services;
  • managing accounts, authentication, and access controls;
  • delivering customer support and responding to enquiries;
  • monitoring performance, reliability, and security;
  • preventing fraud, abuse, misuse, or unauthorised access;
  • complying with legal and regulatory obligations;
  • managing billing, payments, contracts, and commercial relationships;
  • improving, developing, testing, and analysing the Services;
  • communicating operational or service-related information;
  • enforcing agreements and protecting legal rights.

We do not sell personal data and do not intend to do so.


5. Legal Bases for Processing

Under UK GDPR, we rely on one or more of the following lawful bases:

  • performance of a contract;
  • legitimate interests;
  • legal obligation;
  • consent;
  • establishment, exercise, or defence of legal claims.

Our legitimate interests may include:

  • operating and improving our business;
  • maintaining platform reliability and security;
  • preventing misuse and fraud;
  • managing customer relationships;
  • internal administration and analytics.

Where we rely on legitimate interests, we consider and balance potential impacts on individuals’ rights and freedoms.


6. Cookies & Tracking Technologies

6.1 Use of Cookies

Our websites and services may use:

  • essential cookies;
  • authentication cookies;
  • security cookies;
  • analytics cookies;
  • performance and monitoring technologies.

6.2 Consent

Where legally required, non-essential cookies or similar technologies will only be used with consent.

You may manage cookie preferences through:

  • our website controls;
  • browser settings;
  • device settings where applicable.

6.3 Third-Party Technologies

We may use trusted third-party analytics, monitoring, hosting, security, and infrastructure providers which may set or access cookies or similar technologies.


7. Data Sharing

We may share personal data with:

  • hosting and infrastructure providers;
  • cloud service providers;
  • payment processors;
  • analytics and monitoring providers;
  • security and fraud prevention vendors;
  • professional advisers including legal, accounting, insurance, and compliance advisers;
  • regulators, law enforcement agencies, courts, or authorities where legally required;
  • prospective purchasers, investors, or advisers in connection with a merger, acquisition, financing, or sale of assets.

We require third parties processing personal data on our behalf to implement appropriate technical and organisational safeguards.


8. International Transfers

Personal data may be processed or transferred outside the United Kingdom.

Where this occurs, we will implement appropriate safeguards, including:

  • adequacy regulations;
  • International Data Transfer Agreements (IDTAs);
  • standard contractual clauses;
  • other lawful transfer mechanisms recognised under applicable law.

9. Data Retention

We retain personal data only for as long as reasonably necessary for:

  • the purposes described in this Policy;
  • contractual obligations;
  • legitimate business operations;
  • legal, accounting, tax, or regulatory requirements;
  • dispute resolution and enforcement.

Retention periods vary depending on the type of data, legal obligations, and operational requirements.

We may retain limited information where necessary to:

  • comply with law;
  • prevent fraud or abuse;
  • maintain security records;
  • establish or defend legal claims.

10. Security Measures

We implement appropriate technical and organisational measures designed to protect personal data, including:

  • access controls;
  • authentication systems;
  • encryption where appropriate;
  • least-privilege access principles;
  • monitoring and logging;
  • infrastructure and network security controls;
  • incident response procedures;
  • vulnerability management processes.

Despite these measures, no system, transmission method, or storage platform can be guaranteed completely secure.


11. Data Subject Rights

Subject to applicable law, individuals may have rights including:

  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restrict processing;
  • the right to object;
  • the right to data portability;
  • the right to withdraw consent where processing relies on consent.

Requests may be submitted to:

[email protected]

We may require verification of identity before responding to requests.

We may refuse or limit requests where permitted by law.


12. Processor Activities

Where we process personal data on behalf of customers:

  • we act as a data processor;
  • processing is governed by a separate Data Processing Agreement (“DPA”) or contractual terms.

Customers remain responsible for:

  • determining lawful purposes for processing;
  • ensuring appropriate legal bases;
  • complying with their own legal obligations.

13. Security Monitoring & Logging

To maintain the security, integrity, and reliability of the Services, we may collect and process:

  • access logs;
  • authentication records;
  • audit trails;
  • API activity;
  • network and infrastructure telemetry;
  • security event data.

Such monitoring may be automated and may include analysis for:

  • abuse prevention;
  • fraud detection;
  • operational diagnostics;
  • cybersecurity protection;
  • service optimisation.

14. Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects unless explicitly agreed or otherwise permitted by law.


15. Marketing Communications

We may send business-related communications where permitted by law, including:

  • service announcements;
  • operational notices;
  • updates regarding products or services;
  • marketing communications relating to our business offerings.

You may opt out of non-essential marketing communications at any time.

Operational or service-critical communications may still be sent where necessary.


16. Third-Party Services & Links

Our websites or Services may contain integrations, APIs, or links to third-party services or websites.

We are not responsible for:

  • the content;
  • privacy practices;
  • security;
  • policies; of third-party services not operated by us.

You should review the applicable privacy policies of third-party providers separately.


17. Business Transfers

We may disclose or transfer personal data in connection with:

  • mergers;
  • acquisitions;
  • financing;
  • restructuring;
  • sale of assets;
  • insolvency proceedings.

Where required, such transfers will be subject to appropriate confidentiality and legal safeguards.


18. Changes to This Policy

We may update this Privacy Policy from time to time.

Updated versions will be published through our website or systems.

Material changes may be notified through reasonable means where appropriate.


19. Complaints

If you have concerns regarding our handling of personal data, please contact us first.

You also have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”):

https://ico.org.uk


20. Contact

For privacy-related enquiries:

[email protected]

ELLIPSE SOFTWARE GROUP LIMITED
4th Floor Silverstream House
45 Fitzroy Street
London
W1T 6EB
United Kingdom