ComplyTrack Logo ComplyTrack
Sign in Get Started

Privacy Policy

Last updated: 16th August 2025

Your Privacy Matters: We are committed to protecting your personal data in accordance with UK GDPR and the Data Protection Act 2018.

1. Who We Are

Xtenalyze Ltd ("we", "us", or "our") is the data controller for the personal data collected through the ComplyTrack service. We are registered in England and Wales under company number 09147474.

Data Controller: Xtenalyze Ltd
Registered Address: Goldfinger Court Flat 307, 23 Balladier Walk, London, E14 6UN
Contact: privacy@complytrack.co.uk

2. Information We Collect

Personal Information You Provide

  • Account Information: Name, email address, password
  • Contact Details: Phone number (optional), business address
  • Payment Information: Billing address, payment method details (processed by Stripe)
  • Company Information: Company numbers, names, and compliance preferences
  • Communication Data: Messages, support requests, feedback

Information We Collect Automatically

  • Usage Data: How you interact with our service, features used, time spent
  • Technical Data: IP address, browser type, device information, operating system
  • Cookies: Session data, preferences, analytics information
  • Log Data: Access times, pages viewed, actions taken

Third-Party Data

  • Companies House Data: Public company information, filing history, director details
  • Authentication Data: Information from Google OAuth (if used)

3. How We Use Your Information

We process your personal data for the following purposes under these lawful bases:

Service Delivery (Contract Performance)

  • Creating and managing your account
  • Providing compliance monitoring and alerts
  • Processing payments and billing
  • Delivering requested notifications (email, SMS, webhooks)

Legitimate Interests

  • Improving our service quality and features
  • Analyzing usage patterns and trends
  • Preventing fraud and security threats
  • Customer support and communication

Legal Compliance

  • Meeting regulatory requirements
  • Responding to legal requests
  • Maintaining records for tax and accounting

With Your Consent

  • Marketing communications (where consent given)
  • Optional features and integrations
  • Cookies for analytics (where consent required)

4. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following limited circumstances:

Service Providers

  • Payment Processing: Stripe for secure payment handling
  • Email Services: For sending alerts and notifications
  • Hosting and Infrastructure: For secure data storage and processing
  • Analytics: For service improvement (anonymized data only)

Legal Requirements

  • To comply with legal obligations
  • To respond to valid legal requests
  • To protect our rights and prevent fraud
  • In connection with business transfers

5. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption: Data encrypted in transit and at rest
  • Access Controls: Strict access limitations to authorized personnel
  • Regular Audits: Security assessments and vulnerability testing
  • Staff Training: Regular data protection training for all team members
  • Incident Response: Procedures for handling data breaches

6. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right of Access

You can request a copy of the personal data we hold about you.

Right to Rectification

You can ask us to correct inaccurate or incomplete personal data.

Right to Erasure

You can request deletion of your personal data in certain circumstances.

Right to Restrict Processing

You can ask us to limit how we process your data.

Right to Data Portability

You can request your data in a machine-readable format.

Right to Object

You can object to processing based on legitimate interests or for marketing.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

Exercising Your Rights: Contact us at privacy@complytrack.co.uk to exercise any of these rights. We will respond within one month.

7. Data Retention

We retain personal data for as long as necessary to:

  • Provide our services to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements
  • Protect against fraud and abuse

Specific Retention Periods:

  • Account Data: Retained while account is active plus 3 years
  • Transaction Records: 7 years for tax and accounting purposes
  • Support Communications: 3 years from last contact
  • Marketing Data: Until consent withdrawn or 3 years of inactivity

8. International Transfers

Your personal data may be transferred to and processed in countries outside the UK. We ensure adequate protection through:

  • Using service providers with adequate data protection standards
  • Implementing appropriate safeguards and contractual terms
  • Only transferring to countries with adequate protection levels

9. Cookies and Tracking

We use cookies and similar technologies to:

  • Essential Cookies: Required for the service to function
  • Analytics Cookies: To understand how you use our service
  • Preference Cookies: To remember your settings

You can control cookies through your browser settings. Some features may not work if you disable essential cookies.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by:

  • Posting the updated policy on this page
  • Updating the "Last updated" date
  • Sending email notifications for material changes

11. Contact Us

If you have questions about this privacy policy or our data practices, please contact:

Data Protection Officer
Xtenalyze Ltd
Goldfinger Court Flat 307
23 Balladier Walk
London, E14 6UN
Email: privacy@complytrack.co.uk
Phone: +44 20 3026 4567

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your personal data appropriately. Visit ico.org.uk for more information.