Privacy Policy

Last updated: 4 February 2026

Introduction

Panamorphix Ltd ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website or use our services.

We are committed to complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws.

Data Controller

Panamorphix Ltd is the data controller responsible for your personal data.

If you have any questions about this Privacy Policy or how we handle your data, please contact us using the details provided at the end of this policy.

Information We Collect

Information You Provide Directly

We collect information that you voluntarily provide to us, including:

  • Contact Forms: Name, email address, company name, service interest, and messages
  • Newsletter Subscriptions: Email address for our mailing list
  • Admin Accounts: Email address, name, and role for authorized admin users
  • Communications: Any information you provide when you contact us directly

Information Collected Automatically

When you visit our website, we automatically collect certain technical information:

  • Usage Data: Pages visited, time spent, navigation patterns, scroll depth
  • Technical Data: IP address, browser type, device information, operating system
  • Analytics Data: Through Google Analytics and Mixpanel for understanding website performance
  • Cookies: Small files stored on your device (see our Cookies Policy for details)

How We Use Your Information

We use your personal information for the following purposes:

  • Service Delivery: Responding to inquiries, providing consulting services, project management
  • Communication: Sending newsletters, updates, and relevant business communications
  • Website Improvement: Analyzing usage patterns to enhance user experience
  • Legal Compliance: Meeting regulatory requirements and protecting our legal interests
  • Security: Detecting fraud, protecting against security threats, and maintaining system integrity

Legal Basis for Processing

Under UK GDPR, we process your personal data based on the following legal grounds:

  • Legitimate Interest: For website analytics, security, and business communications
  • Contract: When necessary to fulfill our services or respond to your requests
  • Consent: For marketing communications and non-essential cookies
  • Legal Obligation: When required by law to retain or process certain information

Data Sharing and Third Parties

We may share your information with trusted third-party service providers:

  • Analytics Services: Google Analytics and Mixpanel for website performance analysis
  • Email Services: Resend for transactional emails and communications
  • Hosting Services: Replit and related infrastructure providers for website hosting
  • Security Services: Cloudflare Turnstile for spam and bot protection
  • Professional Services: Legal, accounting, and consulting firms as necessary

All third parties are contractually required to keep your information secure and confidential.

Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

  • Contact Form Data: Up to 3 years for business follow-up and service delivery
  • Analytics Data: Up to 2 years for website optimization and business insights
  • Newsletter Subscriptions: Until you unsubscribe or request deletion
  • Legal Requirements: As long as required by applicable laws and regulations

Your Rights

Under UK GDPR and data protection laws, you have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Ask us to correct any inaccurate or incomplete information
  • Erasure: Request deletion of your personal data (right to be forgotten)
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Request that we limit how we process your information
  • Objection: Object to processing based on legitimate interests or for direct marketing
  • Withdraw Consent: Revoke consent where processing is based on your consent

To exercise any of these rights, please contact us using the details at the end of this policy.

Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption of data in transit and at rest
  • Regular security assessments and monitoring
  • Access controls and authentication measures
  • Employee training on data protection and privacy
  • Incident response procedures for data breaches

International Data Transfers

Some of our service providers may process your data outside the UK. Where this occurs, we ensure appropriate safeguards are in place:

  • Adequacy decisions by the UK authorities
  • Standard contractual clauses approved by the UK authorities
  • Other appropriate and suitable safeguards

Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website with a revised "last updated" date.

Complaints

If you have concerns about how we handle your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Information Commissioner's Office

Wycliffe House, Water Lane

Wilmslow, Cheshire SK9 5AF

Tel: 0303 123 1113

Website: ico.org.uk

Contact Us

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your rights, please contact us:

All enquiries: hello@panamorphix.com