Our Privacy Policy

We protect and carefully manage our customers' data; find out how.

Introduction

This Privacy Policy (Privacy Policy) describes how Ab11y Software Ltd, registered UK #12452718, (Ab11y, We, Us, or Our) may collect, use, store, disclose, process, and transfer your personal information (Personal Data) through your access to or use of Our products and services, including those at https://www.ab11y.com as well as any subdomains, and related websites offering Our products and services that link to this Privacy Policy, including mobile applications, and other related offerings (collectively, the Service).

This Privacy Policy applies when you use or access the Service or otherwise share any information with Us.

By using the Service or, if required by laws applicable to you, opting into this Privacy Policy, you signify your acceptance of this Privacy Policy. If you do not agree to this Privacy Policy, you must not use the Service.

We reserve the right to modify this Privacy Policy from time to time by posting the changes at https://www.ab11y.com/privacy and may send notification emails regarding such changes. Your continued use of the Service following the posting of such changes will be deemed your acceptance of those changes, unless additional consent is required.

Our appointed Data Protection Officer (DPO) is Mike Southgate. If you have read the following and have any questions, you can contact us via email at support@ab11y.com to request support.

Information we collect from users

In general, we have access to and may collect any information you provide via the Service, including through web form input fields, advertisements, phone calls, email, forums, or other similar means. This could include personal information that can identify or relate to you, including, but not limited to:

Profile or Contact Data: We may ask and retain your first and last name, email address, and organisation name. You may provide it directly via web form, email, or other electronic messaging. This information may also be shared with us through third-party services we use, such as user management service providers or user analytics services.
Commercial Data: We may collect and retain records of our products or services that have been sold to, used by, or purchased by you.
Web Analytics: We may collect and retain information about your web page interactions, referring webpage/source through which you accessed the Service, and any links you click or web page components you interact with.
Device/IP Data: Your IP address, access date and time, type of device, and similar information may be collected automatically by services we use to provide the Service.
Geolocation Data: We may collect and retain IP-address-based geo-location information that could identify your general location, such as the country from which you connect to the Service.
Other Identifying Information that You Voluntarily Decide to Provide: We collect and retain some identifying information that may be related to emails, phone calls, texts, letters, or other communications you send us, including any identifying information you post to blogs, competitions, live chats, forums, or message boards whilst using the Service.

You have the choice regarding what information you share and the Service you engage with. You can choose not to provide any information to us; however, some information about you may be required to access the basic functionalities of the Service, for example log in details.

By choosing to contact or correspond with us in ways that include your personal or private data, you agree to our access to your data, storing it as necessary for its intended purpose, and for a reasonable period of time, following applicable laws and in accordance with standard business practices. If you do not agree to our handling of your data as described in this document, do not use the Services and do not submit or send any data to us.

In addition, we may obtain information about you from our partners and other independent third-party sources and add it to our database of information, including any information that you provide to third parties associated with or whose products or services are integrated with the Service.

Sensitive personal information and special category personal data

Under the EU/UK GDPR, “special categories of personal data” include information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data used for identification, health information, and data concerning a person’s sex life or sexual orientation.

Under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), “sensitive personal information” includes many of the same items as above, and also includes government-issued identifiers (such as Social Security or passport numbers), account login credentials, precise geolocation, and the contents of private communications (mail, email, or text messages).

We do not intentionally collect any special category or sensitive personal information and will never ask you to provide it. If you believe that any information you possess falls within these categories, do not submit, send, share or otherwise communicate it with us.

Purposes for using your data

We may use data we hold about you as required to comply with legal obligations, operate our business, protect the vital interests of you, our customers, or the public, or for other legitimate interests described in this Privacy Policy.

More specifically, we may use your personal information to:

Optimise and Improve the Service: We continually try to improve the Service based on the information and feedback we receive from you and our other users, including by optimising the content on or functionalities of the Service.
Personalise the User Experience: We may use your information to measure and optimise engagement with the Service and to understand how you and our other users interact with and use the Service and other resources we provide.
Improve Customer Service: Your information helps us to develop the Service and respond to your support needs more effectively.
Process Transactions: We may use the information you provide to fulfil your requests. We do not share this information with outside parties except to the extent necessary to provide the Service and related activities.
Send Periodic Communications: Information about your communication methods may be used to send information and updates about the Service and be used to respond to your inquiries or other requests. If you opt into our mailing list, you may receive emails that include news, updates, product offerings, service information, and marketing material.
Perform Other Legitimate Business Operations: We may use the information you provide to carry out any legitimate, lawful business functions.

We share your information with our partners, service providers, contractors, agents, and third-party vendors as needed to fulfil the Service you request or to maintain the operation of our business.

In addition, we may share your information as required by subpoenas, court orders, or other legal process; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases, we reserve the right to raise or waive any legal objection or right that may be available to us.

When we believe it is appropriate to investigate, prevent, or take action regarding illegal or suspected illegal activities; to protect and defend the rights, interests, or safety of Our company or the Service, Our customers, or others; or in connection with Our Terms of Service and other agreements with customers of which you may be affiliated.

In connection with a corporate transaction, such as a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.

Legal bases for processing your data

We will only process your Data as explained in this Privacy Policy and if we have a lawful basis for doing so. The lawful bases include obtaining your consent, fulfilling contractual obligations, and furthering our legitimate interests or the legitimate interests of others. The following sections provide a more detailed description of these.

Consent: We process Personal Data based on the consent you expressly grant to us at the time we collect the data. When we process Personal Data based on your consent, it will be explicitly indicated to you at the point and time of collection.
Contractual Necessity: We may process the Personal Data as a matter of ‘contractual necessity’. This means that we need to process the data to fulfil our obligations under our agreement with you and enable us to provide the Service to you. When we process data due to contractual necessity, failure to provide such Personal Data will result in your inability to use some or all portions of the Service.
Legitimate Interest: We process the following categories of Personal Data when we believe it furthers the legitimate interest of us or third parties providing products or services in connection with the Service

Security measures for protecting your data

Personal information collected by us may be stored and processed in your region and in any other region where we or our affiliates, subsidiaries, or service providers operate facilities. These countries may have data protection laws that differ from the laws of your country (and, in some cases, may not be as protective). However, we have taken appropriate safeguards to ensure that your personal information remains protected following this Privacy Policy.

We take technological and organisational measures designed to protect your personal information against loss, theft, and unauthorised access, use, disclosure, or modification. For example:

We transmit data over secure communication channels using SSL encryption.
All personal information is stored by trusted third-party providers (e.g., Netlify, Clerk, or Neon)
All systems used to provide the Service are protected with standard best-practice protections
All data is encrypted during transfer and while at rest

We rely on third-party services that may, as part of their service to us, hold data we collect about you. Each service provider is reviewed to ensure they meet our high security standards, protecting any information about you while it is stored in their respective controlled facilities. For more information on our third-party service security policies, practices, and processes, please visit Netlify’s Trust Center, Clerk’s Security Overview, and Neon’s Trust Center.

We comply with all applicable data protection laws, including those related to security breach notification requirements.

Retention policy for your personal information

We may retain your information as long as necessary for the purposes outlined in this Privacy Policy, in a manner consistent with our data retention policy, which is discussed in this section, and for a commercially reasonable time thereafter for backup, archival, fraud prevention or detection, or audit purposes, or as permitted by applicable law. We may retain your personal information in accordance with the original intent of collection or as long as necessary to comply with our legal obligations, maintain accurate accounting, financial, and other operational records, resolve disputes, and enforce our agreements. We will never retain your information for a period longer than permitted by law.

We will determine the appropriate retention period for personal information based on the amount, nature, and sensitivity of the personal data being processed; the purpose for which it was collected; the potential risk of harm from unauthorised use or disclosure of the personal information; whether we can achieve the purposes of the processing through other means; and applicable legal requirements.

After expiration of the applicable retention periods, your personal information will be deleted. As discussed below, you may have the right to request that we delete this information earlier.

Your rights to access and modify personal data

To the extent provided by the law of your jurisdiction, you may:

Have the right to access certain personal information we maintain about you and request details about how we process it
Request certain information regarding our disclosure of personal information to third parties
Request that we update or correct inaccuracies regarding your personal information
Object to our use of your personal information
Ask us to block or delete your personal information from our database
Request to download the information you have shared on the Service
Request to know the regions where we store or process your data

You may make these requests and any other inquiries about this Privacy Policy by emailing our Data Protection Officer. Any such requests are subject to the protection of the rights of other individuals and applicable law. Additionally, to help protect your privacy and maintain security, we may take steps to verify your identity before granting you access to the requested information.

Location and transfer of your data

Our company is based in the United Kingdom (UK), and our databases are currently located within the European Union (EU). We do not claim that the data we store is appropriate or lawful for use or access outside the UK or EU. If you access the Service from outside the UK or the EU, you consent to the transfer of your personal information from your location to the UK and the EU. You are solely responsible for complying with all local laws, rules and regulations regarding online conduct and access to the Service. By providing us with your information, you further consent to its use and storage within the UK and the EU.

Anonymised data

For the purposes of this Privacy Policy, we rely upon the UK Information Commissioner’s Office (ICO) guidance on the definition and standard of anonymisation.

“In data protection law, anonymous information is data that does not relate to an identified or identifiable person (ie data that is not personal data). Data protection law does not apply to anonymous information.”

We may collect and store statistical data that includes data about you, aggregated at the point of collection with data from other users, and so anonymised in accordance with UK Information Commissioner’s Office (ICO) guidance. We take steps to ensure this data is fully anonymised so that it does not allow us, or any third parties, including our partners, customers, and vendors, to de-anonymise and identify any specific data as relating back to any individual.

We may use, publish, share, sell, distribute, or otherwise disclose such aggregated and anonymised data for any legitimate business-related purpose, such as analysing trends, operational reporting, marketing, commercial, advertising, or research-related reasons.

We regularly review our anonymisation techniques and risk assessments to ensure compliance with current ICO standards.

Age restrictions for data collection

The Service is not intended to be used by children, and you may not use the Service or provide any personal information to Us if you are under the age of 16 (or the lowest age permitted by applicable law) or if you are not old enough to consent to the processing of your personal information in your country. We do not collect or process personal information of individuals under the age of 16 or the lowest permitted age by applicable law, unless we receive all necessary consents from the individual’s parent or guardian.

Data subject rights in the EU, UK, and Switzerland

If you are a resident of the EU, UK, Switzerland, Liechtenstein, Norway, or Iceland, you may have additional rights under the EU or UK General Data Protection Regulation (GDPR) or the Swiss Federal Act on Data Protection (FADP), as applicable, concerning your Personal Data. The following discusses these rights.

For this section, the GDPR definition of ‘Personal Data’ and ‘processing’ is used. Generally, ‘Personal Data’ means information that can be used to identify a person individually, and ‘processing’ relates to actions that can be performed in connection with collecting, using, storing, and disclosing such data. We are the controller of your Personal Data processed in connection with the Service.

If a conflict exists between this section and any other provision of this Privacy Policy, the more protective policy or portion shall govern to resolve such dispute. If you have any questions about this section or whether any of the following applies to you, please get in touch with us.

We may also process Personal Data of our customers’ end users in connection with our provision of services to our customers. In this case, we are the processor of Personal Data. If you have any questions regarding Personal Data when we are the data processor, please contact the controller party in the first instance to address your rights concerning such data.

California resident notice at collection

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act of 2020 (CCPA), requires us to provide some additional information to you. However, please note that this information applies equally to all users of the Services, as detailed in our Privacy Policy.

The following informs you about the categories, purposes, and our use of personal information we collect:

Contact information

Category of personal information: Contact information (such as your full name or email address)
Purposes of use: Provide the Services; Communicate with you; Analyse use of and improve the services; With your consent; Comply with law or defend our legal rights; Security/fraud prevention
Categories of third parties to which we disclose this personal information: Affiliated entities; Service providers; Entities for legal purposes
Categories of third parties to which we “share” and “sell” this personal information for advertising/analytics purposes: We do not share or sell your personal information for advertising/analytics purposes

Customer service interaction information

Category of personal information: Customer service interaction information (including optional surveys and when you ask for help)
Purposes of use: Provide the Services; Communicate with you; Analyse use of and improve the services; With your consent; Comply with law or defend our legal rights; Security/fraud prevention
Categories of third parties to which we disclose this personal information: Affiliated entities; Service providers; Entities for legal purposes
Categories of third parties to which we “share” and “sell” this personal information for advertising/analytics purposes: We do not share or sell your personal information for advertising/analytics purposes

Product interaction information

Category of personal information: Product interaction information
Purposes of use: Provide the Services; Communicate with you; Analyse use of and improve the services; With your consent; Comply with law or defend our legal rights; Security/fraud prevention
Categories of third parties to which we disclose this personal information: Affiliated entities; Service providers; Entities for legal purposes
Categories of third parties to which we “share” and “sell” this personal information for advertising/analytics purposes: We do not share or sell your personal information for advertising/analytics purposes

Internet network and device information

Category of personal information: Internet network and device information (such as mobile device information, IP address, and information about your interaction with the services)
Purposes of use: Provide the Services; Analyse use of and improve the services; With your consent; Comply with law or defend our legal rights; Security/fraud prevention
Categories of third parties to which we disclose this personal information: Affiliated entities; Service providers; Entities for legal purposes
Categories of third parties to which we “share” and “sell” this personal information for advertising/analytics purposes: We do not share or sell your personal information for advertising/analytics purposes

Category of personal information: Login information (such as your username and password)
Purposes of use: Provide the Services; Comply with law or defend our legal rights; Security/fraud prevention; Comply with law or defend our legal rights
Categories of third parties to which we disclose this personal information: Affiliated entities; Service providers; Entities for legal purposes
Categories of third parties to which we “share” and “sell” this personal information for advertising/analytics purposes: We do not share or sell your personal information for advertising/analytics purposes

Professional or employment information

Category of personal information: Professional or employment information (such as the name and address of the company you work for and your title)
Purposes of use: Provide the Services; Communicate with you; Analyse use of and improve the services; With your consent; Comply with law or defend our legal rights; Security/fraud prevention
Categories of third parties to which we disclose this personal information: Affiliated entities; Service providers; Entities for legal purposes
Categories of third parties to which we “share” and “sell” this personal information for advertising/analytics purposes: We do not share or sell your personal information for advertising/analytics purposes

Other information

Category of personal information: Other information (any other information you choose to provide directly to us, including any electronic communication, and profile information such as your username or profile photos)
Purposes of use: Provide the Services; Communicate with you; Analyse use of and improve the services; With your consent; Comply with law or defend our legal rights; Security/fraud prevention
Categories of third parties to which we disclose this personal information: Affiliated entities; Service providers; Entities for legal purposes
Categories of third parties to which we “share” and “sell” this personal information for advertising/analytics purposes: We do not share or sell your personal information for advertising/analytics purposes

Your choices regarding “sharing” and “selling”: You have the right to opt out of our sale/sharing of your personal information for purposes of online analytics and advertising. Currently, we do not sell or share your data as defined by the CCPA for advertising/analytics purposes, and we have not done so over the past 12 months from the effective date of this Privacy Policy.

Other CCPA rights

Refer to the published California Consumer Privacy Act (CCPA) guidance for more information about your online privacy rights as a California resident.

Right to erasure

We support and comply with Article 17 of the UK GDPR’s ‘right to erasure’ (also called the ‘right to be forgotten’). This allows individuals to request the deletion of their personal data under specific circumstances.

If you would like us to delete any identifiable personal data we hold about you, please contact us using the details in this Privacy Policy. To help protect your privacy and maintain our data security, we will need to verify your identity before granting your request to delete your data. We are committed to provide a response to all such requests within one month.

Please note that we may be required to retain some data, for example to comply with legal obligations. In addition we are unable to delete anonymised data, such as aggregated statistical information that cannot be related to you, and so is not considered ‘personal data’ under GDPR.

This document was last updated and published on 9^th of August 2025. Previous versions of this document can be made available upon request.