SoftTrain Cloud Ltd respects your privacy and is committed to protecting your personal data. This policy explains how we collect, use, store, and protect personal information when providing our bespoke software-as-a-service (SaaS) solutions and when you interact with our website or services.

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

SoftTrain Cloud Ltd is a UK-based limited company providing bespoke cloud software solutions to clients in the UK, EEA, USA, and Canada.
Registered office: 2 Cotton End Road, Exning, Newmarket, England, CB8 7NN
Email: support@softtrain.co.uk

We act as a Data Controller when determining how and why personal data is processed, and as a Data Processor when processing data on behalf of our clients.

We may collect and process the following types of personal data:

• Client contact details: name, business email, telephone number, company name, job title.
• Account and authentication data: login credentials, access permissions, or user profiles.
• Technical data: IP address, browser type, operating system, and usage statistics.
• Communications data: correspondence via email, contact forms, or support requests.
• Billing data: payment details, VAT or tax information.

We do not collect special category (sensitive) data unless explicitly required and agreed with the client.

We use personal data only for legitimate business purposes, including:

• Delivering and maintaining our SaaS services;
• Managing client accounts and billing;
• Providing customer support and responding to enquiries;
• Improving and securing our software and infrastructure;
• Meeting legal, tax, and contractual obligations;
• Sending service-related updates or notifications (never unsolicited marketing without consent).

We rely on the following lawful bases for processing personal data:

• Contractual necessity – to deliver our services to clients;
• Legal obligation – to comply with tax, accounting, or regulatory requirements;
• Legitimate interests – for security, quality assurance, and service improvement;
• Consent – for optional communications or marketing.

We retain personal data only as long as necessary to fulfil the purposes outlined above, including legal, accounting, or reporting requirements. When data is no longer needed, it is securely deleted or anonymised.

We implement appropriate technical and organisational measures to protect data, including:

• Encryption and secure transmission of data;
• Restricted access controls and multi-factor authentication;
• Regular backups and data integrity checks;
• Hosting data with Microsoft Azure, which uses 100% renewable energy and strong data protection standards.

Where data is transferred outside the UK or EEA (e.g., to clients in the USA or Canada), we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or equivalent protections.

We do not sell or rent personal data.

We may share limited data with trusted third parties who assist in delivering our services (e.g., hosting, email, or accounting providers), under strict confidentiality and data protection agreements.

Under UK GDPR, individuals have rights to:

• Access their data;
• Request correction or deletion;
• Restrict or object to processing;
• Request data portability;
• Withdraw consent (where applicable).

Requests should be sent to: support@softtrain.co.uk

We aim to respond within one calendar month.

Our website may use cookies for functionality and analytics. Users can control cookie preferences via browser settings. We do not use cookies for advertising or profiling.

This policy will be reviewed annually or sooner if required by law, technology, or business changes.

This Privacy Policy has been approved and adopted by the Directors of SoftTrain Cloud Ltd on 1st April 2025.