Privacy Policy
§ 1About this policy
This Privacy Policy explains how 83 Solutions Ltd ("we", "us", "our") collects and uses personal data, what your rights are, and how to contact us. It applies to visitors to our website, people who request access to our service, and named users of the platform during the private beta.
We act as data controller for the personal data we collect about you directly — that is, the data you give us when you sign up, log in or contact us. Where we process personal data belonging to your firm's customers on your instructions (for example, customer data inside an assurance pack), we act as data processor and the terms of any data-processing agreement we sign with you take precedence.
§ 2Who we are
83 Solutions Ltd is a company registered in England & Wales. We are the controller of the personal data described in this policy.
Our designated contact for data protection matters is the Data Protection lead: dpo@83solutions.co.uk.
General contact: hello@83solutions.co.uk.
§ 3What this policy covers
This policy covers:
- Visitors to 83solutions.co.uk and the demo at 83solutions.co.uk/demo.
- Anyone who submits the “Get the app” sign-up form.
- Named users of the 83 platform during the private beta.
- Anyone who emails or otherwise contacts us.
Customer firm data inside assurance packs is covered by the data-processing terms we agree with the relevant firm, not this policy.
§ 4Personal data we collect
Information you give us
- Sign-up form: first name, last name, work email, your role, your firm's name, firm type, regulator, and the optional free-text context you provide.
- Account & access: authentication credentials (passwords hashed), session metadata, and any preferences you set.
- Communications: the content of emails or messages you send us, and our replies.
Information we collect automatically
- Service logs: IP address, device and browser, timestamps, pages visited, and actions taken within the platform, for security, debugging and basic usage analytics.
- Cookies: a small number of essential cookies. See Cookies.
Information from third parties
We do not buy or otherwise acquire personal data about you from third parties. If you sign in via single sign-on we may receive your name and email from that provider, but only with your authorisation.
§ 5Why we use your data
We process personal data for the following purposes, on the indicated lawful basis under UK GDPR Article 6:
- To respond to your access request and grant access to the platform. Basis: pre-contract steps and performance of a contract with you or your firm (Art. 6(1)(b)).
- To communicate with you about your access, the Service, security incidents and material changes to our terms or this policy. Basis: performance of a contract (Art. 6(1)(b)) and our legitimate interest in keeping you informed (Art. 6(1)(f)).
- To operate, secure, debug and improve the platform. Basis: legitimate interest (Art. 6(1)(f)) in running a safe, working service. We balance this against your privacy and use the minimum data necessary.
- To send you optional product updates and marketing (only if you have ticked the relevant box). Basis: consent (Art. 6(1)(a)). You can withdraw consent at any time using the unsubscribe link in any marketing email, or by emailing dpo@83solutions.co.uk.
- To meet legal, regulatory, accounting or supervisory obligations and to establish, exercise or defend legal claims. Basis: legal obligation (Art. 6(1)(c)) and legitimate interest (Art. 6(1)(f)).
We do not engage in automated decision-making with legal or similarly significant effects on you under UK GDPR Article 22.
§ 6Where your data is held
Personal data we collect under this policy is hosted on UK-resident infrastructure operated by UK-based providers. We do not transfer your personal data outside the United Kingdom in the ordinary course of providing the Service.
If this changes — for example, if we adopt a new sub-processor located outside the UK — we will update this policy and give you reasonable prior notice, and we will only make such a transfer where an appropriate transfer mechanism under UK GDPR (such as the UK International Data Transfer Agreement or an adequacy regulation) is in place.
§ 7Sharing your data
We share personal data only with:
- Service providers who help us operate the platform (UK-based cloud hosting, transactional email, error monitoring, customer support tooling). They process personal data only on our written instructions and under contracts that include the protections required by UK GDPR Article 28.
- Professional advisers (lawyers, auditors, accountants) under duties of confidentiality.
- Regulators, courts and law-enforcement authorities where required to do so by law and only to the extent strictly required. Where lawful, we will notify you before disclosing.
- An acquirer in connection with a corporate restructuring or sale, subject to confidentiality and continued protection of your data.
We do not sell personal data and we do not share it with advertisers.
§ 8How long we keep it
- Sign-up details (name, email, role, firm): retained while you have active access, and for up to 24 months after your last activity. After that, deleted from active systems.
- Account and usage logs: retained for up to 12 months for security and operational purposes.
- Communications: retained for the period reasonably necessary to handle your enquiry and any follow-up, typically up to 24 months.
- Marketing preferences: retained until you withdraw consent, then kept only as a suppression record so we don't re-contact you.
- Records we are legally required to keep (for example accounting records under the Companies Act): retained for the period required by law.
§ 9Your rights
Under UK GDPR you have the following rights in respect of personal data we hold about you:
| Right | What it means |
|---|---|
| Access | Ask for a copy of the personal data we hold about you. |
| Rectification | Ask us to correct inaccurate or incomplete data. |
| Erasure | Ask us to delete your data where there is no good reason for us to keep it. |
| Restriction | Ask us to pause processing while a query is resolved. |
| Portability | Receive certain data in a structured, machine-readable format. |
| Object | Object to processing based on legitimate interests or to direct marketing. |
| Withdraw consent | Withdraw consent where we rely on it (e.g. marketing emails). |
To exercise any of these rights, email dpo@83solutions.co.uk. We will respond within one month, and may ask you to verify your identity. There is normally no charge.
§ 10Cookies and similar technologies
We use a small number of essential cookies needed for the site and platform to function (for example, to keep you signed in). These do not require consent under the Privacy and Electronic Communications Regulations.
We do not currently use third-party advertising or tracking cookies. If we introduce non-essential cookies in the future, we will ask for your consent first.
§ 11Marketing
We only send marketing where you have ticked the marketing-consent box, or where the soft-opt-in rules permit (i.e. you have requested information from us about similar services and have not opted out). Every marketing email contains an unsubscribe link. You can also email dpo@83solutions.co.uk to unsubscribe.
§ 12International transfers
We process personal data within the United Kingdom and do not, in the ordinary course of our operations, transfer it outside the UK. If this changes, the safeguards described in Section 6 apply.
§ 13Children's data
Our Service is intended for use by professionals at regulated firms and is not directed at children. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact us so we can delete it.
§ 14Security
We protect personal data with appropriate technical and organisational measures, including encryption in transit and at rest, role-based access controls, logging and monitoring, vulnerability management, and regular review of our sub-processors. No system is perfectly secure; we will notify the ICO and, where required, affected individuals of any personal-data breach within the timeframes set out in UK GDPR.
§ 15Changes to this policy
We may update this Privacy Policy from time to time. The effective date at the top of the page tells you when the current version took effect. Material changes will be notified by email to your registered address or via prominent in-app notice at least fourteen (14) days before they take effect.
§ 16Contact & complaints
Data protection enquiries: dpo@83solutions.co.uk
General enquiries: hello@83solutions.co.uk