1. Introduction
BlobBridge LTD(“we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy. This policy explains how we collect, use, share and protect information in accordance with the UK General Data Protection Regulation (UK GDPR), the Privacy and Electronic Communications Regulations (PECR) and the Data (Use and Access) Act 2025.
2. What data we collect
We collect the following categories of personal data:
- Identity data: name, company name, Microsoft 365 tenant ID.
- Contact data: e‑mail address, billing address.
- Transaction data: Stripe payment ID, amount, currency, last 4 digits of card.
- Technical data: IP address, browser type and version, operating system (captured via server logs).
3. How we use your data & legal bases
| Purpose | Data | Legal basis |
|---|---|---|
| Process your purchase and issue licence | Identity, Contact, Transaction | Contract (Article 6 (1)(b)) |
| Provide support and respond to enquiries | Identity, Contact, Tenant ID | Legitimate interest – to deliver customer service (Article 6 (1)(f)) |
| Maintain financial records for HMRC | Transaction, Identity | Legal obligation (Article 6 (1)(c)) |
| Measure site performance (Google Analytics 4) | Usage data, device info, IP (truncated) | Consent (Article 6(1)(a)) |
4. Who we share data with
We use trusted third‑party service providers (“processors”):
| Processor | Service | Data shared | Safeguards |
|---|---|---|---|
| Stripe Payments Europe Ltd | Payment processing | Identity, Contact, Transaction | UK extension to EU–US DPF |
| Cloudflare Inc. | Licence delivery, CDN & security | Identity, Contact, IP | UK extension to EU–US DPF |
| Formspree Inc. | Contact‑form relay | Identity, Contact, Message | Standard Contractual Clauses |
| MailChannels Corporation | Transactional e‑mail | Identity, Contact, Tenant ID | SCCs + data-at‑rest encryption |
We do not sell or share your data with unrelated third parties for marketing purposes.
5. International transfers
Your data may be processed outside the UK/EEA (e.g., in the United States). Where this occurs we rely on:
- UK extension to the EU–US Data Privacy Framework, or
- Standard Contractual Clauses approved by the UK ICO.
6. Data retention
We retain:
- Billing and licence data for six years to comply with tax law.
- Support e‑mails for two years after resolution.
7. Your rights
You have the right to:
- Request access to your personal data.
- Request rectification of inaccurate data.
- Request erasure (“right to be forgotten”).
- Object to processing or request restriction.
- Request data portability.
- Lodge a complaint with the ICO.
To exercise any right, e‑mail [email protected].
8. Cookies
We use Cloudflare Web Analytics in cookieless mode; no persistent identifiers or personal data are stored. We do not set any marketing or analytics cookies. Cloudflare Web Analytics collects traffic metrics without cookies or localStorage. Your browser may still receive a transient ‘__cf_bm’ security cookie, set by Cloudflare to mitigate bots; it expires within 30 minutes.
8a. Analytics cookies (GA4)
We use Google Analytics 4 (GA4) to understand how our website is used and to improve it. Analytics cookies are set only if you give consent via our cookie banner. You can change your choice any time using the “Cookie settings” link in the footer.
When enabled, GA4 may set the following cookies:
_ga(2 years): Distinguishes users (random identifier)._ga_<container-id>(2 years): Persists session state.- Additional short-lived cookies may be set for session attribution.
We do not use Google Ads or remarketing on this site. IP addresses may be truncated and aggregated by Google. See Google’s Privacy Policy.
If you decline analytics, GA4 will not load and no analytics cookies will be set.
9. Security
We employ TLS 1.3 encryption, strict CSP headers, vulnerability scans and role‑based access controls. Our Stripe integration is PCI DSS Level 1 compliant.
10. Children
Our site is not intended for children under 13. We do not knowingly collect their data.
11. Changes to this policy
We may update this notice periodically. Significant changes will be announced on the website or by e‑mail.
12. Contact
E‑mail: [email protected]