1. Who we are
AspireVerse Ltd
A privately held software studio registered in England & Wales (Company No. 16352560).
ICO Registration: ZB946606
Registered office: 82A James Carter Road, Mildenhall, IP28 7DE, United Kingdom.
2. The data we collect
Identity Data
Name, job title, company
Contact forms, discovery callsContact Data
Email, phone (including mobile), address
Forms, support tickets, campaign applicationsTechnical Data
IP address, browser type, cookies
Website visitsProject Data
Briefs, specifications, file uploads
During engagementsCommunication Data
Chat transcripts, emails, call notes
Interactions with our teamRailway 200 Campaign - Mobile Phone Collection
For Railway 200 campaign applications, we collect mobile phone numbers to:
- Contact you directly about your website project
- Send SMS updates about your order status
- Schedule project consultations via phone or text
- Provide quick support during development
You explicitly consent to phone and SMS communication when submitting the Railway 200 form. You can opt out of SMS at any time by replying STOP or emailing us.
Child Protection: We do not collect data from individuals under 18 years of age.
3. Why we collect it & legal basis (UK GDPR)
| Purpose | Legal basis |
|---|---|
| Provide & improve services | Contract (Art 6 1(b)) |
| Respond to enquiries | Legitimate interest (Art 6 1(f)) |
| Marketing (opt-in only) | Consent (Art 6 1(a)) |
| Security & fraud prevention | Legitimate interest |
| Legal compliance | Legal obligation (Art 6 1(c)) |
6. International data transfers
We prioritise keeping your data within the UK where possible:
- Database hosting: Neon (London, UK) - Your data remains in the UK
- Website hosting: Vercel (global CDN, may include non-UK locations)
Our Data Location Strategy
We minimize international transfers by:
- ✓UK-based database: All personal data stored in London datacenters
- ✓Data sovereignty: Your data remains under UK jurisdiction
- ✓Limited CDN transfers: Only website assets may be cached globally (no personal data)
- ✓Technical measures: Encryption, access controls, and continuous monitoring
Where any international transfer occurs (e.g., CDN caching), we ensure appropriate safeguards per UK GDPR.
You can request a copy of our transfer safeguards by emailing hello@aspireverse.co.uk
7. Data retention
- Project & billing records: 6 years (UK tax requirements)
- Marketing data: 24 months of inactivity
- Chat transcripts: 12 months
After these periods we securely delete or anonymise the data.
8. Security
Encryption in transit (TLS 1.2+), role-based access controls, multi-factor authentication for staff, and quarterly security reviews—including threat-model checks in each AEM sprint.
9. Your rights
Under UK GDPR, you have the following rights:
Access
View your personal data we hold
Rectify
Correct inaccurate information
Erase
Delete your data (right to be forgotten)
Restrict
Limit how we process your data
Portability
Receive your data in a portable format
Object
Opt out of certain processing activities
Exercise Your Rights
To exercise any of your rights, including data deletion, email us at hello@aspireverse.co.uk. We will respond within 30 days as required by UK GDPR.
Submit Data Rights RequestYou can also complain to the UK Information Commissioner's Office
10. Changes to this policy
We'll update this page when practices change and, where appropriate, notify you by email. Continued use of our services indicates acceptance of any updates.