1. Who we are

AspireVerse Ltd

A privately held software studio registered in England & Wales (Company No. 16352560).

ICO Registration: ZB946606

Registered office: 82A James Carter Road, Mildenhall, IP28 7DE, United Kingdom.

+44 020 8242 4404 hello@aspireverse.co.uk

2. The data we collect

Identity Data

Name, job title, company

Contact forms, discovery calls

Contact Data

Email, phone, address

Forms, support tickets

Technical Data

IP address, browser type, cookies

Website visits

Project Data

Briefs, specifications, file uploads

During engagements

Communication Data

Chat transcripts, emails, call notes

Interactions with our team

Child Protection: We do not collect data from individuals under 18 years of age.

3. Why we collect it & legal basis (UK GDPR)

Purpose	Legal basis
Provide & improve services	Contract (Art 6 1(b))
Respond to enquiries	Legitimate interest (Art 6 1(f))
Marketing (opt-in only)	Consent (Art 6 1(a))
Security & fraud prevention	Legitimate interest
Legal compliance	Legal obligation (Art 6 1(c))

4. Cookies & analytics

Website Analytics

We use Vercel Web Analytics to understand how visitors use our website. This privacy-preserving tool:

✓Does not collect any personal identifiers
✓Does not use cookies to track visitors
✓Automatically discards sessions after 24 hours
✓Provides only anonymous, aggregated insights

Essential Cookies

We use minimal first-party cookies strictly necessary for:

•Session management and security
•Remembering your cookie consent preferences

Blocking these cookies will not break core site functions.

Cookie Preferences

Current setting: Analytics disabled

6. International data transfers

We prioritize keeping your data within the UK where possible:

Database hosting: Neon (London, UK) - Your data remains in the UK
Website hosting: Vercel (global CDN, may include non-UK locations)

Our Data Location Strategy

We minimize international transfers by:

✓UK-based database: All personal data stored in London datacenters
✓Data sovereignty: Your data remains under UK jurisdiction
✓Limited CDN transfers: Only website assets may be cached globally (no personal data)
✓Technical measures: Encryption, access controls, and continuous monitoring

Where any international transfer occurs (e.g., CDN caching), we ensure appropriate safeguards per UK GDPR.

You can request a copy of our transfer safeguards by emailing hello@aspireverse.co.uk

7. Data retention

Project & billing records: 6 years (UK tax requirements)
Marketing data: 24 months of inactivity
Chat transcripts: 12 months

After these periods we securely delete or anonymise the data.

8. Security

Encryption in transit (TLS 1.2+), role-based access controls, multi-factor authentication for staff, and quarterly security reviews—including threat-model checks in each AEM sprint.

9. Your rights

Under UK GDPR, you have the following rights:

VIEW

Access

View your personal data we hold

EDIT

Rectify

Correct inaccurate information

DEL

Erase

Delete your data (right to be forgotten)

STOP

Restrict

Limit how we process your data

MOVE

Portability

Receive your data in a portable format

Object

Opt out of certain processing activities

Exercise Your Rights

To exercise any of your rights, including data deletion, email us at hello@aspireverse.co.uk. We will respond within 30 days as required by UK GDPR.

Submit Data Rights Request

You can also complain to the UK Information Commissioner's Office

10. Changes to this policy

We'll update this page when practices change and, where appropriate, notify you by email. Continued use of our services indicates acceptance of any updates.