Skip to content
CTRLED

Privacy Policy

This policy explains how CTRLED collects, uses, stores, and shares personal data when you use this website or contact us.

Last updated: 11 March 2026

This privacy policy is intended for visitors to https://ctrled.com, people who contact us, and prospective customers, partners, and suppliers.

The data controller for this website is CTRLED LABS LTD, trading as CTRLED. Registered office: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ. Company number: 15845641. Contact email: support@ctrled.com.

This policy is designed to reflect the UK General Data Protection Regulation and the Data Protection Act 2018. If we use cookies or similar technologies for analytics, we also apply the Privacy and Electronic Communications Regulations.

1. Personal data we collect

Depending on how you interact with the site, we may collect:

  • Contact information, such as your name, email address, and the contents of your message when you contact us.
  • Correspondence records, including follow-up emails and notes about your enquiry.
  • Technical and usage data, such as IP address, browser type, device information, pages viewed, referral source, timestamps, and similar diagnostic or event data.
  • Cookie and identifier data where cookies or similar technologies are used, including analytics identifiers and consent preferences.

We do not intentionally collect special category personal data through this website and ask that you do not send sensitive personal information through the contact form unless it is strictly necessary.

2. How we use personal data

We may use personal data to:

  • respond to enquiries and communicate with you;
  • assess potential business relationships, collaborations, or customer requests;
  • operate, maintain, secure, and improve the website;
  • understand how the site is used, including through analytics, if enabled;
  • prevent misuse, fraud, or security incidents; and
  • comply with legal and regulatory obligations.

3. Lawful bases

We rely on one or more of the following lawful bases under UK data protection law:

  • Legitimate interests to run and improve our business, manage enquiries, secure the website, and understand how visitors use the site, provided our interests are not overridden by your rights and freedoms.
  • Steps at your request before entering into a contract where you contact us about products, services, partnerships, or other commercial matters.
  • Legal obligation where processing is necessary to comply with applicable laws or regulatory requirements.
  • Consent where required, in particular for non-essential cookies or similar analytics technologies.

4. Analytics and cookies

We may use PostHog to understand how visitors use the website, such as which pages are visited, how users navigate the site, and which content performs well. PostHog may process technical and usage data and may set cookies or similar identifiers.

Where PostHog or any other analytics tool uses non-essential cookies or similar technologies, we will request consent before those technologies are placed on your device. You can withdraw or change your preferences at any time using the site's cookie controls once implemented.

We may also collect limited server-side logs and diagnostic data that are necessary for security, reliability, and performance.

5. Contact forms and email delivery

If you submit an enquiry through our contact form, the information you provide will be processed to review and respond to your message. We expect to use Resend to transmit contact form submissions to our email systems. Resend acts as a processor or service provider on our behalf.

We may also use form handling tools within the site to validate your submission and reduce errors before the message is sent. Those tools support the form experience but do not change the purposes for which we use your data.

6. Sharing personal data

We do not sell personal data. We may share it with:

  • hosting, infrastructure, and security providers;
  • analytics providers, including PostHog if enabled;
  • email and communications providers, including Resend;
  • professional advisers, insurers, or auditors where reasonably necessary; and
  • regulators, courts, law enforcement, or other authorities where required by law or to protect our legal rights.

We require service providers to process personal data only on documented instructions and with appropriate security measures.

7. International transfers

Some of our service providers may process personal data outside the UK. Where that happens, we take steps to ensure the data is protected by using lawful transfer mechanisms, such as adequacy regulations or appropriate contractual safeguards.

Depending on the service configuration, analytics or email delivery data may be processed in the UK, the EEA, or other countries including the United States.

8. Data retention

We keep personal data only for as long as necessary for the purposes described in this policy, including to meet legal, accounting, or reporting requirements. In general:

  • contact enquiries are usually kept for up to 12 months after the last substantive communication;
  • business correspondence connected to contracts, disputes, or compliance matters may be kept for up to 6 years;
  • security logs and technical diagnostics are typically retained for up to 12 months; and
  • analytics data is retained according to the settings we apply in our analytics tools and deleted, anonymised, or aggregated when no longer needed.

9. Your rights

Subject to applicable law, you may have the right to request access to your personal data, correction of inaccurate data, erasure, restriction of processing, objection to processing, and data portability. Where we rely on consent, you can withdraw it at any time without affecting earlier processing.

To exercise your rights, contact support@ctrled.com. We may need to verify your identity before responding.

You also have the right to complain to the Information Commissioner's Office. Details are available at ico.org.uk/make-a-complaint.

10. Security

We use reasonable technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. No internet transmission or storage system is completely secure, so we cannot guarantee absolute security.

11. Third-party links

This website may include links to third-party sites or services. We are not responsible for their privacy practices, and you should review their own privacy notices before providing personal data.

12. Changes to this policy

We may update this privacy policy from time to time. Any material changes will be posted on this page together with a revised "Last updated" date.

13. Contact us

If you have questions about this policy or how we handle personal data, contact:

CTRLED LABS LTD
71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
support@ctrled.com