Privacy Policy for exsite.app
Last Updated: 12 July 2025
eXsite Labs Ltd ("we", "us", or "our") understands that protecting your personal data is important. This Privacy Policy sets out our commitment to protecting the privacy of personal data provided to us, or otherwise collected by us, when you use our platform exsite.app (the Platform) or otherwise interact with us.
This Privacy Policy is governed by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
- Company: eXsite Labs Ltd
- Company Number: 16578042
- Address: 76 Tiverton Road, TW3 4JD, United Kingdom
- Contact Email for Privacy Matters: privacy@exsite.app
2. The Personal Data We Collect
Personal data is any information about an individual from which that person can be identified. The types of personal data we may collect about you include:
- Identity Data: Your full name, username, age, profession, and gender.
- Contact Data: Your telephone number, address, and email address.
- Financial Data: Bank account and payment card details. Please note, this data is processed by our third-party payment processors. We do not store your full payment card details.
- Transaction Data: Details about payments to and from you and other details of products and services you have purchased from us.
- Technical and Usage Data: Your Internet Protocol (IP) address, login data, browser type and version, geo-location data, device and network information, and your journey through our Platform (including statistics on page views and sessions, and browsing behaviour).
- Profile Data: Your username and password, profile picture, purchase history, the content you post, send, receive, and share through our Platform, and any support requests you have made.
- Interaction Data: Information you provide when you participate in any interactive features, such as surveys, contests, or promotions.
- Marketing and Communications Data: Your preferences for receiving marketing from us and your communication preferences.
- Professional Data: If you apply for a role with us, your professional history, such as your previous positions and experience.
- Special Category Data: This is a specific type of sensitive personal data that is given a higher level of protection under UK law, such as information about your race, ethnic origin, political opinions, religious beliefs, or health. We do not actively request this type of data. If we ever need to collect special category data about you, we will only do so with your explicit consent or where otherwise permitted by law.
3. How We Collect Personal Data
We collect personal data in the following ways:
- Directly from you: When you create an account, contact us via email, use our support services, or otherwise provide it to us directly.
- When you use our Platform: We automatically collect Technical and Usage Data when you interact with our Platform. This is collected using cookies and similar technologies. For more information, please see our Cookie Policy.
- From third parties: We may receive personal data from third parties, such as analytics providers (like Google), payment providers, and single sign-on services if you choose to use them to log in.
- From publicly available sources.
4. Our Purposes and Lawful Bases for Processing
Under the UK GDPR, we must have a valid lawful basis for using your personal data. We have set out in the table below the purposes for which we use your data and the lawful bases we rely on.
| Purpose of Use / Disclosure | Type of Personal Data | Lawful Basis for Processing (under UK GDPR) |
|---|---|---|
| To enable you to access and use our Platform, including creating and managing your account. | Identity Data, Contact Data | Performance of a contract with you. |
| To contact and communicate with you, including responding to support requests and other enquiries. | Identity Data, Contact Data, Profile Data | Performance of a contract with you. |
| For internal record keeping, administration, invoicing, and billing. | Identity Data, Contact Data, Financial Data, Transaction Data | Performance of a contract with you; and to comply with a Legal Obligation (e.g., for tax purposes). |
| For analytics, market research, and business development, including to operate and improve our Platform and services. | Profile Data, Technical and Usage Data | Our Legitimate Interests to keep our Platform updated and relevant, to develop our business, and to inform our marketing strategy. |
| For advertising and marketing, including sending you promotional information about our services and events. | Identity Data, Contact Data, Technical and Usage Data, Profile Data, Marketing and Communications Data | Your Consent. You can withdraw your consent at any time by using the "unsubscribe" link in our emails or by contacting us. |
| To run promotions, competitions, and/or offer additional benefits to you. | Identity Data, Contact Data, Profile Data, Interaction Data | Our Legitimate Interests to promote engagement with our business. |
| To consider your employment application, if you have applied for a role with us. | Identity Data, Contact Data, Professional Data | Our Legitimate Interests to assess your suitability for the role. |
| To comply with our legal obligations or as otherwise required or authorised by law. | Any relevant Personal Data | To comply with a Legal Obligation. |
5. Disclosure of Personal Data to Third Parties
We may disclose your personal data to:
- Our employees, contractors, and/or related entities.
- IT service providers, data storage, web-hosting, and server providers.
- Marketing or advertising providers (where you have consented).
- Professional advisors, bankers, auditors, and our insurers.
- Payment systems operators or processors.
- Courts, tribunals, and regulatory authorities (including the Information Commissioner's Office) as required by law or in connection with any legal proceedings.
- Third parties to collect and process data, such as Google Analytics. You can learn more about how Google uses data here.
6. International Transfers of Personal Data
We primarily store your personal data within the United Kingdom (UK) or the European Economic Area (EEA).
Where we disclose your personal data to third parties, those third parties may store, transfer, or access personal data outside of the UK or EEA. When we do this, we will ensure that the transfer is lawful and that your data is protected by appropriate safeguards, such as an "adequacy decision" or by using Standard Contractual Clauses approved by the UK authorities.
7. Your Data Protection Rights
Under UK data protection law, you have a number of rights in relation to your personal data. These include the right to:
- Be informed: You have the right to be informed about how your data is being used. This Privacy Policy serves to provide you with this information.
- Access: You have the right to request a copy of the personal data we hold about you (this is known as a "Subject Access Request").
- Rectification: You have the right to have any inaccurate or incomplete personal data we hold about you corrected.
- Erasure: You have the right to request that we delete your personal data where there is no compelling reason for us to continue processing it.
- Restrict processing: You have the right to request that we suspend the processing of your personal data in certain circumstances.
- Data portability: You have the right to obtain and reuse your personal data for your own purposes across different services.
- Object: You have the right to object to us processing your personal data, for example, for direct marketing purposes.
- Rights related to automated decision-making and profiling: You have rights where we use automated processes to make decisions about you.
To exercise any of these rights, please contact us at privacy@exsite.app.
Complaints: If you are not satisfied with our response to any query or complaint you raise with us, you have the right to complain to the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection issues. You can contact the ICO at www.ico.org.uk .
8. Data Security
We are committed to ensuring that the personal data we collect is secure. We have put in place suitable physical, electronic, and managerial procedures to safeguard and secure personal data from misuse, interference, loss, and unauthorised access, modification, or disclosure.
However, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Platform; any transmission is at your own risk.
9. Cookies
We use cookies on our Platform. Cookies are small text files placed on your computer's browser to store your preferences. They help us provide a better user experience. For more information on the cookies we use, why we use them, and how you can manage them, please see our Cookie Policy.
10. Links to Other Websites
Our Platform may contain links to other websites. We do not have any control over those websites and are not responsible for the protection and privacy of any personal data which you provide whilst visiting them. Those websites are not governed by this Privacy Policy.
11. Personal Data from Single Sign-On Accounts
If you connect your account with us using a single sign-on service (such as Apple, Google, or Facebook), we will collect personal data from that provider in accordance with the privacy settings you have chosen with them. This may include your name, user ID, profile picture, and email address. We use this data to create your profile on our Platform. You have the right to request the deletion of data we have acquired from these services by contacting us.
12. Amendments
We may vary this Privacy Policy from time to time by publishing the amended version on our Platform. We recommend you check our Platform regularly to ensure you are aware of our current Privacy Policy.