Privacy Policy

Last updated: March 2026

1. Introduction

EPTASOFT LTD ("we", "our", "us"), a company registered in England and Wales (Company No: 17038547), is committed to protecting and respecting your privacy. Our registered office is located at 61 Bridge Street, Kington, England, HR5 3DJ.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website eptasoft.net, use our services, or otherwise interact with us. This policy is compliant with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our website and services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our services.

2. Data Controller

For the purposes of data protection legislation, the data controller is:

3. Information We Collect

3.1 Personal Data You Provide

We may collect the following personal data when you voluntarily provide it to us:

  • Identity Data: Full name, company name, job title
  • Contact Data: Email address, telephone number, postal address
  • Financial Data: Payment card details (processed securely through Stripe; we do not store card numbers on our servers)
  • Transaction Data: Details of services purchased, payment amounts, dates of transactions
  • Communication Data: Enquiries, feedback, and any correspondence you send us via our contact form, email, or phone
  • Account Data: Username, password (hashed), and account preferences where applicable

3.2 Usage Data (Automatically Collected)

When you visit our website, we automatically collect certain technical information:

  • Device Data: IP address, browser type and version, operating system, device type
  • Browsing Data: Pages visited, time spent on pages, referring URL, click patterns
  • Location Data: Approximate geographic location derived from your IP address
  • Log Data: Server logs including access times, error logs, and request details

3.3 Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. Please refer to Section 10 for full details on our cookie usage.

4. How We Use Your Information

We use your personal data for the following purposes:

  • Service Delivery: To provide, maintain, and improve our software development, web design, and UK company formation consulting services
  • Payment Processing: To process transactions and send related information including purchase confirmations and invoices
  • Communication: To respond to your enquiries, provide customer support, and send service-related notifications
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes
  • Business Operations: To manage our business operations, including accounting, auditing, and administrative purposes
  • Security: To detect, prevent, and address technical issues, fraud, and security threats
  • Analytics: To understand how our website and services are used, enabling us to make improvements
  • Marketing: With your consent, to send promotional communications about our services (you can opt out at any time)

5. Legal Basis for Processing (GDPR Article 6)

We process your personal data only when we have a valid legal basis under Article 6 of the UK GDPR:

  • Consent (Article 6(1)(a)): Where you have given clear consent for us to process your personal data for a specific purpose, such as subscribing to marketing communications or accepting cookies
  • Contractual Necessity (Article 6(1)(b)): Where processing is necessary for the performance of a contract with you, or to take steps at your request before entering into a contract (e.g., providing our services, processing payments)
  • Legal Obligation (Article 6(1)(c)): Where processing is necessary for compliance with a legal obligation to which we are subject (e.g., tax reporting, anti-money laundering)
  • Legitimate Interests (Article 6(1)(f)): Where processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights. Our legitimate interests include operating and improving our services, fraud prevention, and business analytics

6. Data Sharing and Third Parties

We do not sell your personal data. We may share your information with the following categories of third parties only as necessary:

6.1 Payment Processors

Stripe, Inc. – We use Stripe to securely process payments. When you make a payment, your financial data is transmitted directly to Stripe's servers. Stripe's privacy policy can be found at stripe.com/privacy. Stripe is certified to PCI-DSS Level 1, the highest level of certification available.

6.2 Analytics Providers

Google Analytics – We use Google Analytics to understand website usage patterns. Google Analytics uses cookies to collect anonymised data about visitors. You can opt out by installing the Google Analytics Opt-out Browser Add-on. Google's privacy policy is available at policies.google.com/privacy.

6.3 Other Third Parties

  • Hosting Providers: Our website is hosted on servers that may process your data as part of providing hosting services
  • Professional Advisors: Including accountants, lawyers, and auditors who provide consultancy, banking, legal, insurance, and accounting services
  • Government Authorities: Where required by law, we may disclose your information to Companies House, HMRC, or other regulatory bodies

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements:

  • Account Data: Retained for the duration of your account and for up to 2 years after closure
  • Transaction Data: Retained for 7 years as required by UK tax legislation (HMRC requirements)
  • Communication Data: Retained for up to 3 years from the date of the last communication
  • Usage Data: Retained for up to 26 months (in line with Google Analytics default settings)
  • Marketing Consent: Retained until you withdraw your consent

When personal data is no longer required, we will securely delete or anonymise it.

8. Your Rights Under GDPR

Under the UK GDPR, you have the following rights concerning your personal data. You may exercise any of these rights by contacting us at info@eptasoft.net:

  • Right of Access (Article 15): You have the right to request a copy of the personal data we hold about you (known as a Subject Access Request)
  • Right to Rectification (Article 16): You have the right to request correction of any inaccurate or incomplete personal data
  • Right to Erasure (Article 17): You have the right to request deletion of your personal data in certain circumstances ("right to be forgotten")
  • Right to Restriction of Processing (Article 18): You have the right to request that we restrict the processing of your personal data in certain circumstances
  • Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format
  • Right to Object (Article 21): You have the right to object to the processing of your personal data where we are relying on legitimate interests or for direct marketing purposes
  • Right to Withdraw Consent: Where we rely on your consent to process your data, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal

We will respond to your request within one month of receipt. This period may be extended by a further two months where necessary, considering the complexity and number of requests.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

9. International Data Transfers

Some of our third-party service providers (such as Stripe and Google) are based outside the United Kingdom. Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place, including:

  • Transfers to countries that have received an adequacy decision from the UK Secretary of State
  • Use of Standard Contractual Clauses (SCCs) approved by the Information Commissioner
  • Transfers to organisations that participate in recognised certification mechanisms

You may request further details about the safeguards in place by contacting us.

10. Cookies Policy

Cookies are small text files placed on your device when you visit our website. We use the following types of cookies:

10.1 Strictly Necessary Cookies

These cookies are essential for the website to function properly. They enable basic features such as session management and security. These cookies do not require your consent.

  • PHPSESSID: Session identifier – expires when the browser is closed
  • csrf_token: Security token to prevent cross-site request forgery – session-based
  • cookie_consent: Records your cookie consent preference – persistent

10.2 Analytics Cookies

These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously.

  • _ga: Google Analytics – distinguishes unique users – expires after 2 years
  • _ga_*: Google Analytics – maintains session state – expires after 2 years

10.3 Managing Cookies

You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. Most browsers allow you to:

  • View what cookies are stored and delete them individually
  • Block third-party cookies
  • Block cookies from specific sites
  • Block all cookies
  • Delete all cookies when you close your browser

11. Data Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • SSL/TLS encryption for data transmitted between your browser and our servers
  • Secure password hashing algorithms for stored credentials
  • Regular security assessments and updates
  • Access controls limiting data access to authorised personnel only
  • PCI-DSS compliant payment processing through Stripe

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the internet or method of electronic storage is 100% secure.

12. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us at info@eptasoft.net and we will take steps to delete such information.

13. Third-Party Links

Our website may contain links to third-party websites, services, or applications that are not operated by us. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policy of every site you visit.

14. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on this page with a revised "Last updated" date.

We encourage you to review this Privacy Policy periodically. Your continued use of our website and services after the posting of changes constitutes your acceptance of such changes.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: