Request DemoGet Started

Privacy Policy

Last updated: March 2026

Ask AI to explain

Get a quick, plain-language summary of this page without all the jargon.

ChatGPTClaudeGeminiPerplexity

1. Introduction

DataRecs ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We apply these standards globally, regardless of where you are located.

2. Data Controller

DataRecs is the data controller responsible for your personal data collected through our website and marketing activities (e.g. when you register interest, subscribe to communications, or browse our site).

When you use our platform to reconcile your data, DataRecs acts as a data processor on your behalf. In this capacity, we process your data strictly in accordance with your instructions and our Data Processing Agreement. You, as the customer, remain the data controller for any data you submit to the platform for reconciliation.

For any questions about how we handle your data, please contact our Data Protection Officer at dpo@datarecs.io.

3. Information We Collect

We may collect information about you in a variety of ways, including:

  • Account and contact data you voluntarily provide when registering interest, creating an account, contacting us, or subscribing to our communications (e.g. name, email address, company name, job title).
  • Usage data collected automatically, such as your IP address, browser type, operating system, referring URLs, pages visited, and interactions with our website.
  • Payment information processed securely through our third-party payment provider (we do not store your payment card details directly).
  • Cookies and similar tracking technologies, as described in Section 10 below.

4. Lawful Bases for Processing

We process your personal data on the following lawful bases under the UK GDPR:

  • Contractual necessity: processing required to provide our services to you, manage your account, and fulfil our obligations under our terms of service.
  • Legitimate interests: processing necessary for our legitimate business interests, such as improving our services, ensuring security, and communicating with you about your account. We only rely on this basis where our interests are not overridden by your data protection rights.
  • Consent: where you have given clear consent for us to process your personal data for a specific purpose, such as receiving marketing communications. You may withdraw consent at any time.
  • Legal obligation: processing necessary to comply with a legal obligation to which we are subject.

5. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain our services.
  • Respond to your enquiries and provide customer support.
  • Send you marketing communications (with your consent), which you can opt out of at any time.
  • Improve our website and services through analytics.
  • Process payments and manage billing.
  • Detect, prevent, and address security issues and fraud.
  • Comply with legal obligations.

6. Data Sharing and Third-Party Service Providers

We do not sell your personal information. We do not share your personal data with other enterprises for their own purposes.

We use the following third-party service providers to operate our platform and services. These providers process data on our behalf and are bound by contractual obligations to keep your information secure and confidential:

  • Google Cloud Platform — cloud infrastructure and hosting for our services.
  • Cloudflare — deployment of static sites, CDN, and security protection.
  • Resend — transactional email delivery (e.g. account notifications, password resets).
  • Kit.com — broadcast email communications and newsletters.
  • Stripe — payment processing (your payment details are handled directly by Stripe and are not stored on our systems).
  • WorkOS — authentication and single sign-on services.

We may also disclose your information where required by law, regulation, or legal process, or to protect the rights, property, or safety of DataRecs, our users, or others.

7. Data Storage and International Transfers

All customer data is stored and processed within the United Kingdom. We do not transfer your personal data outside of the UK.

Some of our third-party service providers may process limited data (such as email addresses for email delivery) in other jurisdictions. Where this occurs, we ensure appropriate safeguards are in place, such as UK International Data Transfer Agreements or equivalent measures, to protect your data in accordance with UK data protection law.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. When your data is no longer needed, we will securely delete or anonymise it.

9. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

  • The right to access your personal data and obtain a copy of it.
  • The right to rectification of inaccurate or incomplete personal data.
  • The right to erasure ("right to be forgotten") in certain circumstances.
  • The right to restrict processing of your personal data.
  • The right to data portability, allowing you to receive your data in a structured, commonly used format.
  • The right to object to processing based on legitimate interests or for direct marketing purposes.
  • The right to withdraw consent at any time, where processing is based on consent.

To exercise any of these rights, please contact us at dpo@datarecs.io. We will respond to your request within one month, as required by law.

If you are not satisfied with how we handle your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection. You can contact the ICO at ico.org.uk/make-a-complaint or by calling 0303 123 1113.

10. Cookies and Tracking Technologies

We use Google Analytics to understand how visitors interact with our website, such as which pages are visited and how users navigate through the site. This helps us improve the user experience.

Cookies used on our site fall into the following categories:

  • Strictly necessary cookies: required for the website to function correctly (e.g. session management). These cannot be disabled.
  • Analytics cookies: used by Google Analytics to collect anonymised usage data. These are opt-in and only activated based on your cookie preferences.

When you first visit our site, you will be presented with a cookie consent banner allowing you to accept or reject non-essential cookies. You can change your preferences at any time through the cookie settings link in our website footer.

We respect "Do Not Track" (DNT) and Global Privacy Control (GPC) signals. If your browser sends a DNT or GPC signal, we will not set non-essential cookies or load analytics scripts.

11. Links to Third-Party Websites

Our website may contain links to third-party websites, services, or applications that are not operated by us. If you follow a link to any of these sites, please note that they have their own privacy policies and we accept no responsibility or liability for their practices. We encourage you to read the privacy policy of every site you visit.

12. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us at dpo@datarecs.io and we will take steps to delete such information.

13. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encryption of data in transit and at rest, access controls, and regular security reviews.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also notify you by email.

15. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact our Data Protection Officer at dpo@datarecs.io.

For general enquiries, you can reach us at info@datarecs.io.