WitFlowBack to site

Privacy Policy

Last updated: 16 March 2026

WitFlow Ltd ("WitFlow", "we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share information about you when you visit witflow.co or engage with our services.

WitFlow Ltd is registered in England and Wales. We act as the data controller for personal data collected through this website and in connection with our services.

This policy is written in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the EU General Data Protection Regulation (EU GDPR) where applicable.

1. What data we collect

We may collect the following categories of personal data:

  • Contact and identity data: your name, job title, company name, and work email address, when you submit our contact form or correspond with us directly.
  • Communications data: the content of messages you send us through the website or by email.
  • Technical data: IP address, browser type and version, time zone, browser plug-in types, operating system, and platform, collected automatically when you visit our website.
  • Usage data: information about how you use our website, including pages visited, time spent, and referring URLs.
  • Cookie data: as described in our Cookie Policy.

We do not collect any special categories of personal data (such as data concerning health, race, religion, or political opinions), nor do we collect personal data from children under the age of 16.

2. How we collect data

  • Directly from you: when you complete the contact form, send us an email, or otherwise communicate with us.
  • Automatically: through cookies and similar tracking technologies when you visit our website. Please see our Cookie Policy for details.
  • From third parties: we may receive data about you from analytics providers, advertising networks, or referral partners, where permitted by applicable law.

3. Legal basis for processing

We process your personal data on the following legal bases under UK GDPR / EU GDPR:

  • Contractual necessity: where processing is necessary to take steps prior to entering into a contract, or to fulfil a contract with you.
  • Legitimate interests: where we have a legitimate business interest in processing your data that is not overridden by your rights — for example, to respond to enquiries, improve our website, and pursue business development activities.
  • Consent: where you have given clear, freely given consent — for example, for non-essential cookies or marketing communications. You may withdraw consent at any time.
  • Legal obligation: where processing is necessary to comply with a legal obligation to which we are subject.

4. How we use your data

We use the personal data we collect to:

  • Respond to enquiries submitted via our contact form or by email.
  • Communicate with you about our services, where you have requested information or we have a legitimate interest in doing so.
  • Improve and optimise our website and services through analytics.
  • Comply with legal and regulatory obligations.
  • Protect our legitimate business interests and legal rights.

We will not use your personal data for automated decision-making or profiling in a way that produces legal or similarly significant effects.

5. Who we share your data with

We do not sell, rent, or trade your personal data. We may share your data with:

  • Service providers: trusted third parties who process data on our behalf, including our email delivery provider (SendGrid / Twilio), hosting infrastructure, and analytics services. These parties are bound by data processing agreements and may only use your data for the purposes we specify.
  • Professional advisers: lawyers, auditors, and insurers where necessary.
  • Regulatory and law enforcement authorities: where required by law or to protect our legal rights.

6. International transfers

Some of our service providers are based outside the United Kingdom and the European Economic Area (EEA). Where we transfer personal data to countries that do not provide an equivalent level of data protection, we ensure appropriate safeguards are in place — such as Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO) or the European Commission, or reliance on an adequacy decision.

7. Data retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. In general:

  • Contact form submissions are retained for up to 24 months.
  • Technical and usage data is retained for up to 26 months.
  • Data held for legal compliance purposes is retained for as long as required by the relevant legal obligation.

8. Your rights

Under UK GDPR and EU GDPR, you have the following rights in relation to your personal data:

  • Right of access: to request a copy of the personal data we hold about you.
  • Right to rectification: to request that we correct inaccurate or incomplete data.
  • Right to erasure: to request that we delete your personal data in certain circumstances.
  • Right to restrict processing: to request that we limit how we use your data in certain circumstances.
  • Right to data portability: to receive your personal data in a structured, commonly used format where processing is based on consent or contract.
  • Right to object: to object to processing based on legitimate interests or for direct marketing purposes.
  • Rights related to automated decision-making: not to be subject to solely automated decisions that significantly affect you.

To exercise any of these rights, please contact us at hello@witflow.co. We will respond within 30 days. We may need to verify your identity before processing your request.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk, or with the relevant supervisory authority in your country of residence.

9. Cookies

Our website uses cookies and similar technologies. For full details of the cookies we use and how to manage them, please see our Cookie Policy.

10. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or damage. Access to personal data is restricted to those who have a business need to know.

Where we have given you (or where you have chosen) a password for access to certain parts of our website or services, you are responsible for keeping that password confidential.

11. Third-party links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to read their privacy policies.

12. Changes to this policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated date. We encourage you to review this policy periodically.

13. Contact us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us: