Privacy Policy
Last updated: 10 April 2026
1. Introduction
Boundary Control Ltd ("we", "us", "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We are the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, please contact us using the details provided below.
2. Data Controller
3. Data We Collect
We collect and process the following categories of personal data:
Contact Information
- Name and job title
- Email address
- Phone number (when provided)
- Organisation name and address
Technical Data
- IP address (anonymised where possible)
- Browser type and version
- Device information
- Pages visited and interaction data
Service Data
- Account credentials (securely hashed)
- Service usage and configuration data
- Support and communication records
4. How We Use Your Data
We process your personal data for the following purposes and lawful bases:
| Purpose | Lawful Basis |
|---|---|
| Providing our services and platform | Contract performance |
| Responding to enquiries and support requests | Legitimate interest / Contract |
| Sending service updates and notifications | Contract performance |
| Marketing communications (with consent) | Consent |
| Improving our website and services | Legitimate interest |
| Security and fraud prevention | Legitimate interest / Legal obligation |
| Compliance with legal obligations | Legal obligation |
5. Data Sharing
We do not sell your personal data. We may share your data with the following categories of recipients only when necessary:
- Service providers: Hosting, email, and analytics providers who process data on our behalf under strict data processing agreements
- Professional advisers: Lawyers, accountants, and auditors where required
- Legal authorities: When required by law or to protect our legal rights
- Business transfers: In the event of a merger, acquisition, or sale of assets
All third-party processors are carefully vetted and bound by data processing agreements compliant with UK GDPR requirements.
6. International Data Transfers
Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place, including:
- Transfers to countries with UK adequacy decisions
- Standard Contractual Clauses (SCCs) approved by the ICO
- Binding Corporate Rules where applicable
7. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:
- Account data: Duration of account plus 2 years
- Contract records: 6 years after contract end (legal requirement)
- Marketing contacts: Until consent withdrawn or 3 years of inactivity
- Support records: 3 years from resolution
- Website analytics: 26 months (anonymised)
8. Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
- Right of access: Request a copy of your personal data
- Right to rectification: Request correction of inaccurate data
- Right to erasure: Request deletion of your data ("right to be forgotten")
- Right to restrict processing: Request limitation of processing
- Right to data portability: Receive your data in a portable format
- Right to object: Object to processing based on legitimate interests
- Right to withdraw consent: Withdraw consent for consent-based processing
To exercise any of these rights, please contact us at privacy@boundarycontrol.com. We will respond within one month of receiving your request.
9. Cookies
We use minimal, privacy-respecting analytics. We do not use third-party tracking cookies or advertising networks. Essential cookies required for website functionality are used without consent as permitted under PECR.
- Essential cookies: Required for site functionality (session management, security)
- Analytics cookies: Privacy-focused analytics to improve our services (no personal data stored)
10. Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Encryption of data in transit (TLS 1.3) and at rest
- Access controls and authentication
- Regular security assessments and monitoring
- Staff training on data protection
- Incident response procedures
11. Children's Privacy
Our services are designed for business use and are not intended for children under 18 years of age. We do not knowingly collect personal data from children.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.
13. Complaints
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first at privacy@boundarycontrol.com.
14. Contact Us
For any questions about this Privacy Policy or our data practices, please contact us: