Privacy Statement — Code Pro Quo Ltd

Your privacy matters. This statement explains what personal data Code Pro Quo Ltd collects, why, and how it is handled. It is written in plain English. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1 Data controller

The data controller responsible for your personal data is:

Code Pro Quo Ltd
10d Vicarage Road, Swindon, England, SN2 1JG
Company number: 14871521

Code Pro Quo Ltd acts as data controller for personal data collected through its websites and the initial contact and account management stages of its products. Individual product brands (Sonus Immersivus, Chronify, DeepTrainer) may have their own supplementary privacy notices where data processing differs.

2 What personal data we collect

We only collect data that is necessary for the purposes described below. The data we may collect includes:

Data you provide directly

Contact form submissions: your name, email address, and the contents of your message
Account registration: name, email address, and optionally a display name or avatar (for products that require an account)
Purchase or billing information: handled by third-party payment processors; we do not store full payment card details
Support enquiries: communications you send to us when requesting help

Data collected automatically

Server logs: IP address, browser type and version, operating system, referring URL, and pages visited — retained for security and diagnostic purposes
Analytics data: aggregated, anonymised usage statistics where applicable (see section 9 on cookies)

Data from our products

Products such as Chronify may process content you choose to capture (for example, AI conversation text). That content is stored in storage you control (as described in the product's own documentation) and is not accessed by Code Pro Quo Ltd except where you explicitly request support or share it with us.

3 How and why we use your data

We use your personal data only for the following purposes:

To respond to your contact form enquiries — so that we can reply to questions, requests, or complaints
To provide and operate our products and services — account management, licence delivery, and product updates
To process payments — in conjunction with our payment processors for commercial products
To improve our products — using anonymised, aggregated data to understand how our software is used
To send service-related communications — important notices about updates, security issues, or changes to these terms (not marketing, unless you have opted in)
To comply with legal obligations — where required by law, regulation, or court order

We do not sell your personal data to any third party. We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

4 Legal basis for processing

Under UK GDPR, we must have a lawful basis for each use of personal data. Our bases are:

Legitimate interests (Article 6(1)(f)): responding to contact enquiries, operating and securing our services, improving our products using anonymised data
Contract performance (Article 6(1)(b)): processing data necessary to deliver a product or service you have purchased or signed up for
Legal obligation (Article 6(1)(c)): where we are required by law to process or retain data
Consent (Article 6(1)(a)): where you have explicitly opted in to receive marketing communications; you may withdraw consent at any time

5 Data sharing and third parties

We share personal data with third parties only where necessary and only with organisations that provide appropriate safeguards. These include:

Payment processors — to handle commercial transactions securely (e.g. Stripe). These processors operate under their own privacy policies and comply with PCI-DSS standards.
Cloud hosting providers — for hosting our websites and services. Data is stored on servers within the UK or European Economic Area (EEA) where possible.
Analytics providers — only where analytics are used, and only with anonymised or aggregated data where feasible.
Legal and regulatory bodies — where required by law or court order.

We do not share your data with advertisers or marketing networks.

6 International transfers

Where personal data is transferred outside the United Kingdom (for example, to a cloud provider with servers in the United States), we ensure that appropriate safeguards are in place, such as:

Standard contractual clauses approved by the UK Information Commissioner's Office (ICO)
Transfers to countries with UK adequacy decisions in force

You may request details of the safeguards in place for any specific transfer by contacting us (see section 13).

7 How long we keep your data

We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by law. Our general retention periods are:

Contact form enquiries: up to 12 months from the date of the last communication, unless an ongoing relationship requires longer retention
Account data: for the duration of the account, plus up to 90 days after closure to allow for recovery requests
Billing and transaction records: 7 years, as required by UK tax and accounting law
Server logs: up to 90 days for security and diagnostic purposes

After the applicable retention period, data is securely deleted or anonymised.

8 Security

We implement appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, disclosure, alteration, or destruction. These measures include:

Encrypted connections (HTTPS/TLS) for all data in transit
Encryption of sensitive data at rest where applicable
Access controls limiting who within our organisation can access personal data
Regular review of our security practices

No transmission over the internet is completely secure. While we take reasonable precautions, we cannot guarantee absolute security. If you become aware of a security vulnerability related to our services, please report it to us promptly.

9 Cookies and tracking

Our websites may use cookies — small text files stored on your device — for the following purposes:

Strictly necessary cookies: required for the website to function (e.g. session management). These cannot be disabled.
Analytical cookies: used to understand how visitors interact with our site, in anonymised or aggregated form. These are only set with your consent.
Preference cookies: to remember choices you have made (e.g. display settings). Set only with your consent.

You can control non-essential cookies through your browser settings, or through any cookie preference controls present on our sites. Withdrawing consent for non-essential cookies does not affect the functionality of core services.

We do not use advertising or tracking cookies that monitor your behaviour across other websites.

10 Your rights under UK GDPR

As a data subject under UK GDPR, you have the following rights. You can exercise them by contacting us (see section 13). We will respond within one calendar month.

Right to be informed

To know what data we hold about you and how it is used — this statement fulfils that obligation.

Right of access

To request a copy of the personal data we hold about you (a Subject Access Request).

Right to rectification

To ask us to correct inaccurate or incomplete personal data.

Right to erasure

To request deletion of your personal data where there is no compelling reason for us to continue processing it.

Right to restrict processing

To ask us to limit how we use your data in certain circumstances (e.g. while accuracy is disputed).

Right to data portability

To receive your personal data in a structured, commonly used, machine-readable format where processing is based on consent or contract.

Right to object

To object to processing based on legitimate interests, including direct marketing. We will stop unless we have compelling legitimate grounds.

Right to complain

To lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

Exercising these rights is free of charge in most cases. We may ask you to verify your identity before processing a request.

11 Children's privacy

Our services are not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data without parental consent, please contact us and we will delete it promptly.

Where a product may be suitable for users aged 13–17, parental or guardian consent may be required under applicable law. We will make this clear in the relevant product documentation.

12 Changes to this statement

We may update this Privacy Statement from time to time to reflect changes in our practices, products, or legal obligations. When we make material changes, we will update the "Last updated" date at the top of this page.

For significant changes, where we hold your contact details, we will notify you by email in advance. We encourage you to review this statement periodically.

13 How to contact us

For any questions, requests, or concerns regarding this Privacy Statement or the handling of your personal data, please contact us:

By post: Code Pro Quo Ltd, 10d Vicarage Road, Swindon, England, SN2 1JG
Via our website: Use the contact form on our homepage

If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO):

Website: ico.org.uk
Helpline: 0303 123 1113
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF