HumanWox

Privacy Policy

Last updated: April 2026

1. Who we are

HumanWox Limited (Company No. 16296630), registered at 124 City Road, London, EC1V 2NX, United Kingdom, is the data controller for personal data collected through this website and the HumanWox platform.

For any questions about this policy or how we handle your data, contact us at privacy@humanwox.com.

2. What data we collect

We collect the following categories of personal data:

  • Account data: Full name, work email address, job title, organisation name, and role when you create an account, register for a trial, or book a walkthrough.
  • Contact form data: Name, email address, organisation (optional), and message content when you submit a contact form.
  • Usage data: Pages visited, features used, session duration, and interaction patterns within the platform. This data is collected through analytics tools and server logs.
  • Technical data: IP address, browser type, device type, and operating system. This data is collected automatically when you visit our website.
  • Payment data: Billing address and payment method details. Payment processing is handled by our payment processor and we do not store full card numbers.

3. How we use your data

We process your personal data for the following purposes:

  • Service delivery: To provide, maintain, and improve the HumanWox platform and respond to support requests.
  • Account management: To create and manage your account, process trial registrations, and administer subscriptions.
  • Communications: To send transactional emails (account confirmations, security alerts, service updates) and, where you have opted in, marketing communications about HumanWox products and services.
  • Security: To detect, prevent, and address fraud, abuse, and security incidents.
  • Legal compliance: To comply with applicable laws, regulations, and legal processes.

4. Lawful basis for processing

We rely on the following lawful bases under UK GDPR:

  • Contract: Processing necessary to perform our contract with you (service delivery, account management).
  • Legitimate interest: Processing necessary for our legitimate business interests (analytics, security, service improvement) where those interests are not overridden by your rights.
  • Consent: Where you have provided consent for marketing communications or optional cookies. You may withdraw consent at any time.
  • Legal obligation: Processing necessary to comply with UK law (financial record-keeping, responding to lawful requests).

5. How long we keep your data

  • Active accounts: Data is retained for the duration of your subscription.
  • Cancelled accounts: Account data is retained for six years after cancellation in accordance with UK financial record-keeping requirements, then deleted.
  • Trial accounts: If you do not subscribe, trial data is retained for 90 days after the trial expires, then deleted.
  • Contact form submissions: Retained for 24 months from the date of submission.
  • Marketing contacts: Retained for 12 months from your last engagement. You may unsubscribe at any time.

6. Who we share your data with

We do not sell your personal data. We share data with the following categories of service providers, each bound by data processing agreements:

  • Supabase Inc. — Database and file storage (hosted in EU West, London region).
  • Vercel Inc. — Website and application hosting (edge processing in the EU region).
  • Resend Inc. — Transactional email delivery.
  • Google LLC — Website analytics (Google Analytics).
  • Cloudflare Inc. — Bot protection (Cloudflare Turnstile).

Where a sub-processor transfers data outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses and UK International Data Transfer Agreements where applicable.

7. Data security

We implement appropriate technical and organisational measures to protect your personal data. All data is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted. Row-level security is enforced at the database layer, ensuring each organisation's data is fully isolated. Access to production systems is restricted and logged.

8. Your rights

Under UK GDPR and the Data Protection Act 2018, you have the right to:

  • Access the personal data we hold about you.
  • Rectification of inaccurate or incomplete data.
  • Erasure of your data in certain circumstances.
  • Restriction of processing in certain circumstances.
  • Data portability to receive your data in a structured, machine-readable format.
  • Object to processing based on legitimate interest.
  • Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact privacy@humanwox.com. We will respond within 30 days.

9. Cookies

Our website uses cookies and similar technologies. For full details on the cookies we use and how to manage your preferences, please see our Cookie Policy.

10. Complaints

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk. We would appreciate the opportunity to address your concerns before you contact the ICO, so please reach out to us first at privacy@humanwox.com.

11. Changes to this policy

We may update this policy from time to time. We will notify you of material changes by email or by posting a notice on our website. The "Last updated" date at the top of this page indicates when the policy was last revised.