This Privacy Policy explains how ForgeAI Studio, trading as NovaStacks ("we", "us", "our"), collects, uses, shares and protects personal data when you visit our website at https://novastacks.co.uk (the "Website") or otherwise interact with our business.
We are committed to protecting your privacy and handling your personal data in an open, transparent manner and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who we are
ForgeAI Studio (trading as NovaStacks) is a UK software company that designs and builds custom SaaS platforms, AI-powered business software, bespoke web applications and related software services.
For the purposes of data protection law, ForgeAI Studio is the data controller responsible for your personal data.
- Legal company name: ForgeAI Studio
- Trading name: NovaStacks
- UK Company Registration Number: 17175307 (registered in England & Wales)
- Website: https://novastacks.co.uk
- Contact for privacy matters: support@novastacks.co.uk
Email is our only contact channel. If you have any questions about this Privacy Policy or about how we handle your personal data, please contact us at support@novastacks.co.uk.
2. The personal data we collect
We collect and process the following categories of personal data.
2.1 Information you provide to us
When you complete our enquiry or contact form, or otherwise correspond with us by email, we collect:
- your name;
- your email address;
- your company or organisation name (where provided);
- the content of your message and any other information you choose to include in your enquiry or in subsequent correspondence with us.
2.2 Technical and usage data
When you visit the Website, we may automatically collect certain technical information, including:
- your IP address and approximate location derived from it;
- your browser type and version, device type and operating system;
- information about how you use the Website, such as the pages you view, the links you click, referring pages and the dates and times of your visits;
- information collected through cookies and similar technologies.
For more detail on the cookies and similar technologies we use, please see our Cookie Policy, which should be read alongside this Privacy Policy.
We do not intentionally collect special category data (such as data revealing health, race, religion or political opinions) through the Website, and we ask that you do not submit such data to us through our forms or by email.
3. How and why we use your personal data
We use your personal data for the following purposes:
- To respond to your enquiries — to receive, review and reply to messages you send via our enquiry form or by email, and to provide the information or assistance you request.
- To provide and support our services — to discuss, scope, deliver, support and administer the software products and services we provide, and to communicate with you about them.
- To operate, maintain and secure the Website — to ensure the Website functions correctly, to diagnose technical issues, to protect against fraud and abuse and to keep our systems secure.
- To improve our Website and services — to understand how visitors use the Website and to improve its content, performance and usability.
- To comply with our legal obligations — to meet record-keeping, accounting, tax, regulatory and other legal requirements.
4. Lawful bases for processing
Under the UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases.
- Consent — where you have given us clear consent to process your personal data for a specific purpose, for example when you choose to set non-essential cookies. You may withdraw your consent at any time.
- Legitimate interests — where processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Our legitimate interests include responding to enquiries, operating and securing the Website, understanding how our Website is used and promoting and developing our business.
- Performance of a contract — where processing is necessary to take steps at your request before entering into a contract, or to perform a contract we have with you, such as delivering and supporting our services.
- Legal obligation — where processing is necessary for us to comply with the law, for example in relation to accounting and tax records.
Where we rely on legitimate interests, you have the right to object to that processing (see "Your rights" below).
5. Cookies and analytics
The Website uses cookies and similar technologies to enable essential functionality, to remember your preferences and to help us understand how the Website is used.
We may use analytics tools to collect aggregated and statistical information about Website usage. This helps us measure traffic, understand visitor behaviour at a general level and improve the Website.
Non-essential cookies, including analytics cookies, are only used where you have given your consent. You can control and manage cookies through your browser settings and, where offered, through our cookie controls.
Full details of the specific cookies we use, their purposes and how to manage them are set out in our Cookie Policy, which forms part of this Privacy Policy and should be read together with it.
6. Third-party service providers
We use carefully selected third parties to help us operate the Website and run our business. These providers act as our processors and may handle personal data on our behalf, only on our instructions and subject to appropriate confidentiality and data protection obligations.
The categories of third-party providers we use include:
- Website hosting and domain services — our Website is hosted and supported through GoDaddy, which processes data necessary to make the Website available and secure.
- Spam and abuse prevention — we use reCAPTCHA to help protect our forms and the Website from spam, bots and abuse. This service may collect technical and usage information for security purposes.
- Email and communications — we use email service providers to receive, send and manage correspondence with you.
- Analytics — we use analytics providers to help us understand how the Website is used, as described above.
These providers are permitted to process your personal data only to the extent necessary to provide their services to us, and they are required to keep it secure.
7. International transfers
We aim to keep your personal data within the UK or the European Economic Area (EEA) wherever possible. However, some of our third-party providers may process or store personal data outside the UK or EEA.
Where personal data is transferred outside the UK, we take steps to ensure that an appropriate level of protection is in place, such as relying on:
- an adequacy decision or UK adequacy regulations recognising that the destination country provides an adequate level of data protection; or
- appropriate safeguards such as the International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or equivalent contractual protections.
You may contact us at support@novastacks.co.uk for further information about the safeguards in place for any such transfers.
8. Data retention
We keep your personal data only for as long as is necessary for the purposes for which it was collected, including to satisfy any legal, accounting, regulatory or reporting requirements.
- Enquiry and correspondence data is retained for as long as needed to respond to and manage your enquiry and, where relevant, to maintain a record of our communications and any resulting business relationship.
- Technical and usage data is generally retained for a shorter period, sufficient for security, troubleshooting and analytics purposes.
When we no longer need your personal data, we will securely delete or anonymise it.
9. How we protect your data
We take the security of your personal data seriously and use appropriate technical and organisational measures to protect it against unauthorised or unlawful processing and against accidental loss, destruction or damage.
These measures include restricting access to personal data to those who need it, using reputable service providers, and applying appropriate safeguards across our systems. While no method of transmission over the internet or electronic storage is completely secure, we work to protect your personal data and to maintain its confidentiality and integrity.
10. Your rights
Under the UK GDPR, you have a number of rights in relation to your personal data. Subject to certain conditions and exemptions, these include:
- The right to be informed — to be told how your personal data is collected and used, as set out in this Privacy Policy.
- The right of access — to request a copy of the personal data we hold about you.
- The right to rectification — to ask us to correct personal data that is inaccurate or incomplete.
- The right to erasure — to ask us to delete your personal data in certain circumstances.
- The right to restrict processing — to ask us to limit how we use your personal data in certain circumstances.
- The right to data portability — to ask us to provide certain personal data to you, or to another controller, in a structured, commonly used and machine-readable format.
- The right to object — to object to our processing of your personal data where we rely on legitimate interests, and to object to processing for direct marketing purposes.
- The right to withdraw consent — where we rely on your consent, to withdraw that consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
11. How to exercise your rights
To exercise any of your rights, please contact us by email at support@novastacks.co.uk. Please tell us which right you wish to exercise and provide enough information for us to identify you and locate the relevant personal data.
We will respond to your request without undue delay and within the timeframes required by law (normally within one month). This service is provided free of charge, although we may charge a reasonable fee or decline to act where a request is manifestly unfounded or excessive. We may also ask you to verify your identity before we act on a request.
12. Complaints and the ICO
We would welcome the opportunity to address any concerns you may have, so please contact us first at support@novastacks.co.uk.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection matters.
- Website: https://ico.org.uk
- Helpline: 0303 123 1113
13. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal and regulatory requirements. When we make changes, we will revise the "Last updated" date at the top of this page. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.
14. Contact us
If you have any questions, concerns or requests regarding this Privacy Policy or your personal data, please contact us at:
ForgeAI Studio (trading as NovaStacks) Company number: 17175307 (England & Wales) Email: support@novastacks.co.uk Website: https://novastacks.co.uk