Privacy Policy

How we handle personal data when you use GreenlitKit.

This Privacy Policy explains how ToggleKit Ltd ("we", "us", "our"), a company registered in England and Wales (company number 17020947), operates the GreenlitKit service ("GreenlitKit", "the Service") and how we collect, use, and protect personal data. We are the data controller for the personal data described below. We process personal data in line with the UK GDPR and the Data Protection Act 2018.

What data we collect

We collect the following categories of personal data when you use GreenlitKit:

Where the data comes from

Some personal data is provided directly by you (account and billing details). Other data, specifically the director and PSC information shown in your dashboard, is sourced from the Companies House public register through its official Public Data API. This is information that is already published by Companies House.

How we use your data

We use personal data to provide and operate the Service: to authenticate you, build your verification dashboard, calculate deadlines, send reminders you configure, process your subscription, respond to support requests, and keep the Service secure. Our lawful bases are performance of our contract with you, our legitimate interests in operating and improving the Service, and compliance with our legal obligations.

Who we share it with

We share personal data only with service providers ("processors") that help us run GreenlitKit, under appropriate data-processing terms:

ProviderPurpose
CloudflareHosting, database, caching, and content delivery
StripeSubscription and payment processing
ResendTransactional and reminder email delivery
Companies HouseSource of public company, director, and PSC data

We do not sell personal data. We may disclose data where required by law.

International transfers

Some of our providers, including Stripe and Resend, are based in the United States and may process personal data outside the UK. Where data is transferred outside the UK, we rely on appropriate safeguards, such as the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, together with any applicable UK adequacy regulations.

How long we keep it

We keep account and portfolio data for as long as your account is active, and for a reasonable period afterwards to meet legal, accounting, and security obligations. You can ask us to delete your account data at any time, subject to records we are required to retain.

Cookies

GreenlitKit uses a small number of strictly necessary cookies to keep you signed in and secure your session. We do not use advertising or cross-site tracking cookies. Our analytics are cookieless.

Your rights

Under UK data protection law you have the right to access, correct, delete, restrict, or object to our processing of your personal data, and the right to data portability. To exercise any of these, contact us at the address below. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.

Security

We protect personal data with encryption in transit, access controls, and secure, edge-hosted infrastructure. No system is perfectly secure, but we take reasonable steps to safeguard your data and will notify you and the relevant authority of any breach where required.

Changes to this policy

We may update this policy from time to time. We will post the revised version here and update the "last updated" date above. Material changes will be notified to account holders.

Contact us

For any privacy question or to exercise your rights, contact hello@greenlitkit.com. ToggleKit Ltd's registered office is shown on the public register at Companies House.