Last Updated: 7 October 2025
1.General
For the purposes of this privacy policy (the “Privacy Policy”), “personal data” means information that identifies or relates to an identifiable individual. This includes data relating to the use and performance of Edgefolio Services (as defined below), such as logs, telemetry, analytics, device information, performance metrics and inferences derived from such data (“Usage Data”). It does not include aggregated, anonymised or de‑identified information that is not reasonably capable of being associated with an individual. This Privacy Policy describes how Edgefolio UK Limited and its affiliated companies (“Edgefolio”, “we”, “our” or “us”) collect, store, use and disclose the following categories of personal data:
(a)customer data: personal data that we collect, process and manage on behalf of our business customers (each a “Customer”, and collectively, “Customers”) as part of our services (together with our Websites (as defined below), “Edgefolio Services”). We process such customer data (“Customer Data”) on behalf of and under the instruction of the relevant Customer in accordance with our agreement with that Customer. This Privacy Policy does not apply to the privacy or data handling practices of our Customers, who remain solely responsible for their own policies and notices;
(b)user data: personal data concerning individuals acting on behalf of our Customers in connection with their engagement with Edgefolio and their use of Edgefolio Services, such as account administrators, authorised users, billing contacts and signatories, as well as information relating to Customers’ business needs and preferences (“User Data”);
(c)prospect data: data relating to visitors to our websites (“Websites”), participants at our events, and other prospective customers, users or partners (“Prospects”) who interact with our Websites online content, emails, integrations or communications under our control (“Prospect Data”);
(d)service data: operational, diagnostic, security and performance‑related information generated through the use of Edgefolio Services (“Service Data”). Service data is processed by Edgefolio as a controller to operate, secure and improve Edgefolio Services.
Edgefolio Services are designed exclusively for businesses and are not intended for personal or domestic use. Accordingly, we treat all personal data covered by this Privacy Policy as relating to individuals acting in a business capacity. For clarity, we do not target or provide services to consumers or process personal data in a personal or household context.
You are not legally required to provide us with personal data. If you choose not to provide certain information, or to limit how it is processed, this may affect the availability or functionality of Edgefolio Services.
2.Data Collection and Processing
We collect personal data in various ways, depending on how individuals interact with us and the choices they make. We may collect personal data automatically, directly from individuals, or from third‑party sources, including publicly available sources and data enrichment providers, where permitted by law.
We may collect or generate the following types of personal data:
(a)usage, login and device information: relating to users of Edgefolio Services (“Users”) and Prospects, including connectivity and technical data (such as IP address and approximate location, device type, operating system, browser version, locale and language settings), activity logs, session recordings, login credentials for Edgefolio Services, cookies and pixels, and inferred data generated from use of Edgefolio Services;
(b)contact and business information: relating to Customers, Users and Prospects, such as name, email address, phone number, position, workplace, business insights, communications with us (including call or video recordings and related analyses), feedback, contractual and billing details, and expressed or inferred needs and preferences;
(c)customer data: provided by Customers or processed on their behalf and under their instruction, which may include any of the categories of personal data described above;
(d)service data: operational, diagnostic, security and performance‑related information generated through the use of Edgefolio Services, processed by Edgefolio as a controller for service reliability, security and improvement.
3.Data Uses
We use personal data as necessary to provide and improve Edgefolio Services (“Contract Performance”), to comply with legal and contractual obligations (“Legal and Contractual Compliance”), and to support our legitimate interests in operating, securing and developing our business (“Legitimate Interests”). Where required by applicable laws, we rely on consent (“Consent”).
We rely on the following legal bases for the processing of personal data:
|
Purpose |
Categories |
Legal Basis |
|
Service delivery and account administration |
Customer Data, User Data |
Contract Performance |
|
Security, fraud prevention, diagnostics |
Service Data, User Data |
Legitimate Interests |
|
Service improvement, analytics, artificial intelligence/machine learning |
Service Data, User Data |
Legitimate Interests |
|
Marketing and communications |
User Data, Prospect Data |
Legitimate Interests or Consent |
|
Compliance with law and contract |
All categories |
Legal and Contractual Compliance |
We use personal data for the following purposes:
(a)Customer and User personal data:
(i)to facilitate, operate, enhance and provide Edgefolio Services;
(ii)to provide support, test and monitor Edgefolio Services, diagnose or resolve issues, and train our teams;
(iii)to personalise Edgefolio Services, including recognising returning Users and tailoring experiences;
(iv)to support and optimise marketing campaigns, advertising and sales operations, including contextual, behavioural and interest based advertising, where permitted by law;
(v)to facilitate events, promotions and related activities.
(b)Customer, User and Prospect personal data:
(i)to understand how individuals use Edgefolio Services and how we can improve them, including through the use of artificial intelligence and machine learning capabilities;
(ii)to contact individuals with service related or promotional communications, where permitted by law;
(iii)to support and enhance our security measures, including preventing and mitigating fraud, error or illegal activity;
(iv)to create aggregated, anonymised or pseudonymised data for service improvement or other lawful purposes;
(v)to enforce our agreements, resolve disputes and protect our rights and interests;
(vi)to comply with applicable laws, regulations and standards;
(vii)for any other lawful purpose or purpose to which you consent.
We use artificial intelligence and machine learning to support security, reliability, performance, analytics and service improvement. Customer Data is not used to train general purpose or cross customer models unless Customer has expressly opted in or such use is permitted by law.
Service Data may be used to develop and improve models that support diagnostics, security and performance.
Service Data is processed by Edgefolio as a controller for the purposes of operating, securing and improving Edgefolio Services. Service Data is processed independently of Customer instructions and is not treated as Customer Data. Service Data may be processed in any location where we or our service providers operate, as it is processed by Edgefolio as a controller for security, diagnostics, performance and service improvement.
We do not make decisions based solely on automated processing that produce legal or similarly significant effects. If this changes, we will provide required information and safeguards.
Where required by the ePrivacy Directive and local marketing laws, we rely on consent for electronic direct marketing. For business contacts, we may rely on legitimate interests, and individuals may opt out at any time.
4.Data Location
We and our authorised service providers may maintain, store and process personal data in the UK, the EEA, the United States and other locations as necessary for the provision of Edgefolio Services or as required by law. Regardless of location, we protect personal data in accordance with this Privacy Policy and applicable legal requirements. Service Data may be processed in any location where we or our service providers operate.
The UK is recognised by the European Commission as providing an adequate level of protection for personal data. For transfers from the UK or EEA to countries not deemed adequate, we rely on appropriate safeguards such as Standard Contractual Clauses, the UK International Data Transfer Addendum, and, where applicable, the EU‑U.S. Data Privacy Framework and its UK Extension.
5.DATA RETENTION
We retain personal data for as long as necessary to maintain and expand our relationship, provide Edgefolio Services, comply with legal and contractual obligations, and protect our interests. Retention periods depend on the nature of the data, the purposes for which it is processed, and applicable legal requirements. Service Data is retained for the duration necessary to operate, secure and improve Edgefolio Services, and may be retained for longer periods in aggregated or anonymised form.
We may use de-identified or aggregated data for analytics, research or service improvement. We do not attempt to re-identify such data except where permitted by laws applicable to us.
6.DATA DISCLOSURE
We disclose personal data in the following ways:
(a)service providers: third‑party providers who support or enhance Edgefolio Services, such as hosting, communications, analytics, security, billing, marketing, customer support and professional services. Service providers may access personal data only as instructed by us and subject to appropriate contractual safeguards;
(b)partnerships: selected business and channel partners, resellers and distributors who help us pursue growth opportunities. If you engage directly with a partner, their terms and privacy policy apply to that engagement;
(c)service integrations: third‑party services chosen by Customers to integrate with Edgefolio Services. Depending on the integration, relevant data may be shared between Edgefolio Services and the third‑party provider. We do not receive or store passwords for such services;
(d)event sponsors: where individuals attend events or access sponsored content, we may share personal data with sponsors, where permitted by law or based on consent;
(e)business customers: Customers have access to personal data processed on their behalf;
(f)legal compliance: where required by law or in response to lawful requests, or where disclosure is necessary to investigate or prevent illegal activity or protect our interests;
(g)protecting rights and safety: where necessary to protect the rights, property or safety of Edgefolio, our Customers, Users or the public;
(h)affiliates and corporate transactions: within the Edgefolio group, or in connection with mergers, acquisitions, asset transfers, insolvency or similar events, subject to appropriate protections.
We may share non-personal or anonymised data at our discretion.
7.COOKIES AND DATA COLLECTION TECHNOLOGIES
We and our service providers use cookies, pixels and similar technologies to operate, secure and improve Edgefolio Services, perform analytics, and personalise experiences. Session cookies expire when the browser closes; persistent cookies remain for longer.
Where required by law, we obtain consent before placing or accessing non-essential cookies. Individuals may withdraw consent via our cookie banner or by contacting us. We respect applicable browser or device level opt out signals where required by law.
8.Communications
We communicate with individuals in connection with Edgefolio Services. These communications may include:
(a)service communications: operational or transactional messages relating to Edgefolio Services, such as updates, security alerts, support responses, or billing notices. These communications are necessary for the provision of Edgefolio Services and cannot be opted out of;
(b)promotional communications: information about new features, events, or opportunities. Individuals may opt out of promotional communications at any time via email preferences, profile settings, or unsubscribe instructions. Where required by law, we obtain consent before sending electronic direct marketing.
9.Data Security
We implement technical and organisational measures designed to protect personal data against unauthorised access, loss or misuse. However, no system is completely secure. We maintain measures appropriate to the risks involved and will notify regulators and affected individuals of personal data breaches where required by law. Our security measures include encryption in transit and at rest, access controls, monitoring, vulnerability management and incident response procedures.
10.Data Subject Rights
Individuals may contact us at legal@edgefolio.com to exercise their rights under applicable laws, which may include rights to access, correct, delete, restrict, object, port data, or withdraw consent. Individuals may also have the right to lodge a complaint with a supervisory authority.
We may request information to verify identity and to understand the scope of a request. Where personal data is processed on behalf of a Customer, that Customer is responsible for handling the request, and we may direct the individual to contact that Customer.
We may redact personal data or confidential information relating to others before responding.
11.Data Controller/Processor
Depending on the context:
(a)for Prospect Data, Edgefolio acts as a data controller;
(b)for Customer Data, Edgefolio acts as a data processor on behalf of Customer, who is the data controller;
(c)for User Data, Edgefolio may act as both a controller (for its own purposes) and a processor (for portions included in Customer Data);
(d)Service Data is processed by Edgefolio as a controller for the purposes of operating, securing and improving Edgefolio Services. Edgefolio processes Service Data on the basis of its legitimate interests in ensuring the security, availability, performance and improvement of Edgefolio Services. Service Data is processed independently of Customer instructions and is not treated as Customer Data. Service Data may be processed in any location where we or our service providers operate.
Customers are responsible for ensuring that individuals whose personal data is processed through Edgefolio Services receive appropriate notices and consents, and for handling data subject rights requests relating to Customer Data. We enter into data processing agreements with Customers and sub‑processors as required by law.
12.Updates and Contact Details
We may update this Privacy Policy from time to time by posting an amended version on our Websites. Material changes will be notified as required by law. If you have questions about this Privacy Policy or our data practices, please contact us at legal@edgefolio.com.