Privacy Policy

Last updated: 05/01/2026

This Privacy Policy explains how BitVault Ltd (“BitVault”, “we”, “us”, or “our”) collects, uses, stores, and protects personal data when you visit our website or use our services.

We are committed to protecting your privacy and handling personal data in a transparent and secure manner, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. About Us

BitVault Ltd is a company incorporated and registered in Scotland.

Registered name: BitVault Ltd
Registered address: 48 West George Street, Glasgow, Scotland, G2 1BP
Company number: SC681971
Email: [email protected]

For the purposes of data protection legislation, BitVault Ltd is the data controller.

2. Personal Data We Collect

We may collect and process the following categories of personal data:

Information you provide to us:

  • Name

  • Company or organisation name

  • Email address

  • Telephone number

  • Billing and payment details

  • Account login details

  • Support requests and communications

Information collected automatically:

  • IP address

  • Browser type and version

  • Operating system

  • Pages visited and time spent on our website

  • Referring website or source

Service-related data

Depending on the service used, we may process limited metadata necessary to provide the service (for example, device identifiers for tracking services or system identifiers for backup services). We do not intentionally access customer content unless required for support, security, or legal reasons.

3. How We Use Personal Data

We use personal data for the following purposes:

  • To provide, operate, and maintain our services

  • To manage customer accounts and subscriptions

  • To process payments and invoices

  • To provide customer support and respond to enquiries

  • To improve our website, services, and user experience

  • To meet legal, regulatory, and contractual obligations

  • To protect against fraud, misuse, or security incidents

We do not sell personal data.

4. Lawful Bases for Processing

Under UK GDPR, we rely on the following lawful bases:

  • Contract – where processing is necessary to provide our services

  • Legitimate interests – to operate, improve, and secure our business

  • Legal obligation – where required by law or regulation

  • Consent – where explicitly obtained (for example, marketing communications)

You may withdraw consent at any time where consent is the lawful basis.

5. Marketing Communications

We may send service-related communications where necessary to deliver our services.

Marketing communications will only be sent where:

  • You have opted in; or

  • There is an existing customer relationship and the communication relates to similar services

You may opt out of marketing at any time by using the unsubscribe link or contacting us directly.

6. Data Sharing and Third Parties

We may share personal data with trusted third parties where necessary to provide our services, including:

  • Payment processors

  • Hosting and cloud service providers

  • Backup, monitoring, or infrastructure providers

  • Professional advisers (legal, financial, compliance)

All third parties are required to process data securely and only in accordance with our instructions.

We do not permit third parties to use your personal data for their own purposes.

7. International Data Transfers

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, such as adequacy regulations or standard contractual clauses, to protect your data in accordance with UK GDPR.

8. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including legal, accounting, and regulatory requirements.

Retention periods vary depending on the nature of the data and the service provided.

9. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Access controls and authentication

  • Encryption where appropriate

  • Secure hosting environments

  • Monitoring and logging

Despite these measures, no system can be guaranteed to be completely secure.

10. Your Data Protection Rights

Under UK GDPR, you have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request erasure of personal data

  • Restrict or object to processing

  • Request data portability

  • Withdraw consent at any time

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

ICO website: https://ico.org.uk

To exercise your rights, please contact us using the details below.

11. Cookies

Our website uses cookies and similar technologies to improve functionality and analyse usage.

Details of cookies used and how to manage them are set out in our Cookie Policy (where applicable).

12. Children’s Data

Our website and services are not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be published on our website with an updated “Last updated” date.

Continued use of our website or services constitutes acceptance of the updated Privacy Policy.

14. Governing Law

This Privacy Policy and any non-contractual obligations arising from it are governed by the laws of Scotland.

15. Contact Us

If you have any questions about this Privacy Policy or how we handle personal data, please contact:

Email: [email protected]

Terms & Conditions

Terms & Conditions

Terms & Conditions

Login