ZuLogic Ltd

Privacy Policy

How we collect, use, and protect information across our websites and services.

We build our services to meet stringent privacy and child-safety standards, including COPPA, SOPPA, the UK Children’s Code, and GDPR, as required by US, UK, and EU laws.

Where required, we can deploy and store data in geo-specific regions. For US customers, we can keep covered data within US territories; likewise, UK/EU data can be stored within UK/EU regions, subject to your contract and service scope.

Last updated: 30 September 2025

1) Who we are & how to contact us

ZuLogic Ltd (Company No. 5388029) is the data controller for our websites and direct customer enquiries. Registered in England & Wales. Contact: hello@zulogic.co.uk.

For certain education or enterprise services we may act as a processor on behalf of a school or organisation (the controller). Your contract/Service Terms will state roles and responsibilities.

2) What we collect

  • Contact data: name, email, message content when you submit our contact forms or email us.
  • Account/service data (for customers): configuration, usage logs, and support history needed to operate and support the service.
  • Technical/usage data: limited analytics data (if you consent), device/browser info, pages viewed, and similar diagnostic data.
  • Support widget: if you use our chat/contact widget, basic metadata (browser, page URL) and any messages you send.

3) How we use data & legal bases

  • To respond to enquiries and provide requested information (contract or legitimate interests).
  • To operate and improve services, including troubleshooting and quality assurance (legitimate interests).
  • To meet legal obligations, such as record-keeping and regulatory compliance.
  • Analytics (only with consent): to understand aggregate website usage and improve content.

4) Cookies & analytics

We use Google Analytics 4 with Consent Mode. By default, analytics cookies are off; if you choose “Accept analytics”, we enable them. You can change your choice anytime:

  • Analytics purpose: understanding aggregate traffic and page performance.
  • Identifiers: if accepted, GA may set client IDs or similar identifiers in your browser.
  • Do Not Track: we respect your consent choice regardless of DNT; if you decline, analytics is not enabled.

5) Sharing & processors

We do not sell personal data. We use trusted processors to run our services, for example:

  • Hosting & infrastructure: Microsoft Azure (compute, storage, databases, email delivery).
  • Analytics: Google Analytics (only with your consent on the website).
  • Support widget: Freshworks/Freshdesk (if you use the embedded widget).
  • Email: Azure Communication Services (transactional emails from contact forms, etc.).

Each processor is bound by a data processing agreement and only processes data under our instructions.

6) Data residency & international transfers

We can deploy services in-region to meet residency requirements. For example, US customer data can be kept within US regions; UK/EU data can be kept in UK/EU regions, subject to your contract and the services you use.

Where data is transferred internationally, we rely on appropriate safeguards such as Standard Contractual Clauses and UK Addendum where applicable.

7) Security

We apply layered security controls, including access controls, encryption in transit, regular patching, and monitoring. We review vendors and restrict access to the minimum required for operations and support.

8) Retention

  • Enquiries: typically up to 24 months, or as needed to handle your request and maintain records.
  • Customer/service data: as specified in your contract or while your account remains active, then securely deleted or anonymised.
  • Analytics: stored in aggregate; event-level retention follows our GA property settings (e.g., 2–14 months).

9) Children’s privacy (COPPA, SOPPA, Children’s Code)

Some services are used in education settings. Where student data is involved, we operate under agreements with the school/organisation (the controller). We do not knowingly collect personal data from children without the appropriate school or parental consents required by law. We design our education services with child-safety and age-appropriate design in mind.

10) Your rights

Depending on where you live, you may have rights to access, correct, delete, or export your personal data, to object or restrict certain processing, and to withdraw consent where processing is based on consent.

To exercise your rights, email hello@zulogic.co.uk. You can also lodge a complaint with your local supervisory authority (e.g., ICO in the UK).

11) Changes to this policy

We may update this notice from time to time. We’ll update the “Last updated” date and, if changes are significant, provide a more prominent notice.

Questions about privacy?

We’re happy to explain how we handle data for your specific use case.

Contact us