Privacy Policy
This policy explains how Catallactic Labs handles enquiries, website data, service providers and project-related information.
Last updated: May 2026
We collect the information you choose to send through our forms and the limited technical data needed to run, secure and improve this website.
We use carefully selected service providers for hosting, email delivery, website security, static assets and similar operational needs. We do not sell enquiry data.
If you ask us to build, consult on or support a project, any wider data use will depend on the services agreed for that project and will be handled under the relevant proposal, agreement or support arrangement.
Catallactic Labs provides software, websites, applications, CRM systems, automation, AI tools and technical consulting.
For privacy, legal or data questions, contact [email protected].
For this website and its enquiry forms, Catallactic Labs is the controller of the personal data you choose to provide and the technical data processed for website operation and security.
If you become a client, project-specific controller, processor and subcontractor responsibilities may be confirmed separately in the relevant proposal, contract or data processing terms.
We collect information you provide directly, such as your name, email address, company, project notes, budget range, timeline, selected interests and any message you send.
We may also collect technical information connected with your visit or form submission, such as IP address, browser type, device information, referral source, landing page, UTM campaign fields and security signals.
We only ask for information that is useful for responding to your enquiry, protecting the website or managing a potential working relationship.
Please do not send special category data, confidential credentials or unnecessary sensitive information through the website forms.
We use third-party providers where needed to operate, secure, deliver or improve the website and our services. These providers may process limited personal or technical data depending on how you use the website.
Current and expected provider categories are listed below. Project-specific tools, payment methods, integrations or AI services may vary depending on what is agreed with a client.
The website may be hosted on infrastructure providers such as DigitalOcean. Hosting providers process request data such as IP address, user agent, pages requested, timestamps, server logs and any form data submitted through the website.
Static files, brand images and email images may also be served from storage or CDN services such as DigitalOcean Spaces. When these assets load, the provider may receive technical request data from the visitor or email recipient.
Form submissions and confirmation emails may be sent through email services such as Google/Gmail or another configured SMTP provider.
Email providers process message content, sender and recipient addresses, delivery metadata and related technical information needed to send and receive email.
We may use services such as Cloudflare Turnstile to protect forms and website features from spam, bots, misuse and automated abuse.
When active, these services may process technical data such as IP address, browser and device information, request data, interaction signals and security tokens to verify that a request is genuine.
We use this processing because we have a legitimate interest in keeping the website secure, reliable and protected from abuse.
This website may load fonts, icons, scripts or static assets from providers such as Google Fonts, Tailwind CDN, Iconify and jsDelivr.
When external assets load, those providers may receive technical data such as IP address, browser information, referrer and the asset URL requested. These services are used to display the website correctly and maintain its visual functionality.
Payment methods, including cryptocurrency payments where appropriate, are agreed before work begins. Payment providers, banks, wallet services, exchanges or blockchain networks may process payment identifiers, transaction records, wallet addresses, billing information and related compliance data.
Cryptocurrency transactions may be recorded on public blockchains. We will confirm any practical payment details, taxes, settlement terms, fees and currency conversion arrangements separately.
Client projects may involve APIs, cloud services, maps, scheduling tools, analytics, authentication, payment processors, email services, AI providers or other integrations.
The data shared with those services depends on the system being built and the features a client approves. We aim to design systems so data sharing is purposeful, proportionate and appropriate for the agreed use case.
If you follow links to external websites or social platforms, those services may process your data under their own privacy terms. This can include account information, cookies, IP address, device data and referral information.
We keep personal data only for as long as reasonably needed for the purpose collected, including business follow-up, record keeping, legal obligations, dispute handling and service continuity.
Some providers may process data outside the UK. Where this happens, we rely on appropriate safeguards, provider terms, data processing agreements or other lawful transfer mechanisms where required.
Depending on the circumstances, you may have rights to access, correct, delete, restrict or object to the use of your personal data, and to complain to the UK Information Commissioner's Office.
To make a request, email [email protected]. We may need to verify your identity before acting on a request.
You can also complain to the UK Information Commissioner's Office if you are unhappy with how your data is handled.