This Privacy Policy describes how Bryndeli Ltd ("Bryndeli," "we," "us") collects, uses, and protects personal data when you use our website at bryndeli.co.uk ("the Site") or our software service ("the Service").
Bryndeli is a UK company registered in England and Wales. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Contents
i.Who we are
Bryndeli Ltd is the data controller for personal data collected through the Site. Where we process data on behalf of a care provider using our Service (for example, care plans uploaded by a care provider), we act as a data processor and the care provider is the data controller.
Our registered address and contact details are set out in section xiii below.
ii.What we collect
Information you give us directly
- When you contact us (e.g. by email or via the demo request form): your name, email address, organisation name, and the contents of your message.
- When you join our waitlist (if applicable): your email address and any optional information you choose to share, such as your role.
- When your organisation becomes a customer: account information, billing information, and any data your organisation chooses to upload to the Service.
Information collected automatically
- Server logs: when you visit the Site, our hosting provider logs your IP address, browser type, the pages you view, and the time of your visit. This is for security and operational purposes.
- Cookies: see section ix.
Information from third parties
We may receive information about you from publicly available sources (for example, LinkedIn or Companies House) when researching prospects, or from your organisation if they refer you to us.
iii.How we use it
We use personal data for the following purposes:
- To respond to enquiries and arrange demonstrations of the Service.
- To provide the Service to organisations that become customers, including hosting, processing, and supporting their use of the Service.
- To improve the Service, including analysing aggregated and anonymised usage patterns.
- To send service-related communications, such as notices about changes to the Service or this policy.
- To send marketing communications only where you have given us consent or where we have a legitimate interest in doing so (and you have not opted out).
- To meet our legal obligations, including responding to lawful requests from public authorities.
iv.Legal basis
Under UK GDPR, we must have a lawful basis to process your personal data. The legal bases we rely on are:
| Activity | Lawful basis |
|---|---|
| Responding to your enquiry | Legitimate interests / Pre-contractual steps at your request |
| Providing the Service to your organisation | Performance of a contract |
| Sending marketing emails | Consent (where required) or Legitimate interests |
| Improving the Service | Legitimate interests |
| Meeting legal obligations | Legal obligation |
You have the right to object to processing based on legitimate interests at any time — see section viii.
v.Who we share with
We do not sell your personal data. We share it only with:
- Service providers who help us run the Site and Service — including our hosting provider (Vercel), our domain registrar (Porkbun), email service providers, and any AI infrastructure providers we use to deliver the Service. These providers are bound by contracts to protect your data.
- Professional advisers such as our accountants and lawyers, where reasonably necessary.
- Public authorities where required by law, such as in response to a court order or a request from a regulator.
- A successor in the event of a merger, acquisition, or sale of all or part of our business.
A current list of our key sub-processors is available on request from hello@bryndeli.co.uk.
vi.International transfers
Where possible, we host data in the UK. Some of our service providers (for example, software infrastructure providers) may process data in the European Economic Area, the United States, or other countries.
Where data is transferred outside the UK or EEA, we rely on UK adequacy regulations or we put in place appropriate safeguards such as the UK International Data Transfer Agreement or the EU Standard Contractual Clauses with the UK Addendum. You can request a copy of the safeguards by contacting us.
vii.How long we keep it
We keep personal data only for as long as necessary for the purposes set out in this policy, or as required by law. Specifically:
- Enquiries and demo requests: up to 24 months from your last interaction with us, unless you become a customer.
- Customer data: for the duration of the contract with your organisation, plus a reasonable period afterwards as set out in our customer agreement.
- Server logs: typically 30 days, except where retained for security investigations.
- Financial records: 6 years, as required by HMRC.
viii.Your rights
Under UK GDPR you have the following rights in relation to your personal data:
- Access: ask us what data we hold on you.
- Rectification: ask us to correct inaccurate data.
- Erasure: ask us to delete your data ("the right to be forgotten"), subject to legal exceptions.
- Restriction: ask us to limit how we use your data.
- Portability: ask us to send your data to another provider in a structured, machine-readable format.
- Objection: object to processing based on legitimate interests, including direct marketing.
- Withdraw consent: where we rely on consent, withdraw it at any time.
- Complain: lodge a complaint with the UK Information Commissioner's Office at ico.org.uk if you think we have mishandled your data.
To exercise any of these rights, contact us at hello@bryndeli.co.uk. We will respond within one calendar month.
ix.Cookies
The Site currently uses only strictly necessary cookies — those that are required for the Site to function, such as session cookies. We do not currently use analytics, advertising, or tracking cookies.
If we add analytics or tracking cookies in the future, we will update this policy and ask for your consent through a cookie banner.
x.Security
We take security seriously and have implemented appropriate technical and organisational measures to protect your data, including:
- Encryption in transit (HTTPS/TLS) and at rest where technically feasible.
- Access controls limiting who at Bryndeli can access personal data.
- Vendor due diligence on all sub-processors.
- Alignment with the NHS Data Security and Protection Toolkit (DSPT) standards as we scale.
No system is perfectly secure, and we cannot guarantee absolute security. If we become aware of a data breach affecting your personal data, we will notify you and the Information Commissioner's Office in accordance with UK GDPR.
xi.Children
The Site and Service are not intended for children. We do not knowingly collect personal data from anyone under the age of 18 through the Site. If you believe we have inadvertently collected data from a child, contact us and we will delete it.
This is separate from any data about service users (including children) that may appear in care plans uploaded to the Service by a care provider — that data is processed on behalf of the care provider as data controller and governed by their own privacy notices and our customer agreement.
xii.Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top of this page reflects the most recent version. For material changes, we will notify users with active accounts by email at least 30 days before the changes take effect.
xiii.How to contact us
If you have any questions, requests, or complaints about this policy or how we handle your data, please contact us at:
Bryndeli Ltd
Telford, United Kingdom
Email: hello@bryndeli.co.uk
You also have the right to lodge a complaint with the UK Information Commissioner's Office at ico.org.uk or by phone on 0303 123 1113.