Privacy Policy

Last updated: 1 January 2025

1. Introduction

EchoGrant ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. By using our services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide, including:

  • Registration information: Company name, your name, email address, role/title, company size
  • Contact information: Email address, phone number
  • Business information: Details about your business, sector, and funding interests
  • Communications: Messages you send us through our contact forms or email

2.2 Information Collected Automatically

When you visit our website, we may automatically collect certain information, including:

  • IP address and location data
  • Browser type and version
  • Device information
  • Pages visited and time spent on pages
  • Referring website

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process your registration and manage your account
  • Send you updates about EchoGrant, including launch notifications
  • Respond to your enquiries and provide customer support
  • Analyse website usage to improve user experience
  • Comply with legal obligations

4. Legal Basis for Processing

We process your personal data based on:

  • Consent: Where you have given explicit consent (e.g., marketing communications)
  • Contract: Where processing is necessary for a contract with you
  • Legitimate interests: Where we have a legitimate business interest that does not override your rights
  • Legal obligation: Where we need to comply with the law

5. Data Sharing

We may share your information with:

  • Service providers: Third parties who help us operate our business (e.g., Formspree for form submissions, Vercel for hosting)
  • Analytics providers: Such as Google Analytics (only with your consent)
  • Legal requirements: When required by law or to protect our rights

We do not sell your personal information to third parties.

6. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Registration data is retained until you request deletion or unsubscribe from our communications.

7. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate personal data
  • Request erasure of your personal data
  • Restrict processing of your personal data
  • Data portability
  • Object to processing
  • Withdraw consent at any time

To exercise these rights, contact us at hello@cavefish.co.uk.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit and at rest
  • Secure hosting in UK/EU data centres
  • Access controls and authentication
  • Regular security assessments

9. International Transfers

Your data is primarily stored and processed within the UK and European Economic Area. Where data is transferred outside this area, we ensure appropriate safeguards are in place.

10. Cookies

We use cookies to enhance your experience. For details, please see our Cookie Policy.

11. Children's Privacy

Our services are not intended for individuals under 18. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: hello@cavefish.co.uk

14. Supervisory Authority

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated. Visit ico.org.uk for more information.