Privacy notice

This notice explains what personal data Safely Bio Ltd (“safely.bio”, “we”, “us”) collects when you interact with us, why, how long we keep it, and what rights you have. It applies to safely.bio and any subdomain or product we operate, unless that product publishes its own notice.

We are the data controller. You can reach us at hello@safely.bio. Safely Bio Ltd is registered in England and Wales.

We collect personal data in three ways:

• You give it to us: for example, when you submit our interest form (your email address and the product you expressed interest in), email us, or apply for a pilot or job. If we onboard you to a product we may also collect your name, organisation, role, and information you choose to provide.
• We collect it automatically when you visit the site: your IP address and user-agent string (used for abuse prevention and security), and aggregated, anonymous traffic data via Vercel Analytics. Vercel Analytics does not set cookies and does not track individuals across sites.
• We receive it from third parties: for example, public professional information (e.g. published affiliations) used to assess eligibility for pilot programmes. We do not buy marketing lists.

We process personal data only for the purposes listed below:

• Responding to your interest: to contact you about the product you opted in for, and related products if you ask. Lawful basis: your consent, given when you submit the form. You can withdraw consent at any time.
• Operating our products and services: to provide, secure, support, and improve them. Lawful basis: performance of a contract with you (if you are a customer) and our legitimate interests in running and improving the service.
• Site security and abuse prevention: including rate-limiting and detecting automated abuse. Lawful basis: our legitimate interests in keeping the service secure.
• Compliance with law: for example, sanctions screening where required. Lawful basis: legal obligation.

The marketing site does not set tracking cookies. We use Vercel Analytics, which is cookieless. If we add features that require cookies (for example, a logged-in product area), we will surface a clear consent banner and update this notice.

We share personal data only with service providers we need to run the business, under written agreements that restrict their use of the data:

• Hosting and storage: Vercel Inc. and its sub-processors (USA / EEA).
• Email and productivity: Google (Workspace).
• Identity verification, sanctions, and screening providers: only when you onboard to Verify or use a service that performs verification, and only the data needed for that check.

We may also disclose personal data if required by law, court order, or valid legal request, or to protect the rights, property, or safety of safely.bio, our users, or others. We do not sell personal data and do not share it with third parties for their own marketing.

Some of our processors (notably Vercel and Google) are based in or transfer data to the United States. Where data leaves the UK or EEA, we rely on appropriate safeguards (such as the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, or an applicable adequacy decision) to keep your data protected to the same standard.

We keep personal data only for as long as we need it for the purpose we collected it for, then delete or anonymise it. As a guide:

• Interest-form emails: until the product you opted in for is generally available, or for two years from your last interaction, whichever is sooner.
• Customer account data: for the duration of the contract and for as long as we are required to keep it for legal, accounting, or audit reasons (typically up to seven years after the relationship ends).
• Server logs and abuse-prevention data: typically up to 90 days, except where we need to retain specific entries to investigate a security incident.

You can ask us to delete your data sooner at any time.

We use industry-standard technical and organisational measures to protect personal data, including encryption in transit, access controls, least-privilege practices, and regular review of our processors. No system is perfectly secure, but we work to minimise risk and to respond quickly if something goes wrong.

If we become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the UK Information Commissioner’s Office within 72 hours where required, and notify you without undue delay where the risk is high.

Under UK GDPR you have the right to access the personal data we hold about you, to ask us to correct or delete it, to restrict or object to certain processing, to receive a copy in a portable format, and to withdraw consent at any time where we rely on it. To exercise any of these rights, email hello@safely.bio. You can also complain to the UK Information Commissioner’s Office (ico.org.uk) if you are unhappy with how we have handled your data.

Our services are intended for professional and research use. We do not knowingly collect personal data from anyone under 16. If you believe a child has shared personal data with us, contact hello@safely.bio and we will delete it.

We may update this notice as our products and processors change. The “Last updated” date above will reflect the most recent change. For material changes affecting how we use existing data, we will contact you by email where we have one for you.

For any questions about this notice or how we handle personal data, contact hello@safely.bio.