Last updated: January 2026
FairLedger Ltd ("FairLedger", "we", "our", "us") is a company registered in England and Wales. FairLedger is the Data Controller for the personal data collected through this website. For personal data we process on behalf of our customers as part of the FairLedger service, we act as Data Processor under a written processing agreement.
This policy explains how we collect, use, share and protect personal data collected via this website and via direct correspondence — including discovery-call requests, contact form submissions, newsletter subscriptions, and security or third-party assurance correspondence. Processing activities inside the FairLedger platform on behalf of customer firms are governed by the Data Processing Agreement between FairLedger and each customer.
Responding to enquiries and discovery-call requests — legitimate interests (Article 6(1)(f) UK GDPR): to respond to unsolicited business enquiries directed to us.
Marketing emails (monthly Insights) — consent (Article 6(1)(a) UK GDPR); explicit opt-in only; withdrawable at any time via the unsubscribe link in every email.
Security monitoring and abuse prevention — legitimate interests (Article 6(1)(f) UK GDPR): to keep our service secure and available.
Meeting legal and regulatory obligations — legal obligation (Article 6(1)(c) UK GDPR): where required by UK law.
We do not sell personal data and we do not share it for third-party advertising. We share personal data only with:
A current sub-processor list is available on request via the contact form.
Our production infrastructure is UK-hosted. Where a sub-processor is located outside the UK, transfers are protected by UK adequacy regulations or by the ICO International Data Transfer Agreement / Addendum to the EU Standard Contractual Clauses, with a Transfer Risk Assessment on file.
This site uses strictly necessary cookies only and privacy-first analytics that do not set cross-site tracking cookies. See the Cookie Policy for detail. The scheduling embed on the discovery-call page loads content from a third-party scheduling provider; personal data you enter into that embed is processed by the provider under its own privacy notice.
Under UK GDPR you have the right to access, rectification, erasure, restriction of processing, portability, and to object to processing based on legitimate interests. You also have the right to withdraw consent at any time where processing is based on consent. To exercise any of these rights, contact us via the form on the Contact page. We respond to verified requests within one month.
You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint.
We apply technical and organisational measures appropriate to the sensitivity of the data we process: UK data residency by default, encryption in transit and at rest, tenant-scoped isolation, least-privilege access, audit logging, and a documented incident-response process. See the Security & Compliance page.
We review this policy at least annually and when we make material changes to our processing. The "last updated" date at the top of the page reflects the most recent revision. Prior versions are retained internally and available on request.
For any privacy-related enquiry or to exercise your data rights, use the Contact page and mark your message "Privacy".