Skip to main content
FairLedger
Privacy

Privacy Policy

Last updated: January 2026

1. Who we are

FairLedger Ltd ("FairLedger", "we", "our", "us") is a company registered in England and Wales. FairLedger is the Data Controller for the personal data collected through this website. For personal data we process on behalf of our customers as part of the FairLedger service, we act as Data Processor under a written processing agreement.

2. Scope of this policy

This policy explains how we collect, use, share and protect personal data collected via this website and via direct correspondence — including discovery-call requests, contact form submissions, newsletter subscriptions, and security or third-party assurance correspondence. Processing activities inside the FairLedger platform on behalf of customer firms are governed by the Data Processing Agreement between FairLedger and each customer.

3. Personal data we collect

  • Contact and enquiry data: name, work email address, firm, role, LinkedIn URL (where provided), the content of your message, and the page from which you submitted the form.
  • Consent evidence: the timestamp of your submission, whether you confirmed the privacy notice, whether you opted in to marketing, and your browser user-agent string.
  • Technical data: IP address, request logs, and standard server logs retained for security monitoring.
  • Scheduling data: if you book a discovery call via our scheduling provider, that provider processes your name, email and calendar availability under its own terms (see Section 8).

4. Purposes and lawful bases

Responding to enquiries and discovery-call requests — legitimate interests (Article 6(1)(f) UK GDPR): to respond to unsolicited business enquiries directed to us.

Marketing emails (monthly Insights) — consent (Article 6(1)(a) UK GDPR); explicit opt-in only; withdrawable at any time via the unsubscribe link in every email.

Security monitoring and abuse prevention — legitimate interests (Article 6(1)(f) UK GDPR): to keep our service secure and available.

Meeting legal and regulatory obligations — legal obligation (Article 6(1)(c) UK GDPR): where required by UK law.

5. Retention

  • Enquiry and contact-form submissions: 24 months from submission, unless the enquiry becomes an ongoing customer relationship.
  • Newsletter subscriber records: until you unsubscribe, then 12 months for consent-evidence purposes.
  • Security and access logs: 12 months.
  • Contractual records with customers and suppliers: 7 years from end of the relationship, for tax and legal purposes.

6. Sharing

We do not sell personal data and we do not share it for third-party advertising. We share personal data only with:

  • Our infrastructure, database and hosting providers acting as processors under written contract, primarily located in the UK and EEA.
  • Our email delivery and scheduling providers.
  • Our professional advisers (legal, accounting, insurance) where necessary.
  • Regulators, law enforcement or courts where we are legally required to.

A current sub-processor list is available on request via the contact form.

7. International transfers

Our production infrastructure is UK-hosted. Where a sub-processor is located outside the UK, transfers are protected by UK adequacy regulations or by the ICO International Data Transfer Agreement / Addendum to the EU Standard Contractual Clauses, with a Transfer Risk Assessment on file.

8. Cookies and third parties on this site

This site uses strictly necessary cookies only and privacy-first analytics that do not set cross-site tracking cookies. See the Cookie Policy for detail. The scheduling embed on the discovery-call page loads content from a third-party scheduling provider; personal data you enter into that embed is processed by the provider under its own privacy notice.

9. Your rights

Under UK GDPR you have the right to access, rectification, erasure, restriction of processing, portability, and to object to processing based on legitimate interests. You also have the right to withdraw consent at any time where processing is based on consent. To exercise any of these rights, contact us via the form on the Contact page. We respond to verified requests within one month.

You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint.

10. Security

We apply technical and organisational measures appropriate to the sensitivity of the data we process: UK data residency by default, encryption in transit and at rest, tenant-scoped isolation, least-privilege access, audit logging, and a documented incident-response process. See the Security & Compliance page.

11. Changes to this policy

We review this policy at least annually and when we make material changes to our processing. The "last updated" date at the top of the page reflects the most recent revision. Prior versions are retained internally and available on request.

12. Contact

For any privacy-related enquiry or to exercise your data rights, use the Contact page and mark your message "Privacy".