Privacy Policy

Skyie Global Technologies Ltd ("Company", "we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use SkyieMail services ("Services"). We are registered with the Information Commissioner's Office (ICO) and comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws. This policy applies to all users of our Services, including website visitors, account holders, and enterprise customers.

Skyie Global Technologies Ltd is the data controller responsible for your personal data. Contact Details: Company: Skyie Global Technologies Ltd Email: privacy@skyiemail.co.uk Website: https://skyiemail.co.uk Data Protection Officer: For data protection enquiries, please contact our DPO at dpo@skyiemail.co.uk You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated: Website: https://ico.org.uk Telephone: 0303 123 1113

We collect the following categories of personal data: Account Information: • Name and contact details (email address, phone number) • Organisation name and business details • Account credentials (encrypted) • Billing information and payment details Communication Data: • Email content, metadata, and attachments • Sender and recipient information • Timestamps and delivery status • Digital signatures and verification data Technical Data: • IP addresses and device information • Browser type and version • Operating system • Access logs and session data • Cookies and similar technologies Usage Data: • Service usage patterns and preferences • Feature utilisation statistics • Performance and error data We do not collect special category data (sensitive personal data) unless specifically required for our Services and with your explicit consent.

We process your personal data based on the following legal grounds under UK GDPR: Contract Performance (Article 6(1)(b)): • Providing and maintaining our Services • Processing your emails and communications • Account management and customer support Legitimate Interests (Article 6(1)(f)): • Improving and optimising our Services • Fraud prevention and security measures • Business analytics and service development Legal Obligation (Article 6(1)(c)): • Compliance with legal and regulatory requirements • Responding to lawful requests from authorities • Maintaining required records and audit trails Consent (Article 6(1)(a)): • Marketing communications (where applicable) • Optional features requiring explicit consent • Cookies for non-essential purposes You may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

We use your personal data for the following purposes: Service Delivery: • Providing secure email communication services • Processing, storing, and delivering your messages • Generating cryptographic evidence and audit trails • Creating compliance reports and evidence exports Account Management: • Creating and managing your account • Processing payments and billing • Providing customer support • Sending service-related notifications Security and Compliance: • Protecting against unauthorised access • Detecting and preventing fraud • Maintaining security logs and audit trails • Ensuring compliance with legal obligations Service Improvement: • Analysing usage patterns to improve features • Conducting research and development • Troubleshooting technical issues • Optimising performance and reliability We do not sell your personal data to third parties. We do not use your email content for advertising purposes.

We may share your data with the following categories of recipients: Service Providers: • Cloud infrastructure providers (data hosting) • Payment processors (billing only) • Security and authentication services • Customer support tools All service providers are bound by data processing agreements and are required to implement appropriate security measures. Legal and Regulatory: • Law enforcement when required by law • Regulatory authorities (ICO, etc.) • Legal proceedings where necessary Business Transfers: • In the event of merger, acquisition, or sale of assets • You will be notified of any change in data controller Enterprise Customers: • Organisation administrators may access account data • As specified in your enterprise agreement We require all third parties to respect the security of your data and treat it in accordance with applicable law.

Your data is primarily stored and processed within the United Kingdom and European Economic Area (EEA). Where we transfer data outside the UK/EEA, we ensure appropriate safeguards are in place: • UK Adequacy Decisions - transfers to countries deemed adequate • Standard Contractual Clauses (SCCs) approved by the ICO • UK International Data Transfer Agreement (IDTA) • Binding Corporate Rules where applicable You may request information about specific safeguards for international transfers by contacting our DPO.

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected: Active Account Data: • Retained while your account is active • Deleted within 30 days of account closure (upon request) Email Content: • Retained according to your account settings • Enterprise retention policies as configured • Minimum retention for legal compliance purposes Audit Logs: • Security logs: 12 months • Compliance audit trails: As required by regulation (typically 7 years) • Evidence records: As specified in your retention policy Billing Records: • Financial records: 7 years (legal requirement) • Payment card data: Not stored (processed by payment provider) Backup Data: • Encrypted backups retained for disaster recovery • Deleted within 90 days of primary data deletion You may request early deletion subject to our legal obligations.

Under UK GDPR, you have the following rights: Right of Access (Article 15): Request a copy of your personal data and information about how it is processed. Right to Rectification (Article 16): Request correction of inaccurate or incomplete personal data. Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten") in certain circumstances. Right to Restrict Processing (Article 18): Request limitation of processing in certain circumstances. Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format and transfer it to another controller. Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing. Rights Related to Automated Decision-Making (Article 22): Not be subject to decisions based solely on automated processing that significantly affect you. To exercise your rights: • Email: privacy@skyiemail.co.uk • Account Settings: Self-service data export available • Response Time: Within 30 days of verified request We may request identity verification before processing your request.

We implement comprehensive security measures to protect your data: Technical Measures: • End-to-end encryption for email communications • TLS 1.3 for data in transit • AES-256 encryption for data at rest • Multi-factor authentication available • Regular security audits and penetration testing Organisational Measures: • Staff training on data protection • Access controls and least privilege principle • Incident response procedures • Vendor security assessments Certifications: • Cyber Essentials Certified • ICO Registered • GDPR Compliant • Regular third-party security assessments In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the ICO within 72 hours as required by UK GDPR.

We use cookies and similar technologies on our website and Services: Essential Cookies: • Authentication and session management • Security features • Service functionality These are necessary for the Services to function and cannot be disabled. Analytics Cookies: • Understanding how users interact with our Services • Improving user experience • Performance monitoring These are used only with your consent. Preference Cookies: • Remembering your settings and preferences • Personalising your experience These are used only with your consent. You can manage cookie preferences through: • Your browser settings • Our cookie consent banner • Account privacy settings For more information, see our Cookie Policy.

Our Services are not intended for children under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly. If you believe we have collected data from a child, please contact us immediately at privacy@skyiemail.co.uk.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Notification of Changes: • Material changes will be notified via email or in-app notification • 30 days' notice will be provided for significant changes • The "Last Updated" date will be revised Continued use of the Services after changes take effect constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

For questions, concerns, or requests regarding this Privacy Policy or your personal data: General Privacy Enquiries: Email: privacy@skyiemail.co.uk Data Protection Officer: Email: dpo@skyiemail.co.uk Postal Address: Skyie Global Technologies Ltd Privacy Team United Kingdom Subject Access Requests: Email: sar@skyiemail.co.uk Or use the self-service export feature in your account settings. Complaints: If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office: Website: https://ico.org.uk Telephone: 0303 123 1113 Response Time: We aim to respond to all enquiries within 5 business days. Formal data protection requests will be addressed within 30 days.