Privacy Policy

Who we are

This Privacy Policy provides you with details of how we collect and store your personal data through your use of our site, including any information you may provide through our site when you purchase a product or service, sign up to our newsletter, or when you make use of our membership services and/or Community Forum.

This Privacy Policy addresses where Protolyst (referred to as ‘we’, ‘us’ or ‘our’ in this privacy policy) act as Controllers in respect of personal information that we process in connection with our business.

We may update this Privacy Policy from time to time and we will publish the latest version on our site and would encourage you to visit our site regularly to stay informed of how we use your data.

If you have any questions regarding this Privacy Policy, please contact us at or using the details below

Contact Details

Our full contact details are:
Full Name: Protolyst Technologies Ltd.

Email Address:

Postal Address: Data Protection, Protolyst Technologies Ltd., Park House Business Centre, 10 Park Street, Bristol, BS1 5HX

If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues ( However, we would appreciate the chance to deal with your concerns before you approach the ICO, so please contact us so that we can try to resolve it for you.

It is important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at

The Data we Collect and Use

Personal data means any information capable of identifying an individual. It does not include anonymised data.

We collect, process and use the following kinds of personal data at the start of and during your relationship with us:

  • Identity, Contact and Financial Data – may include title, first name, last name, date of birth, email address, gender, billing address, bank account and payment card details. The purpose of collection and processing of this data is so we can register you as a customer, so you can use our services and so we can contact you about any customer service issue.
  • Transaction Data – may include details about payments and purchases made by you. The purpose of collection is to process and deliver your service.
  • Technical Data – may include your login data, internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform. The purpose of processing of this data is to support your access to our site
  • Profile Data – may include your username and password, purchases or orders, customer service issues and preferences. The purpose is to manage our relationship with you to contact you about any customer service issue, and so you can use our services.
  • Marketing and Communications Data – may include first name, last name, email address, phone number, preferences in receiving marketing communications from us and third parties and your communication preferences. The purpose is to provide you with marketing and promotional materials
  • Usage and Cookies Data – may include information about your visit such as the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), pages you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs), login events and methods used to browse away from the page. The purpose is to understand how you use our site and service, in order to improve and develop the services we provide and better inform our marketing strategies.
  • Analytics – includes use of third-party analytics services (such as Google Analytics) to evaluate your use of our site, compile reports on activity, collect demographic data, analyse performance metrics and collect and evaluate other information relating to the site and usage. These third parties use cookies and other technologies to help analyse and provide us the data.

We may also process Aggregated Data from your personal data, but this data does not reveal your identity and as such in itself is not personal data. As an example, where we review your Usage Data to work out the perecentage of website users viewing a particular page on our site.

We do not seek to collect any Sensitive Data about you. Sensitive Data includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.

We have installed Microsoft Clarity to capture the interactions on our website such as how the page has rendered and what interactions users undertake such as mouse movements, clicks, scrolls, etc. By default, any sensitive content such as passwords, usernames, etc. are masked before sending to Clarity. Clarity is GDPR complaint as a data controller. Microsoft Clarity Cookies are used to collect the information described above. You can find out more about their terms here

We also use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback.

Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.

Our AI tools are powered by OpenAI through an API connection. OpenAI does not use data submitted to and generated by their API to train OpenAI models or improve OpenAI’s service offering.

For further details, please see OpenAI’s privacy policy and Data Usage Policy

How we Collect Your Information

Your information is made up of personal data we collect and hold about you and your transactions with us and includes;

  • information you give us;
  • information we receive from third parties, including third parties who provide services to us and our commercial partners, typically through your name and contact details;
  • information we learn about you through our relationship with you and the way you operate your products;
  • Information that we gather about the technology which you use to access our services.

We may also receive personal data about you from various third parties and public sources as set out below:

  • analytics providers such as Google and Mixpanel,
  • search information providers such as Google,
  • Contact, Financial and Transaction Data from providers of technical, payment and delivery services such as Stripe, Paypal and Xero,
  • Electronic mail service providers such as SendGrid,

Please note that if you do not agree to provide us with information we request, it may not be possible for us to continue to operate your account and/or provide our products and services to you.

How we Use your Personal Data

We will only use and share your information where is is necessary for us to carry out our lawful business activities. The lawful bases for processing your data are described below and in some cases there may be more than one lawful basis for processing your information

Contractual Obligation

We may process your information where it is necessary to enter into a contract with you for the provision of our products and services. This may include but is not limited to:

registering you as a customer, processing and delivering your products and services including management of payments, and managing our relationship with you.

Legal Obligation

When you apply for a product or service, and throughout your relationship with us we are required by law to collect and process certain personal data about you. This may include but is not limited to:

investigating and resolving complaints, establishment and defence of our legal rights, compliance with legal and regulatory requirements, notifying you about changes to terms or privacy policy.

Legitimate Interests

We may process your information where it is in our legitimate interest to do so as an organisation and without prejudicing your interests or fundamental rights and freedoms. This may include but is not limited to:
make suggestions and recommendations about services that may be of interest to you, deliver relevant content to you via our site or directly, protect the security of our business, monitor the performance and effectiveness of our products and services, managing and maintaining our relationship with you.

Marketing Communications

You will receive marketing communications from us if you have:

  • requested information from us or purchased goods or services from us; or
  • if you provided us with your details and ticked the box at the point of entry of your details for us to send you marketing communications; and
  • in each case you have not opted out of receiving that marketing

We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.

You can ask us or any third parties to stop sending you marketing messages at any time by following the opt-out links or by emailing us at at any time.

Sharing your Information with Third Parties

We may have to share your information with third parties under the following circumstances:

  • we have your permission
  • where required for your product or service
  • with third parties providing services to us including commercial partners and service providers such as for the purposes of securing payments, marketing and optimising our services;
  • with any third party that purchases or to which we transfer all or substantially all or our assets and business;
  • with law enforcement agencies, regulators, government authorities and or other third parties where we believe it is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.

We require all third parties to whom we transfer data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.

At Your Option

In certain circumstances, you may have the option of sharing information with others yourself as part of our community (e.g. if you give out personal data in a publicly accessible Community Forum). You should be aware that personal data that you voluntarily include and transmit online in a publicly accessible blog, chat room, social media platform or otherwise online or that you share in an open forum may be viewed and used by others without any restrictions. We are unable to control such uses of your data and by using such services, you assume the risks that the personal data you provide may be viewed and used by third parties for any number of purposes.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Find out more about our Data Security

How Long we Keep Your Information

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.

We keep and maintain records to help us best serve our customers for example, in order to investigate and resolve queries relating to your products and services and in line with legal and regulatory requirements.

By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes. This period may change based on changes in our business or our legal and regulatory obligations.

Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:

  • request access to your personal data
  • request correction of your personal data
  • request erasure of your personal data
  • object to processing of your personal data
  • request restriction of processing your personal data
  • request transfer of your personal data
  • right to withdraw consent

You can find out more about these rights at:

If you wish to exercise any of the above rights please contact us at:

You will not have to pay a fee to access your personal data (or to exercise any of these rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to confirm your identity and ensure your right to access your personal data (and exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Third Party Links

This website and our Community Forum may include embedded content and/or links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy note of every website you visit.


You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

Your Data on the Community Forum

As mentioned above, in certain circumstances, you may have the option of sharing information with others yourself as part of our community. You should be aware that personal data that you voluntarily include and transmit online in a publicly accessible blog, chat room, social media platform or otherwise online or that you share in an open forum may be viewed and used by others without any restrictions. We are unable to control such uses of your data and by using such services, you assume the risks that the personal data you provide may be viewed and used by third parties for any number of purposes.

Forum Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help with spam detection.

As part of our spam detection, an anonymized string created from your email address (also called a hash) may be provided to the Gravatar service. The Gravatar service privacy policy is available here:

After approval of your comment, your profile picture is visible to the public in the context of your comment.

If you leave a comment, the comment and its metadata are retained indefinitely. This is to improve the experience of other visitors to the forum and site.

Uploading Media to the Forum

If you upload images to the website, we would recommend avoiding images with embedded location data (e.g. EXIF GPS) included. Visitors to the site can download and extract any location data from images on the website.