Locked Stack Privacy Policy

Last updated: 14 January 2026

Locked Stack operates globally under the Locked Stack™ brand through regionally established legal entities, including Locked Stack Ltd. in the United Kingdom and Locked Stack Inc. in the United States. We are committed to protecting personal data and handling it in a lawful, transparent, and secure manner.

This Privacy Policy explains how personal data is collected, used, and protected when you interact with our websites, services, and communications. It is intended to meet the requirements of applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and relevant United States privacy laws.

DATA CONTROLLERS

Personal data is processed by the appropriate Locked Stack legal entity depending on your location and the services provided. Each entity acts as an independent data controller in its respective jurisdiction.

Privacy enquiries may be directed to: dpo@lockedstack.com

PERSONAL DATA WE COLLECT

We collect limited personal data necessary for business operations and service delivery, which may include:

  • Names and organisation details

  • Business email addresses and telephone numbers

  • Technical and usage data such as IP address, browser type, and device information when accessing our websites

We do not intentionally collect sensitive or special category personal data.

HOW WE USE PERSONAL DATA

Personal data may be used to:

  • Provide and manage our services

  • Respond to enquiries and communicate with clients and business contacts

  • Deliver operational, contractual, and service-related communications

  • Meet legal, regulatory, and contractual obligations

  • Maintain and improve our services, security controls, and internal processes

  • Marketing communications are issued only where permitted by law and may be opted out of at any time.

We do not use personal data for automated decision-making or profiling.

LEGAL BASIS FOR PROCESSING

Where required by law, personal data is processed on one or more of the following bases:

  • Consent

  • Contractual necessity

  • Legitimate business interests

  • Compliance with legal or regulatory obligations

DATA SHARING AND INTERNATIONAL TRANSFERS

Personal data may be shared with trusted service providers, professional advisers, regulators, or successor organisations where necessary and lawful. All third parties are subject to appropriate confidentiality and data protection obligations.

Personal data may be processed outside your country of residence. Where required, appropriate safeguards are applied, including adequacy decisions or contractual protections.

Locked Stack does not sell personal data.

DATA SECURITY AND RETENTION

Appropriate technical and organisational measures are applied to protect personal data from unauthorised access, loss, misuse, alteration, or disclosure.

Personal data is retained only for as long as necessary to meet lawful business, contractual, and regulatory requirements.

YOUR RIGHTS

Depending on your location, you may have rights to:

  • Access personal data held about you

  • Request correction or deletion of personal data

  • Object to or restrict certain processing activities

  • Withdraw consent where processing is based on consent

  • Lodge a complaint with a relevant supervisory authority

Requests may be submitted to dpo@lockedstack.com.

CHILDREN’S DATA

Our services are not directed at children, and we do not knowingly collect personal data from minors.

POLICY UPDATES

This Privacy Policy may be updated periodically to reflect changes in law, regulation, or business practices. Continued use of our services constitutes acceptance of the current version.

THIRD-PARTY SERVICES

Our websites may include links to third-party websites or services. This Privacy Policy does not apply to third-party services, and Locked Stack is not responsible for their privacy practices. Users are encouraged to review applicable third-party privacy policies.