How we handle
your data.

Sifotech UK Ltd(“Sifotech”, “we”, “us”) is a company incorporating in England & Wales (May 2026), registered office in Dewsbury, West Yorkshire. Our Companies House number and UK Information Commissioner's Office (ICO) registration will be published here once issued; both are available on request in the meantime.

For any data-protection questions, contact us at hello@sifotech.co.uk.

From enquiry forms: name, email address, company (optional), project type, budget range, message contents, IP address, user agent and submission time.

From browsing: cookieless analytics page view counts. We do not set any marketing or advertising cookies. See our cookie policy.

From clients: contractual contact details and anything you choose to share with us during a project. We never process special-category data unless contractually required and properly safeguarded.

We use your data to (a) reply to your enquiry, (b) deliver projects you have contracted us for, (c) comply with our legal obligations, and (d) defend against fraud and abuse.

Our lawful bases are normally legitimate interests (responding to your message), contract (delivering a project) and legal obligation (tax, accounting, safeguarding).

Enquiry messages: 24 months from last contact, then anonymised or deleted. Client project data: for the contract duration plus 7 years for accounting and tax compliance. Analytics: aggregated only, retained 13 months.

We use a small number of trusted UK / EU / US providers to host, deliver and operate our services. See the live list on our trust centre including data residency and purpose.

Under UK GDPR you have the right to:

• be informed about how we use your data;
• access the personal data we hold on you;
• correct inaccurate data;
• request erasure ("right to be forgotten");
• restrict or object to processing;
• data portability for data you have provided;
• not be subject to solely-automated decisions with legal effect.

To exercise any of these rights, email hello@sifotech.co.uk. We respond within 30 days. You may also complain to the ICO at ico.org.uk.

Production data is held in UK or EU regions by default. Where a subprocessor (such as our AI provider) operates in the US, transfers rely on UK adequacy decisions, standard contractual clauses or equivalent safeguards.

Encryption in transit (TLS 1.3) and at rest (AES-256). Role-based access. Audit logging on every mutation. See the trust centre for the full picture.

We may update this notice from time to time. The version date is shown at the top of the page. Material changes will be flagged on the home page for at least 30 days.