Privacy Notice
Version … | Version Effective Date: … | UK GDPR & DPA 2018 | Controller: Formulize Ltd
1. Who We Are and How to Contact Us
Formulize Ltd (company number 15114266, registered in England and Wales) is the data controller responsible for your personal information. Our registered office is at 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ.
If you have any questions about this Privacy Notice, wish to exercise your data subject rights, or have a concern about how we handle your personal information, please contact us:
Data Controller — Formulize Ltd
General info@formulize.io
Privacy & DSARs privacy@formulize.io
Post 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
Response time We respond to DSARs and rights requests within one calendar month
We are currently a small business and do not have a designated Data Protection Officer (DPO). If our processing activities expand to the point that a DPO is required under Article 37 UK GDPR, we will appoint one and update this Notice.
2. Scope of This Notice
This Privacy Notice explains how Formulize Ltd collects, uses, stores, and protects personal data in connection with:
- the formulize.io website and platform (the "Platform");
- the registration and management of user accounts; and
- the provision of the Formulize engineering calculation software (the "Program").
This Notice does not cover data processed by third-party websites or services accessible via links on our Platform.
3. What Personal Data We Collect
3.1 Data you provide to us
| Category | Data collected |
|---|---|
| Account registration |
First name, last name, email address, organisation name, engineering discipline (Civil, Mechanical, Geotechnical, or Other), password (stored as a salted cryptographic hash — we never store your password in plain text). Phone number (optional) — retained on your account profile as an optional contact detail for account support purposes. All Platform features are available without providing a phone number. We do not use your phone number for marketing or automated messaging. Profile avatar image (optional) — displayed only on your own account screens within the Platform (navigation bar). Avatar images are not shared publicly, not visible to other users, not used for facial recognition or analysis, and are permanently deleted on account deletion. |
| User declaration — Professional Track | Profession type, professional body or licensing authority, membership or licence number (e.g. PE, P.Eng., ICE membership), country and state or province of practice, licence type, years qualified, and (for US users, optionally) NCEES ID. All fields are stored verbatim as submitted. A timestamped record of your confirmation checkbox is also retained. |
| User declaration — Student Track | Profession type (student), institution name, degree programme (BEng, MEng, MSc, or Other), and self-identification as unlicensed. A timestamped record of your confirmation checkbox and the EULA version accepted are also retained. No professional licence or membership number is collected for student users. |
| Support communications | Name, email address, and any information you include in support requests or correspondence. |
| Payment data (future) | When subscription billing is introduced, payment data will be processed by a regulated third-party payment provider. We will not store card details. Our chosen provider will be identified in this Notice before billing is activated. |
| Platform feedback | Responses to optional community polls displayed on the Platform — which option you selected and when. Participation is entirely voluntary. Poll responses are linked to your account for de-duplication and audit purposes and used solely to inform platform development priorities. Individual responses are not shared with or visible to other users; results are reported in aggregate only. |
3.2 Data we collect automatically
| Category | Data collected |
|---|---|
| Login & security logs | Date and time of login, IP address, browser type and version, whether two-factor authentication was used. Accessible to you via My Account → Login History. |
| Usage & diagnostic data | Pages and features accessed, session duration, error reports, device type and operating system. Used solely for platform maintenance and improvement. |
| Server log data | Standard web server access logs (including IP address, request metadata, and timestamps) collected for security and operational purposes. |
| Declaration submission context | At the moment you submit your declaration (whether on the Professional or Student Track), we record your IP address, browser type and version (User-Agent string), and a cryptographic hash of the submitted declaration fields. This data is retained separately from general server logs and is used solely for legal audit purposes. It is not used for analytics, advertising, or profiling. |
| Policy acceptance context | When you accept a version of our Terms & Conditions, Privacy Notice, or other policy document, we record your IP address and browser type and version (User-Agent string) at the moment of acceptance. This data is cleared immediately on account deletion and is used solely to evidence that you accepted the applicable policy version. It is not used for analytics, advertising, or profiling. |
3.3 User Content
Calculation inputs, model parameters, project data, and outputs ("User Content") that you enter into or save within the Platform are stored on our servers. User Content may contain project-related information but should not contain personal data of third parties. If you include personal data of third parties in User Content, you are responsible for ensuring you have a lawful basis to do so.
Third-party personal data within User Content: Where User Content contains personal data of individuals other than yourself (such as clients, colleagues, or site personnel), Formulize processes that data solely as a data processor acting under your instructions, in accordance with the Data Processing Agreement (Schedule 2 to our EULA). Formulize does not contact those individuals directly and has no direct relationship with them. Where you upload such data, you are responsible under UK GDPR Article 14 for informing those individuals that their personal data is held within the Platform and for providing them with this Privacy Notice on request.
3.4 What we do not collect
4. Legal Basis for Processing
Under UK GDPR Article 6, we must have a lawful basis for each processing activity:
| Processing purpose | Legal basis | Notes |
|---|---|---|
| Creating and managing your account | Art. 6(1)(b) — Contract | Necessary to provide the Platform. |
| Verifying user status — Professional Track (professional qualification) and Student Track (enrolment and institutional identity) | Art. 6(1)(b) / (f) — Contract / Legitimate interests | Necessary to enforce EULA access restrictions. LI: protecting third parties from unqualified use; ensuring student users are correctly classified and subject to Schedule 4 terms. |
| Security monitoring and fraud prevention | Art. 6(1)(f) — Legitimate interests | LIA conducted. Interest: platform security. Not outweighed by user rights. |
| Providing the Program and support | Art. 6(1)(b) — Contract | Core service delivery. |
| Platform maintenance and improvement | Art. 6(1)(f) — Legitimate interests | Aggregated / anonymised where possible. |
| Service-related communications | Art. 6(1)(b) — Contract | Account notifications, policy updates, support responses. |
| Legal compliance | Art. 6(1)(c) — Legal obligation | Tax, regulatory, and court / authority requirements. |
| Marketing communications (future — not currently active) | Art. 6(1)(a) — Consent | Will only be activated following explicit opt-in. This Notice will be updated. |
| Maintaining an immutable audit log of user declarations — Professional Track (including credential numbers) and Student Track (including institution and degree data) — together with IP address and User-Agent at time of submission | Art. 6(1)(f) — Legitimate interests | LI: establishing and defending legal claims arising from misuse of Program outputs. The audit record provides evidence that the user confirmed their status and the declaration they submitted on either track. |
| Platform feedback and community polls | Art. 6(1)(f) — Legitimate interests | LI: improving the Platform based on user preferences and development priorities. Poll responses are linked to your account for de-duplication and audit purposes but are analysed and reported in aggregate only. Individual responses are not shared with other users. |
| Recording IP address and User-Agent at the moment of policy acceptance (Terms & Conditions, Privacy Notice, or other policy documents) | Art. 6(1)(f) — Legitimate interests | LI: evidencing that the user accepted the applicable version of each policy, for legal defence and contract formation purposes. |
5. How We Use Your Personal Data
We use the personal data we collect solely for the following purposes:
- to create, verify, and manage your account on the Platform;
- to deliver the Program and associated features to you;
- to monitor platform security, detect unauthorised access, and prevent fraud;
- to investigate and resolve technical issues and support requests;
- to send service-related communications (account confirmations, policy updates, support responses);
- to maintain audit records of your Professional User Declaration for legal and compliance purposes;
- to comply with applicable law, including responding to lawful requests from courts and regulatory authorities;
- to enforce the terms of our End-User Licence Agreement; and
- to improve the Platform through analysis of anonymised usage patterns.
6. Who We Share Your Personal Data With
6.1 Sub-processors
| Sub-processor | Purpose | Location | Safeguard |
|---|---|---|---|
| DigitalOcean LLC | Cloud hosting and data storage | United Kingdom | UK data location — no international transfer. DigitalOcean DPA in place. |
| Mailjet SAS | Transactional email delivery for account and platform communications | European Union | Transfer to the EU is permitted under the UK Government's adequacy decision for the EU. DPA in place with sub-processor. |
| Cloudflare Inc. | Automated abuse prevention — bot detection and CAPTCHA verification on account-related pages. Processes the user's IP address and basic browser signals at the moment of the security challenge. Cloudflare does not receive other form data. | United States | Transfer to the US is governed by Cloudflare's UK Addendum to the EU Standard Contractual Clauses and (where applicable) by Cloudflare's certification under the UK Extension to the EU–US Data Privacy Framework. |
6.2 Legal disclosure
We may disclose personal data to courts, regulators, law enforcement authorities, or government bodies where required by law, court order, or in connection with legal proceedings.
6.3 Business transfers
If Formulize Ltd undergoes a merger, acquisition, or sale of all or part of its business, personal data may be transferred to the acquiring entity. We will notify you by email and/or a prominent platform notice before your data is transferred and becomes subject to a different privacy notice.
6.4 What we do not do
7. International Transfers of Personal Data
All personal data is stored and processed within the United Kingdom. Limited categories of data are transferred to sub-processors located outside the UK (currently the European Union and the United States) for specific operational purposes — these are listed in Section 6.1. We do not transfer User Content, declaration data, or stored personal data outside the UK.
For transfers to sub-processors outside the UK, we rely on the following safeguards under UK GDPR Chapter V:
European Union: UK Government adequacy decision for the EU.
United States: The UK Extension to the EU–US Data Privacy Framework (where applicable) and/or the International Data Transfer Agreement (UK IDTA) / UK Addendum to Standard Contractual Clauses.
8. How Long We Keep Your Personal Data
| Data category | Retention period | Basis |
|---|---|---|
| Account registration data | Duration of active account + 30 days after closure (for reactivation). Deleted thereafter unless required by law. | Contract performance / legal obligation. |
| Declaration audit log — Professional Track (credential numbers and declaration fields) | 6 years from account closure. | Legitimate interests — legal defence. Membership/licence number is retained even if erasure is requested (see Section 10). |
| Declaration audit log — Student Track (institution name, degree programme, and declaration fields) | 3 years from account closure. | Legitimate interests — legal defence. Retained to evidence that the user confirmed student status and accepted Schedule 4 terms. No licence number is held; a shorter retention period is proportionate. |
| Declaration submission context (IP address, User-Agent) | Retained in identifiable form for 24 months from the date of each declaration submission, after which it is anonymised. The corresponding declaration hash and declaration fields are retained for the longer periods set out in the rows above. | Legitimate interests — legal defence. Proportionate to the window in which a declaration dispute is most likely to arise. On account deletion, any remaining identifiable IP address and User-Agent data is anonymised immediately regardless of this period. |
| Login & security logs | 12 months from the date of each log entry. | Legitimate interests — security monitoring. |
| Server logs & usage data | 12 months. | Legitimate interests — platform operations. |
| User Content (saved calculations) | Duration of account. Deleted within 30 days of a verified account closure or earlier deletion request. | Contract performance. |
| Support communications | 3 years from the date of the communication. | Legitimate interests — legal defence and quality assurance. |
| Policy acceptance context (IP address, User-Agent at moment of acceptance) | Retained in identifiable form for 24 months from the date of each acceptance event, after which it is anonymised. Cleared immediately on account deletion. | Legitimate interests — legal defence and contract formation. Proportionate to the window in which a policy acceptance dispute is most likely to arise. |
| Financial records (when billing introduced) | 7 years from the transaction date. | Legal obligation — HMRC and Companies Act requirements. |
When personal data is no longer required, we securely delete or irreversibly anonymise it. Where immediate deletion is not technically possible (e.g. encrypted backup archives), we isolate it from active processing and delete it at the next scheduled backup purge.
9. How We Keep Your Personal Data Secure
We implement the following technical and organisational security measures:
- Encryption in transit — all data transmitted between users and the Platform is encrypted using TLS (HTTPS).
- Encryption at rest — the database infrastructure used to store personal data is configured to apply encryption at the storage layer.
- Password security — passwords are stored as salted cryptographic hashes; plain text is never stored or transmitted.
- Access controls — access to personal data is restricted to authorised personnel on a need-to-know basis, subject to confidentiality obligations.
- Login event logging — enables you and us to detect unauthorised access attempts. Your own login history is accessible via your account.
- Automated backups — regular encrypted backups are taken and retained within the UK to support disaster recovery.
- Certified infrastructure — our hosting provider maintains internationally recognised information security certifications (including ISO 27001) covering physical and operational controls at the data centre level.
10. Your Rights Under UK GDPR
Under the UK GDPR and the Data Protection Act 2018, you have the following rights:
Art. 15 — Right of Access
Request a copy of the personal data we hold about you (a Data Subject Access Request or DSAR) and information about how we process it.
Art. 16 — Rectification
Ask us to correct personal data that is inaccurate or incomplete. Much of your account data can be updated directly via Account Settings.
Art. 17 — Erasure
Ask us to delete your personal data in certain circumstances. Subject to any legal retention obligation we have.
Art. 18 — Restriction
Ask us to restrict processing of your personal data — for example, while we investigate a challenge to accuracy.
Art. 20 — Portability
Receive your personal data in a structured, machine-readable format and have it transferred to another controller (where processing is by automated means under contract or consent).
Art. 21 — Object
Object to processing based on legitimate interests. We will stop unless we can demonstrate compelling legitimate grounds or the processing is for legal claims.
Art. 7 — Withdraw Consent
Where we rely on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of prior processing.
Art. 22 — No Automated Decisions
We do not make decisions about you solely by automated means that produce legal or significant effects. This right is not currently engaged.
How to exercise your rights
- Email privacy@formulize.io or write to our registered address, stating which right you wish to exercise.
- Provide sufficient information for us to verify your identity (we may ask for your registered email address and account username).
- We will respond within one calendar month. We may extend this by a further two months for complex requests — we will notify you within the first month if this applies.
Right to complain to the ICO
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office:
Information Commissioner's Office
Website: ico.org.uk
Telephone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
We would appreciate the opportunity to address your concern before you approach the ICO — please contact us in the first instance.
11. Cookies and Tracking Technologies
We do not currently use analytics cookies, advertising cookies, or any third-party tracking technologies.
Our full Cookie Notice — describing all cookies in use and providing a mechanism for managing non-essential cookies if introduced — is available at formulize.io/cookie-notice and will be updated before any non-essential cookies are introduced.
12. Marketing Communications
We do not currently send marketing communications.
If we introduce marketing emails in the future, we will only send them to users who have given their explicit prior consent, in compliance with UK GDPR Article 6(1)(a) and the Privacy and Electronic Communications Regulations 2003. You will always have the right to withdraw consent and opt out at any time. This Notice will be updated before any marketing activity begins.
13. Links to Third-Party Websites
The Platform may contain links to third-party websites, design standard bodies, or external resources. We are not responsible for the privacy practices of those sites and this Notice does not apply to them. We encourage you to read the privacy notices of any external site you visit.
14. Changes to This Privacy Notice
We may update this Privacy Notice to reflect changes in our practices, the services we offer, or applicable law. The version number and effective date at the top of this page will be updated accordingly.
For material changes — including changes to the categories of data we collect, purposes for which we use it, or our sub-processors — we will notify you by email to your registered account address at least 30 days before the change takes effect.
For non-material changes (clarifications, corrections), we may update this Notice without individual notification, but the updated version will always be accessible on the Platform.
15. Users Outside the United Kingdom
This Privacy Notice is governed by UK GDPR and the Data Protection Act 2018. The Platform is operated by a company registered in England and Wales.
If you are based in an EEA member state, you may also have rights under EU GDPR. The UK has been granted an adequacy decision by the European Commission, meaning personal data flows from the EEA to the UK are permitted without additional safeguards.
If you are based outside the UK or EEA, this Notice applies to any personal data you provide to us. Your local laws may grant you additional rights — please contact us if you have questions.