DEVOTA — PRIVACY POLICY
StrictPoint Ltd
Last updated: May 2026
1. Who We Are
StrictPoint Ltd operates the Devota platform at strictpoint.com. We are registered in England and Wales and are committed to protecting your personal data in full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
For the purposes of UK GDPR, StrictPoint Ltd is the data controller of your personal data.
If you have any questions about this policy or how we handle your data, contact us at: privacy@strictpoint.com
2. What Personal Data We Collect
We collect the following categories of personal data depending on how you interact with Devota:
When you request early access or create an account:
- Full name
- Email address
- Business name and trading status
- Country of operation
- Nature of your import/export activity
When you use the platform:
- Trade documents you upload (commercial invoices, packing lists, certificates of origin, customs declarations, and similar)
- Shipment data contained within those documents
- Platform usage data — which features you use, how often, and how you interact with the interface
When you contact us:
- The content of your message and any attachments
- Your contact details
Automatically collected data:
- IP address
- Browser type and version
- Device type
- Pages visited and time spent on site
- Referring URL
We do not collect special category data (such as racial or ethnic origin, health data, or political opinions) and we do not knowingly collect data from individuals under the age of 18.
3. How We Use Your Personal Data
We process your personal data for the following purposes and on the following legal bases under UK GDPR:
| Purpose | Legal Basis |
|---|---|
| Providing the Devota service to you | Performance of a contract |
| Sending early access updates and product news | Legitimate interests / Consent |
| Improving and developing the platform | Legitimate interests |
| Responding to your enquiries | Legitimate interests |
| Complying with legal obligations | Legal obligation |
| Detecting fraud or misuse of the platform | Legitimate interests / Legal obligation |
We will never use your data for purposes incompatible with those listed above without first obtaining your explicit consent.
4. Your Trade Documents
When you upload trade documents to Devota, those documents may contain personal data relating to third parties — such as supplier names, buyer details, or individual contact information.
You confirm that:
- You have the legal authority to upload and process those documents
- Where applicable, the individuals referenced in those documents have been informed their data may be processed by a third-party platform
We process uploaded documents solely to provide the Devota compliance validation service. We do not retain uploaded documents beyond what is necessary to deliver the service, and we will never use the content of your documents to train AI models without your explicit written consent.
5. How We Share Your Data
We do not sell your personal data. Ever.
We may share your data with trusted third-party service providers who assist us in operating the platform, including:
- Cloud hosting and infrastructure providers
- Email communication tools
- Analytics platforms
All third-party providers are contractually bound to process your data only on our instructions and in compliance with UK GDPR. We maintain a record of all third-party processors and review them regularly.
We may also disclose your data where required by law — for example, in response to a request from HMRC, law enforcement, or a court order. Where legally permitted, we will notify you before doing so.
We will never share your data with advertisers or unrelated third parties for marketing purposes.
6. International Data Transfers
Some of our third-party service providers may operate outside the UK or European Economic Area (EEA). Where your data is transferred internationally, we ensure appropriate safeguards are in place — including Standard Contractual Clauses approved by the UK Information Commissioner’s Office (ICO) — to protect your data to the same standard as within the UK.
7. How Long We Keep Your Data
We retain your personal data only for as long as necessary for the purposes set out in this policy:
| Data Type | Retention Period |
|---|---|
| Account and contact data | Duration of your account + 2 years |
| Uploaded trade documents | 90 days from upload, then deleted |
| Platform usage data | 12 months on a rolling basis |
| Communication records | 3 years |
| Legal and compliance records | 7 years (statutory requirement) |
When data is no longer needed, we securely delete or anonymise it.
8. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
- Right to access — You can request a copy of the personal data we hold about you at any time.
- Right to rectification — You can ask us to correct any inaccurate or incomplete data.
- Right to erasure — You can request that we delete your personal data where there is no compelling reason for us to continue holding it.
- Right to restrict processing — You can ask us to pause processing your data in certain circumstances.
- Right to data portability — You can request your data in a structured, machine-readable format.
- Right to object — You can object to processing based on legitimate interests or for direct marketing purposes.
- Right to withdraw consent — Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at privacy@strictpoint.com. We will respond within 30 days in line with our UK GDPR obligations. We will never charge a fee for handling a rights request unless it is manifestly unfounded or excessive.
9. Cookies
Devota uses cookies to ensure the platform functions correctly and to understand how users interact with the site.
| Cookie Type | Purpose | Can You Opt Out? |
|---|---|---|
| Essential cookies | Core platform functionality | No — required for the site to work |
| Analytics cookies | Understanding usage patterns | Yes — via cookie preferences |
| Marketing cookies | We do not use these | N/A |
You can manage your cookie preferences at any time via the cookie settings on our website. Blocking essential cookies may affect platform functionality.
10. Data Security
We take the security of your personal data seriously. Our measures include:
- Encrypted data transmission (HTTPS/TLS)
- Secure cloud infrastructure with access controls
- Role-based access — only authorised personnel can access personal data
- Regular security reviews
- Incident response procedures in the event of a data breach
In the event of a data breach that is likely to affect your rights and freedoms, we will notify you and the ICO within 72 hours of becoming aware of it, as required by UK GDPR.
11. Children’s Privacy
Devota is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately at privacy@strictpoint.com and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. When we make material changes, we will notify you by email or by a prominent notice on the platform at least 14 days before the changes take effect.
The current version will always be available at strictpoint.com/privacy with the date it was last updated.
13. How to Complain
If you are unhappy with how we have handled your personal data, please contact us first at privacy@strictpoint.com — we will do everything we can to resolve your concern.
If you remain unsatisfied, you have the right to lodge a complaint with the UK’s data protection authority:
Information Commissioner’s Office (ICO)
ico.org.uk
0303 123 1113
14. Contact
StrictPoint Ltd
privacy@strictpoint.com
strictpoint.com
This Privacy Policy was last updated in May 2026.