Privacy policy

‍Last updated: 9 Jan 2026

This Privacy Policy explains how Yottar Ltd (“Yottar”, “we”, “us”, “our”) collects and uses personal data when you visit our website, use our platform, or buy a report.

1. Who we are

Yottar Ltd is the data controller for personal data we collect for our own purposes (for example account admin, billing, and marketing).
If you use the Yottar platform and upload personal data on behalf of your organisation, we usually act as a data processor for that data, and your organisation is the controller.
‍Contact: hello@yottar.tech
Company address: 15 Victoria Road, Exmouth, WX8 1DL

2. Personal data we collect

We may collect the following types of personal data:
- Contact and account details: name, work email, job title, organisation, login details.
- Communications: emails and messages you send us (including support requests).
- Billing details: invoicing details and payment status (we do not usually store full card details if you pay via a payment provider).
- Website usage data: IP address, device/browser info, pages viewed, and similar analytics data (often via cookies).
- Platform inputs (where applicable): any personal data you choose to include in platform inputs or requests for reports (we recommend avoiding personal data unless necessary).

3. How we use your personal data and our lawful bases

We use personal data for:
- Providing the Services (platform access, delivering reports, support).
- Account administration, security, and preventing misuse.
- Billing and finance.
- Improving our services (for example product analytics, diagnosing issues, model quality checks).
- Marketing to business contacts (for example updates about Yottar).

4. Who we share personal data with

We may share personal data with trusted service providers who help us run our business, such as:
- hosting and infrastructure providers,
- analytics providers,
- customer support tools,
- email/communications tools,
- payment providers, and
- professional advisers (legal/accounting).

We only share what is necessary, and we require appropriate confidentiality and security.
We may also disclose personal data if required by law, or to protect our rights, users, or systems.

5. International transfers

Some of our service providers may process data outside the UK. Where that happens, we use appropriate safeguards (such as UK-approved transfer mechanisms).

6. Data retention

We keep personal data only as long as needed for the purposes described above, including legal, accounting, and reporting requirements.
Typical examples:account and billing records are kept for as long as required by law, support and communications are kept as needed to resolve issues and maintain an audit trail.

7. Your rights

Under UK data protection law, you may have rights including:access to your personal data, correction, deletion, restriction, objection (including to marketing), and data portability (in some cases).
To exercise your rights, contact us at the email above.
If we process your data as a processor on behalf of your organisation, you should contact your organisation (the controller) first.

8. Security

We take reasonable technical and organisational steps to protect personal data. No system is perfectly secure, but we work to prevent unauthorised access, loss, and misuse.

9. Cookies and analytics

We use cookies and similar technologies to run the website and understand usage. You can control cookies through your browser settings and (where provided) our cookie banner/preferences tool.

10. Children

Our services are intended for business use and are not directed at children.

11. Changes to this policy

We may update this policy from time to time. We will post the latest version on our website with an updated “Last updated” date.

12. Complaints

If you have concerns, contact us first and we will try to resolve them. You also have the right to complain to the UK supervisory authority, the Information Commissioner’s Office (ICO).