Contact Us

Privacy policy

How Two Clouds Software Limited collects, uses, and protects your personal data under UK GDPR.

Last updated: 14 May 2026

Who we are

Two Clouds Software Limited (“we”, “us”, “our”) is a software development consultancy registered in Northern Ireland (Company No. NI 730753) at Metro Office, 6-9 Donegall Square South, Belfast, BT1 5JA.

We are the data controller for personal data collected through this website. If you have any questions about this policy or how we handle your data, contact us at contact@twoclouds.co.uk.

What data we collect

Information you give us

When you submit our contact form, we collect the name, email address, phone number (optional) and message you provide. This is the only personal data we actively collect from website visitors.

Information collected automatically

If you accept analytics cookies on the cookie banner, Google Analytics 4 collects anonymised usage data including pages viewed, approximate location (city level), device type, browser, and referrer. IP addresses are anonymised before storage. If you decline, no analytics data is collected.

Our hosting infrastructure may retain short-term server logs (IP address, request method, response status, timestamp) for up to 30 days for operational and security purposes. These are not used for tracking.

Lawful basis for processing

We process your data under the following lawful bases set out in UK GDPR Article 6:

  • Consent - for analytics cookies, where you have actively accepted on the cookie banner.
  • Legitimate interests - to respond to enquiries you submit through the contact form, to maintain the security and integrity of our website, and to keep records of communication for our legal and commercial protection.
  • Contractual necessity - where we engage with you about a project, to perform pre-contractual activities at your request.

How we use your data

  • To respond to your enquiry and discuss potential work.
  • To send you follow-up correspondence relating to your enquiry.
  • To improve our website (only with your consent for analytics).
  • To meet our legal, accounting and regulatory obligations.

We do not use your data for marketing automation, profiling, or automated decision-making. We do not send unsolicited marketing email.

Who we share your data with

We do not sell your data. We do not share it with third parties for their own marketing purposes. We work with a small number of data processors who handle data on our behalf:

  • Hosting provider - DigitalOcean Inc., for website hosting and server logs.
  • Email infrastructure - the operator of the email service we use to send and receive enquiries.
  • Analytics - Google LLC (Google Analytics 4), only when you have given consent.
  • Anti-spam - Google LLC (reCAPTCHA v3), to protect the contact form from automated abuse.

All processors are bound by data processing agreements and process data in line with their own privacy commitments.

International transfers

Some of our processors (Google, for example) are based in the United States and your data may be transferred outside the United Kingdom. Where this happens we rely on appropriate safeguards such as the UK International Data Transfer Addendum or the EU Standard Contractual Clauses, depending on the processor.

How long we keep your data

  • Contact form submissions - retained for up to 3 years from your last contact with us, then deleted unless we have an active client relationship that requires longer retention.
  • Server logs - retained for up to 30 days.
  • Analytics data - retained according to Google Analytics defaults (currently 14 months) with anonymisation enabled.
  • Cookie consent preference - stored on your device for 1 year.
  • Client and project records - retained for 7 years after the end of the engagement to meet UK accounting and legal obligations.

Your rights

Under UK GDPR, you have the right to:

  • Request a copy of the personal data we hold about you (right of access).
  • Ask us to correct inaccurate or incomplete data (right to rectification).
  • Ask us to erase your data where we no longer have a lawful basis to keep it (right to erasure).
  • Ask us to restrict how we use your data while a query is investigated (right to restriction).
  • Receive a copy of the data you have given us in a portable format (right to data portability).
  • Object to processing based on legitimate interests.
  • Withdraw consent for analytics at any time by clearing the twoclouds_cookie_consent cookie or using your browser settings.
  • Lodge a complaint with the Information Commissioner's Office (ico.org.uk) if you believe we have mishandled your data.

To exercise any of these rights, email contact@twoclouds.co.uk. We will respond within one calendar month.

Security

We use HTTPS site-wide, encrypted connections to our infrastructure, and access controls limiting who on our team can see your data. Despite reasonable safeguards, no system can be guaranteed completely secure - we will notify you and the ICO if a personal data breach occurs that is likely to result in a high risk to your rights.

Cookies

For details of the cookies we use and how to manage them, see our cookie policy.

Changes to this policy

We may update this policy from time to time to reflect changes in how we operate or the law. The “Last updated” date at the top of this page shows when it was most recently revised. Material changes will be highlighted on this page for a reasonable period.

Contact us

If you have questions about this privacy policy, want to exercise any of your rights, or want to make a complaint about how we have handled your data, contact us at contact@twoclouds.co.uk.

We use analytics cookies to understand how visitors interact with our site. These cookies are optional and only activated with your consent. No personal data is shared or sold. Learn more