Privacy Policy

1. Introduction

Welcome to ClickDone. Click Done Limited (“ClickDone”, “we”, “us”, or “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, process, share, and safeguard personal data when you visit our website (clickdone.ai), interact with our digital channels, or engage our consultants for systems architecture, database unification, and data engineering projects.

This Privacy Policy is designed to comply with high global data protection standards, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and the Australian Privacy Act 1988 (including the Australian Privacy Principles).

2. Data Controllers and Data Processors

For website visitors, prospective clients, and partners who contact us directly, Click Done Limited acts as the Data Controller of your personal data. Our registered address is 66 Bond Street, Hull, HU1 3EN, United Kingdom, and our registered company number is 16796604.

When we perform system unification, database migration, or systems engineering services for our enterprise and mid-market clients under a Statement of Work, we typically act as a Data Processor handling client-managed data. In those circumstances, our clients act as the Data Controllers, and their respective privacy policies govern the processing of such operational data.

3. Categories of Data We Collect

We only collect data that is necessary to deliver our services, communicate with you, and optimize your experience. We collect the following categories of information:

• Identity Data: Full name, job title, company name, industry, and professional role.

• Contact Data: Corporate email address, telephone number, and physical office or billing address.

• Operational and Technical Discovery Data: System architecture specifications, database configuration details, integration requirements, software stack documentation, and information regarding database bottlenecks or system limitations that you choose to share during discovery sessions.

• Technical Usage Data: Internet Protocol (IP) address, browser type and version, time zone setting, browser plug-in types and versions, operating system, and hardware identifiers.

• Interaction and Analytics Data: Page scroll maps, heatmaps, click patterns, navigation pathways, and referral sources collected via Google Analytics (GA4) and Microsoft Clarity. This data is collected in aggregate, anonymized formats unless you explicitly consent to tracking.

4. Purposes and Legal Bases for Processing Data

If you are located in the UK or European Economic Area (EEA), we must have a valid legal basis under Article 6 of the GDPR/UK GDPR to process your personal data. We rely on the following bases:

• Contractual Necessity (Art. 6(1)(b) GDPR): To perform pre-contractual steps, respond to initial project inquiries, conduct system discovery sessions, prepare proposals, and execute custom Statement of Work agreements.

• Legitimate Interests (Art. 6(1)(f) GDPR): To maintain web security, protect our infrastructure, analyze aggregate visitor behavior, debug website issues, and improve our services. Our legitimate interests are balanced against your fundamental privacy rights.

• Explicit Consent (Art. 6(1)(a) GDPR): For activating non-essential performance and tracking cookies (such as GA4 and Microsoft Clarity). You have the right to withdraw your consent at any time through our cookie settings or browser controls.

• Legal Obligation (Art. 6(1)(c) GDPR): To comply with legal, tax, or corporate governance requirements in the United Kingdom or other jurisdictions in which we operate.

5. Data Sharing and Third-Party Disclosures

We do not sell, rent, or lease personal information to third parties. We only share personal data with trusted service providers who assist us in operating our business under strict confidentiality terms:

• Sub-processors and Software Tools: Document storage tools, email infrastructure providers, relationship management software, and security hosts.

• Professional Advisers: Auditors, lawyers, and financial advisers where necessary to secure our corporate interests.

• Regulatory Authorities: Law enforcement or tax authorities when we are legally compelled to do so.

6. International Transfers and Safeguards

Your data may be transferred to and processed in countries outside the United Kingdom or the EEA (e.g., the United States). Where such transfers occur, we implement appropriate safeguards to guarantee a level of protection equivalent to that of the UK GDPR and EU GDPR, including:

• Transferring data to countries declared by the European Commission and the UK Government to have adequate protection standards.

• Using approved Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum to govern transfers with US-based software vendors.

7. Data Retention

We store your data only for as long as necessary to fulfill the purposes for which we collected it, including legal, accounting, and reporting obligations:

• Inquiry Data: Deleted or anonymized within twelve (12) months of your inquiry if no contract or project engagement is established.

• Client and Project Records: Retained for the duration of our contract plus six (6) years following the completion of services, in alignment with UK statutory limitation periods for contract claims and tax records.

• Analytics Data: Anonymized immediately and deleted from analytical servers within the standard retention parameters set in Google Analytics and Microsoft Clarity (typically 14 months).

8. Your Legal Rights

Depending on your jurisdiction, you possess specific statutory rights regarding your personal information:

• UK & EU (GDPR / UK GDPR): The right to access your data, request rectification of inaccuracies, request deletion (“right to be forgotten”), restrict processing, request data portability, object to processing on legitimate interest grounds, and withdraw consent. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK (ico.org.uk) or your local supervisory authority.

• United States (including CCPA/CPRA): The right to know what personal data we collect, correct inaccurate data, delete data, and obtain a portable copy. California residents have the right to opt-out of the "sale" or "sharing" of their personal information (which we do not engage in) and to be free from discrimination for exercising these rights.

• Australia (Privacy Act & APPs): The right to request access to and correction of your personal data, and to lodge a complaint regarding any alleged breach of the Australian Privacy Principles. We will respond to complaints within thirty (30) days.

9. Contact Privacy Officer

To exercise any of your data protection rights, or if you have questions about this policy, please submit an inquiry directly to our compliance officer using the form below: