ISORA.

Legal

Privacy Policy.

Last updated: April 2026

ISORA Lumen Ltd ("ISORA", "we", "our", "us") is the data controller for personal data collected through isora-ltd.com. This policy explains what we collect, why, how long we keep it, and your rights under the UK GDPR and the Data Protection Act 2018.

1. Who we are

ISORA Lumen Ltd is a private limited company registered in England and Wales. Our registered office address and Companies House number are listed on our Company Information page.

  • Data controller: ISORA Lumen Ltd
  • Privacy contact: hello@isora-ltd.com
  • Postal: Registered office, United Kingdom

2. Personal data we collect

We process the following categories of personal data:

  • Contact form data — name, email address, company or reason for enquiry, and message content you submit through the site or by email.
  • Technical data — IP address, browser type and version, device type, operating system, referrer URL, pages visited, and timestamps. Collected automatically via server logs and cookies.
  • Preference data — your selected theme (light/dark) stored in localStorage on your device.
  • Engagement data — for clients of our AI & tech services, information shared during discovery calls, project briefs, and contracts. Governed by a separate engagement agreement.

We do not knowingly collect special category data (race, health, political views, etc.) or data from children under 16.

3. Lawful basis for processing

Under Article 6 of the UK GDPR we rely on the following lawful bases:

  • Consent (Art. 6(1)(a)) — for non-essential cookies and marketing communications.
  • Contract (Art. 6(1)(b)) — to respond to enquiries and deliver services you have requested.
  • Legitimate interests (Art. 6(1)(f)) — to operate the website, prevent fraud and abuse, and improve our services. We balance these against your rights and freedoms.
  • Legal obligation (Art. 6(1)(c)) — to comply with UK statutory duties, including the Companies Act 2006 and HMRC requirements.

4. How we use your data

  • To respond to enquiries submitted through the contact form.
  • To deliver and administer engagements for AI & tech services.
  • To operate, secure, and improve isora-ltd.com.
  • To comply with legal, regulatory, and accounting obligations.
  • To detect, prevent, and address technical or security incidents.

5. Who we share data with

We share personal data only with trusted processors acting on our instructions, under written contracts that include UK GDPR safeguards:

  • Resend — transactional email delivery for contact form submissions.
  • Vercel — site hosting and edge delivery.
  • Cloudflare — DNS, network protection, and analytics.
  • Accountants and professional advisers — where required by law.

We do not sell your personal data and do not share it with advertisers.

6. International transfers

Some of our processors are based outside the United Kingdom (typically in the EEA or the United States). Where data is transferred outside the UK, we rely on:

  • UK adequacy regulations where available;
  • the International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses with the UK Addendum; and
  • additional safeguards as required by ICO guidance.

7. Retention periods

  • Contact form messages — up to 24 months from last contact, unless a longer period is required for an active engagement or legal obligation.
  • Engagement records — up to 7 years after the end of the engagement (HMRC accounting record requirement).
  • Server logs — typically 30–90 days, longer where needed for security investigation.
  • Marketing consent records — until you withdraw consent, plus 12 months for audit purposes.

8. Security

We use TLS encryption in transit, restricted administrative access, hosting on SOC 2-attested platforms, and internal policies to protect personal data. No system is perfectly secure; if we detect a personal data breach that meets the UK GDPR threshold, we will notify the ICO within 72 hours and affected individuals where required.

9. Your rights

You have the right, in most circumstances, to:

  • Access the personal data we hold about you (Art. 15).
  • Request correction of inaccurate data (Art. 16).
  • Request erasure of your data (Art. 17).
  • Restrict processing (Art. 18).
  • Receive your data in a portable format (Art. 20).
  • Object to processing based on legitimate interests (Art. 21).
  • Withdraw consent at any time, where processing is based on consent.

Email hello@isora-ltd.com to exercise any of these rights. We will respond within one calendar month.

10. Complaints

If you are unhappy with how we have handled your personal data, please contact us first so we can try to put it right. You also have the right to complain to the UK Information Commissioner's Office (ICO):

11. Cookies

Details of the cookies we use, their purpose, and how to manage them are set out in our Cookie Policy.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected by an updated "Last updated" date and, where appropriate, a notice on the site.

13. Contact

Questions about this policy or our data practices? hello@isora-ltd.com.

Loading