Privacy Policy

Last updated: March 2026

Introduction

StableLogic Ltd ("StableLogic", "we", "us", or "our") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and your rights in relation to it.

This policy applies to all personal data collected through our website at www.stablelogic.com and through any related services, enquiries, or business communications.

StableLogic is certified to ISO/IEC 27001:2022, the international standard for Information Security Management Systems. Our information security programme — including how we protect personal data — is governed by our ISMS, which is independently audited annually. This certification reflects our commitment to the confidentiality, integrity, and availability of all information we hold.

Data Controller

StableLogic Ltd
34-37 Liverpool Street
London, EC2M 7PP
United Kingdom

Company registration number: 3719701

If you have any questions about this policy or wish to exercise your rights, please contact us at info@stablelogic.com.

1. What Personal Data We Collect

We may collect and process the following categories of personal data:

Data you provide to us directly

  • Name, job title, and employer/organisation
  • Business email address and telephone number
  • Information submitted via contact forms, RFP submissions, or enquiry forms
  • Information shared during the course of a business relationship or project
  • Correspondence by email, phone, or other means

Data collected automatically when you visit our Site

  • IP address and approximate location
  • Browser type and version
  • Device type and operating system
  • Pages visited, time on page, and navigation paths
  • Referring website or search terms
  • Date and time of visits

Data collected via cookies and tracking technologies

Please refer to our Cookie Policy for full details.

2. How We Use Your Personal Data

We use your personal data only for specific, legitimate purposes and will not process it for purposes other than those for which it was collected. We rely on the following lawful bases under UK GDPR:

Purpose
Legal Basis
Responding to enquiries and RFP submissions
Legitimate interests / pre-contractual steps
Delivering consultancy, development, or managed services
Performance of a contract
Managing payroll, HR, and contractor records
Legal obligation / contractual necessity
Sending relevant insights, research, and event invitations
Legitimate interests (with opt-out available)
Fraud prevention and security monitoring
Legitimate interests / legal obligation
Improving and optimising our website
Legitimate interests
Analytics and measurement of marketing effectiveness
Legitimate interests / consent (where cookies are used)
Complying with legal and regulatory obligations
Legal obligation

We do not use your personal data for automated decision-making or profiling in ways that produce legal or significant effects on you.

3. Marketing Communications

If you have submitted an enquiry, downloaded a resource, or engaged with us at an event, we may contact you with relevant content, insights, or information about our services where we have a legitimate interest in doing so, or where you have provided consent.

You can opt out of marketing communications at any time by:

We will never sell your data to third parties for their own marketing purposes.

4. Who We Share Your Data With

We do not sell your personal data. We may share your data with trusted third parties only in the following circumstances:

  • Service providers and technology partners — who process data on our behalf under contract, including: Google (Analytics), LinkedIn (Marketing), AWS (Cloud hosting), Microsoft (Productivity tools)
  • In the event of a business transfer — merger, acquisition, or sale of business assets
  • Professional advisers — lawyers, accountants, auditors, under strict confidentiality
  • Regulatory authorities — where required by law or court order

5. International Data Transfers

StableLogic operates in the UK, EU, and the United States. When we transfer your personal data outside the UK or EEA, we ensure appropriate safeguards are in place, including:

  • UK International Data Transfer Agreement (IDTA) or EU Standard Contractual Clauses (SCCs)
  • Transfer to countries recognised as providing adequate protection
  • Processing under the EU-US or UK-US Data Privacy Framework where applicable

6. Data Retention

We retain personal data only for as long as necessary. In line with our Data Retention Policy (ISMS-24-0013):

  • Enquiry and contact form data — retained during active business relationship, then reviewed for deletion
  • Client and project data — archived for 7 years following end of engagement
  • Employee and contractor data — retained for duration of employment plus legal requirements
  • Marketing data — retained until you unsubscribe or request deletion
  • Website analytics data — typically 14-26 months (Google Analytics)

7. How We Protect Your Data

StableLogic is certified to ISO/IEC 27001:2022 and maintains a comprehensive ISMS. Our security controls include:

  • Encryption of data in transit and at rest
  • Role-based access controls and principle of least privilege
  • Mandatory multi-factor authentication
  • Regular internal and annual external audits, annual penetration testing
  • Continuous vulnerability scanning and static code analysis
  • Mandatory annual security awareness training including GDPR
  • Incident response procedures with notification as required by law
  • Business continuity and disaster recovery plans

8. Your Rights

Under UK GDPR and, where applicable, EU GDPR, you have the following rights:

  • Right of access — request a copy of your personal data
  • Right to rectification — correct inaccurate or incomplete data
  • Right to erasure — delete your data in certain circumstances
  • Right to restriction — limit how we use your data
  • Right to data portability — receive your data in a machine-readable format
  • Right to object — object to processing based on legitimate interests
  • Right to withdraw consent — withdraw at any time without affecting prior processing

To exercise these rights, contact info@stablelogic.com. We will respond within one calendar month.

US residents: If you are located in a US state with applicable privacy legislation, you may have additional rights. Please contact us.

9. Complaints

You have the right to lodge a complaint with the relevant supervisory authority:

We appreciate the opportunity to address concerns directly first — contact info@stablelogic.com.

10. Children

Our Site and services are not directed at individuals under 18. We do not knowingly collect data from children.

11. Links to Other Websites

Our Site may contain links to third-party websites. This Privacy Policy applies only to our Site.

12. Changes to This Policy

We may update this Privacy Policy from time to time. This policy is reviewed at least annually in line with our ISMS review cycle.

13. Contact Us

34-37 Liverpool Street
London, EC2M 7PP
United Kingdom

Email: info@stablelogic.com
Phone: +44 20 3861 6444

US Office

One Marina Park Drive, Suite 1410
Boston, MA 02210, USA

Phone: +1 617 807 7204

This policy should be read alongside our Cookie Policy and Terms & Conditions.

Have a question about your data? Get in touch.

Contact Us