Digital Trust & Data Responsibility
We help UK and EU businesses turn GDPR compliance from a legal obligation into a trust advantage. Clear, compliant and customer-friendly, without jargon or inflated fees.
Businesses lost trust when they went digital. Urvantis restores it.
Today, customers share data with companies they barely know, while those same companies struggle to prove they handle it responsibly. Urvantis closes that gap by creating clear, documented, human-centred privacy practices that show exactly how your business protects and respects personal data.
Trust shouldn’t be an afterthought or a checkbox. It should be part of how you operate every day. We help you build it, visibly, simply, and sustainably.
Keep Trust Flowing, Not Stopping
Your business shouldn’t grind to a halt for privacy tasks. We integrate compliance into your daily operations so it runs quietly in the background. No endless legal back-and-forth. No constant form filling. Just privacy practices that work naturally alongside your systems. The security and accountability are built into how you already work, no second system, no extra friction.
Simplify, Save, and Strengthen
With Urvantis, privacy management stops being a cost centre and becomes a proof point of maturity. Our fixed-price packages replace scattered templates and guesswork with a coherent framework that scales. Eliminate duplicated effort and compliance confusion. Save time and reduce the chance of costly mistakes or audits. You get clarity, confidence, and control, not just more documents.
Continuous Confidence
Once your framework is in place, you stay one step ahead. Resilient to change: Easily update for new laws, tools, or data uses. Prepared for incidents: Guidance ready when breaches or SARs arise. Proactive, not reactive: Regular health checks keep everything aligned. Privacy isn’t a one-off project. It’s an ongoing relationship of trust, and Urvantis helps you maintain it effortlessly.
We Practice What We Preach
☑️ Privacy-First Technology: We use trusted, privacy-focused European tools, Filen for storage, Tuta for email, and Stripe for payments through its UK and EU entities. Your data stays protected under UK and EU GDPR, with secure safeguards for any international transfers.
☑️ UK & EU GDPR Experts: Based in the UK, regulated by the ICO, and specialising in both UK and EU data protection law. We understand the regulations you face because they’re the same ones we follow every day.
☑️ Clear Communication: Compliance shouldn’t require a law degree. Every policy and recommendation we create is written in plain English and designed to make sense to you and your customers.
☑️ Personal Service: You’re never a ticket number in a queue. Every client works directly with an experienced compliance professional who takes the time to understand your business and how you handle data.
Launch Compliance Package
£395 / €455
Introductory offer. Standard price £595 / €685. Billed in GBP at checkout.
Perfect for startups and small businesses.
☑️ Privacy Policy: Your public-facing document explaining what customer data you collect and why, written in plain English.
☑️ Data Mapping: Identify what personal data you collect, where it comes from, where it's stored, and who accesses it.
☑️ RoPA Documentation: Required UK GDPR Article 30 compliance document showing all your data processing activities.
☑️ Workshop Call: 1-hour working session where we map your data flows together through guided questions.
☑️ 30 Days Support: Post-delivery email support for implementation questions and clarifications (48hr response).
Trust & Compliance Framework
£745 / €810
Introductory offer. Standard price £995 / €1,160. Billed in GBP at checkout.
Best for established businesses or those handling higher-risk or sensitive personal data.
☑️ Everything in Essential: Privacy Policy, Data Mapping, RoPA Documentation, Workshop, and support included.
☑️ Enhanced Visual Data Map: A detailed, clear chart showing how customer and high-risk data move through your systems.
☑️ Risk Assessment: Detailed analysis of your data processing risks with prioritised recommendations to address them.
☑️ Consent Flow Review: Improve how you collect customer permissions, making it legal, user-friendly, and conversion-safe.
☑️ 90 Days Priority Support: Extended post-delivery support with 24-hour response time for implementation and questions.
Aftercare & Ongoing Support
Your privacy compliance doesn’t stop once the paperwork is done, and neither do we. As an Urvantis client, you’ll have ongoing access to our Aftercare Support, designed to keep your compliance current and your team confident.
We provide flexible, pay-as-you-go help for: Responding to Subject Access Requests (SARs). Managing data breaches or regulator contact. Reviewing vendors and risk exposure. Updating policies as your business evolvesAlways-on peace of mind. Expert help when you need it, only for existing clients.
How We Work With You
No templates. No bots. Just a structured process that keeps your compliance personal, practical, and painless.
☑️ Free Consultation: Book a no-obligation call to talk through your business, your risks, and your goals. We’ll explain how Urvantis can help and answer any questions before you commit.
☑️ Clear, Simple Agreements: You’ll receive plain-English service terms and a data processing agreement to review at your own pace. No legal jargon, just clarity on what we do and how we protect your data.
☑️ Getting Started: Once you’re ready, we’ll send a secure payment link or invoice. You’ll immediately receive a short business questionnaire and our checklist of next steps.
☑️ Building Your Privacy Package: Over the next two weeks, we’ll work closely with you to create your tailored privacy policy, data mapping, and compliance documentation, all written in real language your customers can understand.
☑️ Ongoing Partnership: After delivery, we stay in touch. Regular check-ins and updates ensure your compliance keeps pace as your business, tools, and regulations evolve.
Questions, Answered Simply
We believe clarity builds trust. Here you’ll find plain-English answers to the most common questions about our services, GDPR compliance, and how we work with clients across the UK and EU.
Last Updated: November 2025
Effective Date: November 2025
Click on the headings to jump to each section.
What is Urvantis, and what services do you provide?
How much does your service cost?
Why are your services priced lower than law firms or other consultants?
What is your refund policy?
Deliverables & What You Receive
What exactly do I get with your service?
Can I use the documents as they are, or do I need to edit them?
What happens if my business changes?
Can you review our existing GDPR documents?
Do you provide legal advice?
Am I still responsible for GDPR compliance after using your service?
What if I get audited or contacted by the ICO or another regulator?
Service Process & Communication
What if I don’t want a phone call and prefer email communication instead?
How does the data mapping process work? Is it a separate deliverable?
Do you use templates? How is your service bespoke?
What format are your questionnaires delivered in?
What’s included in the 1-hour workshop call?
What happens after the 30 days of post-delivery support?
How do I update my documents later?
Do you offer ongoing compliance monitoring or audits?
How do I know if your service is right for my business?
Do you work with businesses outside the UK and EU?
Why don’t other providers list prices?
How long does it take to complete the service?
Do you offer expedited services?
What happens if I don’t provide the required information on time?
Can I upgrade my package after purchase?
How do I get started?
About Urvantis
What is Urvantis, and what services do you provide?
Urvantis is a privacy and data protection compliance service for UK and EU businesses. We create GDPR documentation such as privacy policies, Records of Processing Activities (RoPA), and data-mapping reports. Each document is tailored to your actual data flows, helping you meet the UK and EU GDPR requirements with clear, usable outputs.
How much does your service cost?
Our Launch Compliance Package costs £395 / €455 (introductory offer; standard price £595 / €685).
It includes:
• A bespoke privacy policy
• A RoPA (Record of Processing Activities)
• A full data-mapping report
• A 1-hour workshop call
• 30 days of post-delivery email supportFor established businesses with higher-risk or sensitive data, we offer the Trust & Compliance Framework for £745 / €810, which adds a risk assessment, enhanced visual data map, consent-flow review, and extended support.
Why are your services priced lower than law firms or other consultants?
We focus on practical compliance, not legal representation. Our templates and structured process let us deliver tailored documentation efficiently. You get everything you need to comply, without paying for legal opinion work or ongoing retainers that small businesses rarely need.
What is your refund policy?
We aim to be fair and transparent with all our clients. Our refund policy is as follows:• Before Work Begins: Full refund minus payment processing fees.
• During Discovery Phase (before workshop call): Full refund if cancelled before the scheduled workshop call. No refund after the workshop call, as we begin tailoring the documents to your business.
• After Deliverables Are Provided: No refunds after the final documents have been delivered, as the work has been completed.
• Ongoing Subscription: You can cancel anytime with 30 days' notice. There are no refunds for the current billing period.
Deliverables & What You Receive
What exactly do I get with your service?
Our Launch Compliance Package provides professionally prepared, ready-to-use GDPR documentation tailored to your business:• A custom privacy policy written in plain English
• A RoPA covering your processing activities
• A data-mapping report showing how personal data moves through your systems
• A 1-hour workshop to guide you through your documentation
• 30 days of support for clarification and implementation helpFor established businesses with higher-risk or sensitive data, the Trust & Compliance Framework service adds a risk assessment, enhanced visual data map, consent-flow review, and extended support.
Can I use the documents as they are, or do I need to edit them?
They’re ready to use. Each document is customised for your business during our workshop and review process. We encourage you to read everything carefully and let us know if you make changes later, compliance works best when your documents truly reflect how you operate.
What happens if my business changes?
GDPR compliance evolves with your business. If you add new software, change vendors, or start processing new kinds of personal data, your documents should be updated. Documents can be adapted or added to within your included support period. Beyond your support window, we offer aftercare and pay-as-you-go update services for existing clients so your policies always stay current.
Can you review our existing GDPR documents?
Yes, we offer document review services if you already have GDPR documentation but want to ensure it meets current UK and EU standards. We’ll review your privacy policy, RoPA, and data mapping to confirm they are accurate and compliant, and update them if needed.
Legal & Responsibility
Do you provide legal advice?
No. Urvantis is not a law firm and does not offer legal representation. We are a private data protection compliance service, and base our work on official GDPR guidance and best practices. If you have complex legal issues, for example, company disputes or detailed contract negotiations, we’ll advise you to consult a solicitor specialising in data protection law.
Am I still responsible for GDPR compliance after using your service?
Yes. You remain the data controller responsible for complying with the law. We give you the documents and knowledge to meet your obligations, but you must apply them correctly and keep them up to date as your business changes.
What if I get audited or contacted by the ICO or another regulator?
If you’re audited, regulators will expect you to show that:• You understand your data responsibilities
• You have appropriate policies and records in place
• You act responsibly when handling personal dataThe documentation we create demonstrates these efforts and helps you evidence good-faith compliance, but you must ensure your business practices match what’s written.Beyond your support window, we offer pay-as-you-go services for existing clients that include ICO Inquiry Support.
Service Process & Communication
What if I don’t want a phone call and prefer email communication instead?
We understand that not everyone prefers a phone call. If you’d rather handle everything via email, just let us know when booking your consultation. We’ll send tailored email questionnaires that you can complete at your own pace, and guide you through everything via email if that’s your preference.
How does the data mapping process work? Is it a separate deliverable?
Data mapping is an essential step that supports your privacy policy and RoPA, it’s not a separate deliverable but much of it is provided within your RoPA. It shows how personal data flows through your business systems and helps identify any risks. We guide you through this process during the workshop call, ensuring accuracy and clarity.
Do you use templates? How is your service bespoke?
Yes, we use established GDPR templates to ensure compliance, but every document is tailored to your business. We rewrite, adapt, and structure each policy, RoPA, and data map to reflect your actual systems, vendors, and data types. Nothing is generic.
What format are your questionnaires delivered in?
Our questionnaires are sent via email in either PDF or ODT format for easy editing. They help us gather key information about your data practices so we can create accurate, bespoke documentation.
What’s included in the 1-hour workshop call?
The 1-hour workshop call covers:• Walking you through your privacy policy, RoPA, and data map
• Clarifying questions about your data practices
• Ensuring your documentation reflects your real-world operationsIt’s an opportunity for collaboration and clarity, not a lecture. You’ll leave with confidence and practical next steps. For transparency, the workshop call length depends on the number of sub-processors you work with. Average call length is 1-hour but they can range from 30 minutes to 90 minutes.
Aftercare & Ongoing Support
What happens after the 30 days of post-delivery support?
You can extend support on a pay-as-you-go basis or move to an aftercare retainer for regular updates. We never tie you into contracts, you only pay for what you need.For established businesses with higher-risk or sensitive data, the Trust & Compliance Framework service adds an extended post-delivery support window of 90 days.
How do I update my documents later?
If your business changes (e.g., new systems, vendors, or data types), contact us for an update within your support window. We’ll refresh your documents quickly and clearly, keeping your compliance current and your records accurate. Beyond your support window, we offer pay-as-you-go services for existing clients.
Do you offer ongoing compliance monitoring or audits?
We don’t offer full audits or ongoing monitoring as part of our core packages. However, we provide aftercare check-ins and on-demand updates for existing clients who want to stay ahead of changes.
Suitability & Getting Started
How do I know if your service is right for my business?
Our service is designed for small to medium-sized UK and EU businesses that process personal data (customer, employee, or client information).If you need compliant, plain-English documentation without the inflated legal fees, our packages are ideal.Book a free consultation if you’re unsure, we’ll help you determine what you need.
Do you work with businesses outside the UK and EU?
Currently, we work primarily with UK and EU-based businesses. If you’re outside those regions but handle data of UK or EU residents, we can help you align with GDPR. For non-GDPR jurisdictions, we recommend local legal advice.
Why don’t other providers list prices?
Many compliance providers price based on business complexity and scope. We publish our pricing because small businesses deserve transparency and predictability. Our structured process lets us deliver high-quality, affordable documentation with no hidden costs.
How long does it take to complete the service?
Typical delivery is:
• Launch Compliance Package: 1–2 weeks after receiving your information
• Trust & Compliance Framework: 2–4 weeks
We’ll confirm your delivery timeline during your workshop.
Do you offer expedited services?
Yes, if you need your documentation urgently, we can provide expedited delivery for an additional fee, depending on your timeframe.
What happens if I don’t provide the required information on time?
We can only proceed once we receive your completed questionnaire and supporting information.Delays in providing this may extend your timeline, we’ll communicate clearly and adjust schedules if that happens.
Can I upgrade my package after purchase?
Yes, absolutely. If you start with the Launch Compliance Package and later realise you need more advanced support, you can upgrade to the Trust & Compliance Framework. We’ll adjust the cost simply and ensure a smooth transition.
How do I get started?
Simply book a free consultation on our website. We’ll walk you through the process, send you your client agreements, and begin work once payment is confirmed. You’ll always know what to expect before we start.
Still have questions?
Email [email protected] or book a free consultation.
Building trust, one transparent policy at a time.
All Urvantis policies are maintained internally and version-controlled.
The most recent updates are listed at the top of each page.
© 2025 Urvantis Privacy Limited. All Rights Reserved.
Privacy-First Contact
At Urvantis, privacy isn’t just something we advise on; it’s how we operate.
We don’t use contact forms that send your information through third-party systems.Instead, we provide direct, purpose-specific email addresses, so your message goes straight to the right person and nowhere else.No automated replies. No data-harvesting forms. Just direct communication with someone who understands your business.
Press & Media
Client Support
Privacy Requests
Consultation
Urvantis helps you build trust through clarity
We aim to reply to all enquiries within one business day.
Messages are handled confidentially and never shared with external providers.
🔒 Email security matters to us. Urvantis uses Tuta for all email communication, it is a privacy-focused provider based in Europe. If you also use Tuta, our emails are end-to-end encrypted by default.
Inside Urvantis
Because privacy shouldn’t feel like paperwork.
I started Urvantis to make privacy practical, and maybe even enjoyable, for businesses that care about trust but don’t want to drown in legal jargon.After years of seeing small teams lost in template chaos and cookie-cutter compliance tools, I realised the problem wasn’t the law. It was the language.Most people don’t wake up wanting to master GDPR (I did, apparently). But everyone wants their customers to feel safe sharing information.That’s where we come in, turning complex rules into clear, human practices that actually work.
Urvantis helps you build trust through clarity
Creating documentation that regulators respect and customers actually understand. Mapping where data flows, so you always know what’s happening behind the scenes. Turning compliance into an asset, something that sets you apart instead of slowing you down.
We work directly with you, one step at a time. No automation, no one-size-fits-all templates, just a structured process that leaves you confident and covered.
How It Started
Before Urvantis, I worked with companies trying to untangle years of privacy spaghetti, systems that didn’t talk to each other, abandoned tools still quietly collecting data, nobody certain who had access to what.One client only realised an old marketing app was still active when they received a data request!That’s when it hit me: most privacy risks aren’t caused by bad actors, but by good people who can’t see the full picture.So I built Urvantis around one goal: to make privacy visible, understandable, and useful.Ben, Founder of Urvantis.
Plain English beats legalese
You deserve to understand your own privacy policy.
Transparency builds trust
People respect honesty more than perfect policies.
Compliance is a culture
It’s not a form to file; it’s how your business treats information daily.
Spreadsheets aren’t strategy
Mapping data is about clarity, not bureaucracy.
Behind the Name
Urvantis comes from an old word meaning 'of the city.'
It originates from the Latin urbs, meaning 'city.' It’s a reminder that privacy is a shared civic value, something that keeps our digital communities safe.
Data minimisation is at the core of how Urvantis operates
One of the central rules of the GDPR is data minimisation; collect only what’s necessary, keep it only as long as needed, and never use it for anything else.
We design every process, tool, and policy to use less data, not more.Our everyday toolkit reflects that philosophy, including Filen for encrypted document storage and sharing, and Tuta for end-to-end-encrypted email.We don’t rely on analytics, ad platforms, or data-brokering tools, and we never use systems that compromise client confidentiality.Every policy below is written in plain English and reflects how Urvantis runs day to day.Together, they form our Policy Stack, a transparent view of the standards that guide both our website and our work with clients.
Below you’ll find every policy that governs how we handle information and deliver services.
Urvantis Website Terms v1.4
Last Updated: November 2025
Effective Date: November 2025
Welcome to urvantis.comThese Terms and Conditions ('Terms') govern your use of this website. By accessing or using our site, you agree to be bound by these Terms.
1. Use of Our Website
Permitted Use: You may use this website for informational purposes and to learn about or enquire about our services. You agree to use the site lawfully, ethically, and in accordance with these Terms.Prohibited Use: You may not use this website to distribute spam, malicious software, or unlawful content. You must not attempt to breach our security or copy, reproduce, or resell any part of the website content without written permission from Urvantis Privacy Limited.
2. Intellectual Property
All content on this website, including text, graphics, logos, and our unique frameworks and methodologies, is the exclusive property of Urvantis Privacy Limited and is protected by UK and international copyright laws.
3. Disclaimers
No Legal Advice: The information on this website is for general informational purposes only. It does not constitute legal, financial, or technical advice.No Guarantees: While we strive to keep content accurate and up-to-date, we make no warranties as to its completeness or reliability. Use of the website is at your own risk.
4. External Links and References
This website currently does not include links to external or third-party websites.If external links are added in future, they will only point to trusted services that align with our privacy and security standards.Urvantis Privacy Limited is not responsible for the content or privacy practices of any third-party websites and encourages users to review the terms and privacy notices of those sites if visited.
5. Limitation of Liability
To the fullest extent permitted by law, Urvantis Privacy Limited will not be liable for any direct or indirect damages resulting from your use of, or inability to use, this website or its content.
6. Relationship to Client Agreements
These Terms apply only to use of this public website.Formal engagements with Urvantis are governed by separate written agreements, including our Client Service Agreement (CSA) and Data Processing Agreement (DPA), provided prior to payment or onboarding.
7. Governing Law and Jurisdiction
These Terms are governed by the laws of England and Wales.Any disputes arising from or related to the use of this website will be resolved under the exclusive jurisdiction of the courts of England and Wales.Visitors from the European Union are welcome to use this site, and their rights under applicable data protection law (UK or EU GDPR) remain unaffected.
8. Changes to These Terms
We may update these Terms from time to time. Any significant changes will be posted on this page, and the 'Last Updated' date will reflect the revision.
9. Contact Us
For questions about these Terms, please contact: [email protected]
Building trust, one transparent policy at a time.
All Urvantis policies are maintained internally and version-controlled.
The most recent updates are listed at the top of each page.
© 2025 Urvantis Privacy Limited. All Rights Reserved.
Data minimisation is at the core of how Urvantis operates
One of the central rules of the GDPR is data minimisation; collect only what’s necessary, keep it only as long as needed, and never use it for anything else.
We design every process, tool, and policy to use less data, not more.Our everyday toolkit reflects that philosophy, including Filen for encrypted document storage and sharing, and Tuta for end-to-end-encrypted email.We don’t rely on analytics, ad platforms, or data-brokering tools, and we never use systems that compromise client confidentiality.Every policy below is written in plain English and reflects how Urvantis runs day to day.Together, they form our Policy Stack, a transparent view of the standards that guide both our website and our work with clients.
Below you’ll find every policy that governs how we handle information and deliver services.
Data Processing & Client Service Agreements
Last Updated: November 2025
Effective Date: November 2025
Clients who engage Urvantis for services receive two formal documents before any work begins:Client Service Agreement (CSA): outlines the project scope, deliverables, timelines, fees, and mutual confidentiality obligations.Data Processing Agreement (DPA): required under UK GDPR Article 28, defining our roles, responsibilities, and technical and organisational measures when handling personal data on behalf of a client.These agreements are provided individually prior to payment or onboarding.
They are not publicly available to avoid misuse, but you may request a redacted sample for review.Both documents are governed by the laws of England and Wales and align with the UK and EU GDPR frameworks.
Building trust, one transparent policy at a time.
All Urvantis policies are maintained internally and version-controlled.
The most recent updates are listed at the top of each page.
© 2025 Urvantis Privacy Limited. All Rights Reserved.
Data minimisation is at the core of how Urvantis operates
One of the central rules of the GDPR is data minimisation; collect only what’s necessary, keep it only as long as needed, and never use it for anything else.
We design every process, tool, and policy to use less data, not more.Our everyday toolkit reflects that philosophy, including Filen for encrypted document storage and sharing, and Tuta for end-to-end-encrypted email.We don’t rely on analytics, ad platforms, or data-brokering tools, and we never use systems that compromise client confidentiality.Every policy below is written in plain English and reflects how Urvantis runs day to day.Together, they form our Policy Stack, a transparent view of the standards that guide both our website and our work with clients.
Below you’ll find every policy that governs how we handle information and deliver services.
Urvantis Disclaimer
Last Updated: November 2025
Effective Date: November 2025
The information on this website is provided for general informational purposes only and does not constitute legal or professional advice.Urvantis Privacy Limited accepts no liability for actions taken based on this information. For specific guidance, please contact us directly.References to legislation or best practice are current as of the date published and may change without notice.
Building trust, one transparent policy at a time.
All Urvantis policies are maintained internally and version-controlled.
The most recent updates are listed at the top of each page.
© 2025 Urvantis Privacy Limited. All Rights Reserved.
Data minimisation is at the core of how Urvantis operates
One of the central rules of the GDPR is data minimisation; collect only what’s necessary, keep it only as long as needed, and never use it for anything else.
We design every process, tool, and policy to use less data, not more.Our everyday toolkit reflects that philosophy, including Filen for encrypted document storage and sharing, and Tuta for end-to-end-encrypted email.We don’t rely on analytics, ad platforms, or data-brokering tools, and we never use systems that compromise client confidentiality.Every policy below is written in plain English and reflects how Urvantis runs day to day.Together, they form our Policy Stack, a transparent view of the standards that guide both our website and our work with clients.
Below you’ll find every policy that governs how we handle information and deliver services.
Urvantis Privacy Policy v2.3
Last Updated: November 2025
Effective Date: November 2025
Our Commitment to Privacy
At Urvantis, privacy isn't just our business, it's our architecture. Every decision we've made about our infrastructure reflects an uncompromising commitment to data protection that goes far beyond legal requirements. We operate under a simple principle: We cannot misuse data we cannot access.
Our Privacy-First Stack
Unlike most businesses that build on convenience and then add privacy as an afterthought, we've deliberately chosen a technology stack that makes meaningful data collection technically impossible:
Zero-access encryption: Your files are encrypted with keys we never see.
Independent, privacy-focused infrastructure: We use European providers who run their own secure servers, not big public clouds.
Encrypted communications: Emails sent within Tuta are fully end-to-end encrypted.*
No tracking, no analytics, no cookies: Not 'minimal' tracking. None.
Payment data we never see: Processed directly by PCI-certified systems.
European data centres: All core services are hosted in the EU; your data doesn’t cross oceans.
*Messages to other providers are encrypted in transit and can be further secured via password-protected messages on request.
This policy explains exactly what that means in practice.As a UK-based company, we operate under the jurisdiction of the Information Commissioner's Office (ICO) and adhere to the UK General Data Protection Regulation (UK GDPR). But our standards exceed mere compliance, they represent our values.
Who We Are
Company Name: Urvantis Ltd.
Registration: England and Wales
Data Controller: Urvantis Limited.
Address: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
Privacy Contact: Ben Oakley, CEO
Email: [email protected]
Data Rights Requests: [email protected]
What We Collect (And What We Don't)
When You Browse Our Website
What we collect: Nothing.Your IP address passes through our hosting provider's servers for the technical necessity of delivering web pages. We don't log it, we don't store it, we don't process it.What we don't collect:
• No cookies (except strictly necessary session cookies)
• No tracking pixels
• No analytics
• No fingerprinting
• No behavioural data
• No advertising IDs
• No social media trackingWhy: Because understanding how many people clicked which button is not worth compromising your privacy.Legal Basis: Not applicable; we're not processing your personal data.
When You Contact Us
What we collect:
• Your name
• Your email address
• Whatever information you choose to share in your messageWhy: To respond to your enquiry and provide you with the information or services you've requested.How we protect it: All communications are handled through our end-to-end encrypted email provider (Tuta, Germany). Your enquiry is encrypted from the moment it leaves your device until we read it in our encrypted inbox.Retention: 12 months from our last communication, then permanently deleted, unless you become a client.Legal Basis: Legitimate Interest (responding to your direct business enquiry).
When You Become a Client
What we collect:
Business Information:
• Business contact details (name, email, address, phone number)
• Company name and registration details
• Billing information (processed by Stripe, see below)
• Communication recordsYour Data Processing Activities:
As part of our consultancy, we document information about how your company processes personal data. This is necessary to provide our service and is processed under strict confidentiality.Why: To fulfil our contractual obligations, manage our client relationship, process payments, and deliver expert compliance services.How we protect it:
1. Storage: All client files are stored securely using Filen, a zero-knowledge, end-to-end-encrypted storage provider based in Germany. Filen never has access to our encryption keys, only we can decrypt the files. In addition, we maintain separate encrypted local backups held offline under our direct control. No public cloud platforms. No shared infrastructure.Encryption:
– Zero-access encryption for all files stored through Filen
– Encrypted in transit (TLS 1.3) and at rest (AES-256)
– Even Filen’s administrators cannot read client dataBackups:
Regular encrypted, offline backups are maintained on physically isolated media. These backups are disconnected from the internet, ransomware can’t encrypt what isn’t connected.Access Controls:
Access to client data is strictly limited to authorised personnel. All accounts use strong authentication and mandatory 2FA across systems.Retention: We retain project materials for the duration of our relationship + six years to comply with UK tax and company-law obligations.Legal Basis: Processing is necessary for the performance of a contract under UK GDPR Article 6(1)(b).
How We Protect Your Data
Our Security Architecture
Infrastructure
• Encrypted European storage: Client data is stored via Filen, a zero-knowledge provider operating its own EU-based servers.
• Offline encrypted backups: Copies are held on isolated drives that never connect to the internet.
• Independent infrastructure: We don’t use AWS, Google Cloud, or Azure; our providers run their own secure environments.
• End-to-end encryption: Filen’s zero-access design ensures that only Urvantis holds the keys to decrypt stored content.Communications:
• Encrypted email: Tuta (Germany), zero-access, end-to-end encrypted.
• No phone call recording: We don't record calls unless you explicitly consent for a specific purpose (e.g., training session recording).
• Secure file transfer: All files encrypted before leaving our deviceAccess Controls:
• Principle of Least Privilege: Personnel only access what they need.
• Mandatory 2FA: On all internal systems and external services.
• Strong authentication: No weak passwords tolerated.
• Regular access reviews: Quarterly audits of who can access whatData Minimisation:
• We collect only what's essential for our service.
• We don't 'collect now, decide the use later'.
• We don't build profiles or analyse behaviour
• We don't data mine for 'insights'Secure Disposal:
• Cryptographic erasure when data is no longer needed.
• Verification of deletion completion.
• Physical destruction of retired storage media.
Who We Share Your Data With
Simple answer: Almost no one.We don't sell your data. We don't rent it. We don't 'partner' with data brokers. We don't share it with advertisers. We don't feed it to AI training models.
Our Subprocessors
We use exactly four external services, chosen for their exceptional privacy and security standards:1. Carrd (USA): Website Hosting
Purpose: Hosts our website and processes visitor IP addresses for the technical necessity of delivering web pages.
What they process: Transient IP addresses of website visitors.
Why we chose them: Simple, secure, minimal data processing.
Safeguard: UK Adequacy Decision for EU-US Data Privacy Framework.2. Tuta (Germany): Encrypted Email
Purpose: Secure, zero-access business communications.
What they process: Encrypted email metadata (from/to addresses, timestamps). Email content is end-to-end encrypted; Tuta cannot read it.
Why we chose them: Open-source, zero-access architecture, based in Germany, quantum-resistant encryption planned.
Location: Germany (EEA); no international transfer.3. Filen (Germany): Encrypted Cloud Storage
Purpose: Zero-knowledge encrypted file storage for client deliverables and backups.
What they process: Encrypted files, encrypted filenames. Due to zero-knowledge encryption, Filen cannot access file contents.
Why we chose them: True zero-knowledge architecture, German-based, open-source clients, no data mining.
Location: Germany (EEA); no international transfer.4. Stripe (USA): Payment Processing
Purpose: Secure payment processing and subscription management.
What they process: Payment information, billing details, transaction history.
What we never see: Your complete credit card number. Stripe uses tokenisation, we only see 'card ending in 1234.'
Why we chose them: PCI DSS Service Provider Level 1 certification (the highest security standard in payment processing), global leader in secure payments, extensive fraud protection.
Safeguard: UK Adequacy Decision for EU-US Data Privacy Framework.
Important: When you enter payment details, you're communicating directly with Stripe's secure environment, not our servers.
What We Don't Use
For transparency, here's what we've deliberately chosen NOT to use:❌ Google Analytics (or any analytics)
❌ Facebook Pixel
❌ Social media tracking
❌ Advertising networks
❌ CRM systems that mine data
❌ 'Free' tools that monetise your data
❌ AI services that train on your content
❌ Public cloud storage (AWS, Azure, Google Cloud)
❌ Amazon, Microsoft, or Google products
Cookies and Tracking
We don't use cookies for tracking, analytics, or advertising.The only cookies on our site are those strictly necessary for security and basic functionality (session management, CSRF protection). These are provided by our hosting platform and expire when you close your browser.No consent banner needed because we're not tracking you.
How Long We Keep Your Data
We retain personal data only as long as necessary for the purpose collected:Contact Enquiries
Retention: 12 months from last communication.
Why: To maintain a record of our conversation in case you follow up.
Deletion: Automatic after 12 months unless you become a client.Client Data
Retention: Duration of our relationship plus 6 years.
Why: UK legal requirements for tax records and business documents (HMRC, Companies Act).
What happens: After this period, cryptographic erasure of all data.Technical Logs
Retention: None; we don't keep logs of website visitors.
Your Rights Under Data Protection Law
Urvantis operates under the UK GDPR and, where applicable, the EU GDPR for clients and data subjects within the European Union.You have the following rights regarding your personal data:Right of Access: You can request a copy of the personal data we hold about you. We’ll provide it in a clear, human-readable format.Right to Rectification: You can ask us to correct inaccurate or incomplete information, and we’ll update it promptly.Right to Erasure (Right to be Forgotten): You can request that we delete your data, unless we’re legally required to keep it (for example, tax or contractual obligations).Right to Restrict Processing: You can request that we temporarily limit how we use your data while you contest its accuracy or our legal basis for processing.Right to Data Portability: You can request your data in a machine-readable format (e.g. CSV or JSON) to transfer to another service.Right to Object: You can object to processing based on legitimate interests. We’ll stop unless we can demonstrate compelling legitimate grounds.No Automated Decisions: Urvantis does not use automated decision-making or profiling that produces legal or significant effects.If you’re based in the UK, you can contact the Information Commissioner’s Office (ICO) for further information or to raise a concern. If you’re in the EU, you can contact your national data protection authority.
How to Exercise Your Rights
Email: [email protected]
Response time: We'll respond within one month (UK GDPR requirement).
Identity verification: We may need to verify your identity before fulfilling requests (to protect your data from unauthorised access).
Free of charge: Exercising your rights is free, unless requests are manifestly unfounded or excessive.
Data Breaches
While our security architecture makes breaches highly unlikely, we have comprehensive incident response procedures:If a breach occurs:
1. Immediate containment and assessment.
2. Notification to you within 24 hours (faster than the 72-hour legal requirement).
3. Full investigation and detailed report.
4. Notification to ICO or relevant EU authority if required by law.
5. Implementation of additional safeguards to prevent recurrenceYour assurance: Our zero-access encryption architecture means even in the worst-case scenario of a server compromise, your encrypted files remain unreadable.
International Data Transfers
For most of our infrastructure: None.Your data stays in the UK and Germany (EEA). We've deliberately chosen European providers to avoid the complexity and risks of international data transfers.Exceptions:
• Website hosting (Carrd, USA): Transient IP address processing only, safeguarded by UK Adequacy Decision for the EU-US Data Privacy Framework.
• Payment processing (Stripe, USA): Payment data only, safeguarded by UK Adequacy Decision and Stripe's PCI DSS Level 1 certification.
Children's Privacy
Our services are not directed at children under 16. We do not knowingly collect data from children. If you believe we've inadvertently collected data from a child, contact us immediately at [email protected].
Changes to This Policy
We may update this policy to reflect changes in our practices or legal requirements.How we'll notify you:
• Update the 'Last Updated' date at the top.
• For material changes: Email notification to clients and prominent notice on our website.
• Previous versions: Available upon request.Your responsibility: Review this policy periodically. Continued use of our services after changes constitutes acceptance.
Complaints and Concerns
Talk to us first: If you're unhappy with how we've handled your personal data, please contact us at [email protected]. We take complaints seriously and will investigate thoroughly.Escalate if needed: If you're not satisfied with our response, you have the right to lodge a complaint with the UK's supervisory authority:Information Commissioner's Office (ICO)
Website: https://ico.org.uk/make-a-complaint/
Phone: 0303 123 1113If you’re in the EU, you can escalate to your national data protection authority.
Legal Basis Summary
For transparency, here's a summary of our legal basis for processing:
| Processing Activity | Legal Basis | Article 6(1) Reference |
|---|---|---|
| Website operation | Not applicable (no personal data collected) | N/A |
| Responding to enquiries | Legitimate Interest | (f) |
| Client services | Performance of Contract | (b) |
| Payment processing | Performance of Contract | (b) |
| Legal/financial record retention | Legal Obligation | (c) |
| Security and fraud prevention | Legitimate Interest | (f) |
Questions?
Privacy inquiries: [email protected]
Data rights requests: [email protected]
Legal matters: [email protected]
General questions: [email protected]We're here to help. Privacy is what we do.
Transparency Commitment
This policy is written to be understood by humans, not just lawyers. We've deliberately avoided:• Unnecessarily complex legal jargon.
• Vague language that obscures our practices.
• Clauses that reserve excessive rights we don't need.
• Terms that require a law degree to interpret.If anything is unclear, ask us. If we can't explain it simply, we shouldn't be doing it.
Building trust, one transparent policy at a time.
All Urvantis policies are maintained internally and version-controlled.
The most recent updates are listed at the top of each page.
© 2025 Urvantis Privacy Limited. All Rights Reserved.