Legal
Privacy policy
How EnfinitOS processes personal data, what rights you have as a data subject, and how to contact us about it.
Draft — final review pending. This policy is published in draft form ahead of EnfinitOS Ltd incorporation in February 2027. The commitments below describe how the platform is built to handle personal data today; the final commercial wording and the named data-controller entity will be confirmed at incorporation. Substantive changes will be notified to registered prospects and clients in writing.
Who we are
EnfinitOS is a governance-layer platform for operators of screen and spatial media estates. This website (enfinitos.com) is the public interface of a pre-incorporation project that will become EnfinitOS Ltd, a UK-registered company, in February 2027.
Until the company is incorporated, the data controller for personal data submitted through this website is the founder acting in a personal capacity. After incorporation, the controller of record becomes EnfinitOS Ltd.
What data we collect
We only collect personal data you actively submit, plus the minimum request metadata needed to deliver the site.
- Application and reservation form submissions. Your name, company, job title, work email, country, and the details you provide about your intended use (sandbox request, SDK integration, or pilot interest). Stored for the purpose of evaluating and responding to your application, and — if you progress — scoping a pilot engagement.
- Sandbox credentials. When we auto-issue a sandbox tenant, we store your organisation identifier, hashed API key, and the magic-link token (short-lived). We also send you the credentials by email via our transactional email provider (Resend).
- Email correspondence. Messages you send to pilot@enfinitos.com or any other EnfinitOS address are stored in our email provider (Google Workspace) for the lifetime of the correspondence thread.
- Intake notifications. When a form is submitted, a summary (name, company, work email, intent) is posted to a private Slack workspace via an incoming webhook. No payment or sensitive credential data is included.
- Site telemetry. Privacy-respecting aggregate analytics via Cloudflare Web Analytics. No cookies, no cross-site tracking, no individual-level identification.
Legal basis for processing
Under UK GDPR, we rely on the following lawful bases:
- Legitimate interest for responding to application and reservation form submissions (where you have given explicit consent on the form), maintaining correspondence threads, and running privacy-respecting aggregate site analytics.
- Consent collected on each application and reservation form, and where we ever introduce optional marketing communications (none are active today).
- Contract from the point a pilot Master Services Agreement is executed, for all processing necessary to deliver contracted services.
How long we keep data
- Reservation submissions: retained for the duration of the prospect relationship, up to a maximum of 24 months from last contact.
- Email correspondence: retained for the duration of the thread plus statutory minimum retention after contract close.
- Site telemetry: aggregate, non-identifying; retained by Cloudflare per their standard retention policy.
Your rights
Under UK GDPR you have the right to access, correct, delete, export, or restrict processing of the personal data we hold about you, and to withdraw consent where consent is the legal basis. To exercise any of these rights, email pilot@enfinitos.com with the subject line “data-rights request” and we will respond within 30 calendar days.
You also have the right to lodge a complaint with the UK Information Commissioner's Office at ico.org.uk/make-a-complaint if you believe your personal data has been handled incorrectly.
Data transfers
The live platform and its sandbox tenant data are hosted on Cloudflare's edge, with the data plane in the European Economic Area (EEA) and United Kingdom. Some operational sub-processors are based in the United States — specifically transactional email (Resend), intake notifications (Slack), developer authentication (WorkOS), the AI Governance Copilot (Anthropic), and source/CI hosting (GitHub) — and email correspondence through Google Workspace may also involve US transfers. Those UK/EU→US transfers are governed by each vendor's data-processing agreement incorporating the EU Standard Contractual Clauses and the UK International Data Transfer Agreement (and the EU–US Data Privacy Framework where the vendor is certified). We are completing and confirming these on file ahead of the public pilot; see the sub-processor table above for which vendors are US-based.
Sub-processors
We use the following third-party processors. Each is engaged only to deliver the services described; no data is sold or used for advertising.
| Sub-processor | Purpose | Data shared | Region |
|---|---|---|---|
| Cloudflare (Pages, KV, D1, Web Analytics) | Site hosting, edge runtime, tenant data storage, aggregate analytics | Application form responses, sandbox tenant records, aggregate page-view counts (no PII in analytics) | EEA / global edge (Cloudflare standard SCCs) |
| Google Workspace | Business email and correspondence | Email content and metadata for correspondence you initiate | EEA / US (Google standard SCCs) |
| Resend | Transactional email (sandbox activation credentials, magic-link sign-in) | Recipient email address, name, and the credential content of activation emails | US (Resend standard DPA) |
| Slack | Internal intake notifications (incoming webhook; founder-only workspace) | Name, company, work email, and intent from each application or reservation submission. No credentials or payment data. | US (Slack standard DPA) |
| Anthropic | AI Governance Copilot — plain-English explanations of platform decisions grounded in the audit log | Audit-log excerpts and governance context passed as prompt context; no contact PII is included in prompts by design | US (Anthropic API terms; zero-retention option to be confirmed at launch) |
| WorkOS | Developer authentication (magic-link sessions for the developer portal) | Developer email address and session tokens | US (WorkOS DPA) |
| GitHub (Microsoft) | Source-code hosting, CI/CD, and the public auditor-SDK package registry | Source code and CI logs (build artefacts); no customer-tenant data | US (primary), EU mirror (GitHub DPA / SCCs) |
| Sentry | Application error and performance monitoring | Error and performance metadata, with PII redaction enabled | EU data residency available (Sentry DPA) |
| Stripe (planned) | Payment processing for pilot invoicing (activates at the first paid pilot) | Payment method, billing address, transaction metadata | EU + US per Stripe data-residency (Stripe DPA / SCCs) |
| AWS (planned) | Production API hosting at the April 2027 launch | All data processed by the production API; scope to be confirmed ahead of launch | EU (eu-west-2, single region at launch); AWS standard SCCs |
This list reflects sub-processors active or planned as of June 2026 and is the reconciled union of every third party that receives personal data. Vendors marked “(planned)” (Stripe, AWS) are scheduled but not yet processing data. Several active processors above are US-based; the corresponding UK/EU→US transfer agreements (DPA + SCCs / UK IDTA) are being executed and confirmed on file ahead of the public pilot. The canonical, more detailed version of this list — including per-vendor transfer-safeguard status — is maintained internally and provided to operators during procurement.
Contact
For privacy questions or to exercise your rights: pilot@enfinitos.com. A UK postal address of record will be published here once EnfinitOS Ltd is incorporated at Companies House. See also our cookies policy and terms of service.
Policy version: 1 (draft). Last reviewed: May 2026. Effective from the date of publication.