Login
Book a Demo

Culverdocs Privacy Policy

Last Updated: 23/02/2026

1. Who we are and what we do

Who we are

We are Culvertech Ltd (trading as Culverdocs), a service that helps businesses capture and manage data (“Culverdocs”, “us”, “we”, “our”). We are a limited company registered in England and Wales under registration number 10564100 and we have our registered office at Suite A2, Gemini House, Hargreaves Road Swindon, SN25 5AZ. We are registered with the Information Commissioner’s Office (“ICO”), in relation to our processing of Personal Data under registration number ZA232547.

What we do

Culverdocs is designed to capture and distribute business data through simple yet powerful mobile and web forms. We are committed to protecting the privacy and security of the Personal Data we process on your behalf.

2. Purpose of this Privacy Policy

The purpose of this privacy notice is to explain what Personal Data we collect about you and how we process it. It also explains your rights regarding your Personal Data. Please read this notice carefully. If you have any questions, you can contact us using the information provided below in the ‘How to Contact Us’ section.

Distinction of Controller vs Processor

Due to the nature of the service, we act as both a Data Controller and Data Processor depending on the type of data held and supplied.

  • Data Controller: We are the controller of the Personal Data we collect about you and your business for the purpose of providing our services. This means that we determine what Personal Data to collect and how to process it.
  • Data Processor: We are the processor for all of the data (including Personal Data) we store and process on your behalf, as determined by the configured data collection requirements of your forms, and the services you opt-in to use for us to process the data on your behalf. This includes the sub-processors required to perform the actions configured within your account. As a Data Processor, we act strictly under your instructions, and your data remains under your control at all times.
 

For example, when you provide us with your business account information, we act as a Data Controller. However, when you use Culverdocs to process your own business data through our platform, we act as a Data Processor on your behalf.

3. Who this Privacy Policy applies to

This Privacy Policy applies to individuals who interact with us through our website and services, including customers, employees of our customers, prospects, partners, and customers and their employees of our partners. This privacy notice applies to you if:

 

  1. You visit our website.
  2. You purchase services from us.
  3. You enquire about our products and/or services.
  4. You use any part of our services.
  5. You sign up to receive newsletters and/or other promotional communications from us.
  6. You engage with us on telephone or remote calls.
  7. You engage with a Culverdocs Partner reselling our services.

4. Scope of This Privacy Policy

This policy applies to the personal information that we collect as a data controller. It does not apply to personal information which is subject to separate agreements, such as data processing agreements (DPAs), concerning the processing of personal data.


We are the data controller for personal information related to your personal account, and to the delivery of services related to Culverdocs.


This policy complements, but does not replace, any Data Processing Agreements (DPAs) or other contractual agreements we may have in place.

5. What is Personal Data?

‘Personal Data’ means any information from which someone can be identified either directly or indirectly, whether collected online or offline. For example, you can be identified by your name, email address, or an online identifier.

We do not intentionally collect or process special category data (such as health information, racial or ethnic origin, political opinions, religious beliefs, or trade union membership). If such data is inadvertently provided, it will be deleted unless required for compliance with legal obligations.

Our service are not intended for minors under 18 and we do not knowingly collect personal data relating to minors.

6. Personal Data We Collect

The type of Personal Data we collect about you will depend on our relationship with you. The data we collect includes the following:

  • Account Details: Name, email address, phone number, job title, company, and other information you provide when signing up for our services.
  • Usage Data: Data about how you use our website, app, and services, including device information, browser type, IP address, and other technical data. This data may be collected automatically through cookies and analytics tools as described in our Cookie Policy.
  • Relationship Data: Any information regarding your specific use cases within Culverdocs, including telephone conversations, calls made via remote tools (Microsoft Teams/Zoom), or Jobs pertaining to individual business requirements.
  • Support Data: Information related to support and onboarding interactions, including chat logs, call recordings, and support tickets, to improve our service and support experience.
  • Transaction Data: Information related to payments, invoices, and order history when purchasing our services.
  • Marketing Data: Information you provide when signing up for newsletters or promotional communications.
  • Miscellaneous Data: Additional information you may provide when engaging with us directly, such as feedback, survey responses, or information provided through customer support channels. We may also collect Personal Data necessary to comply with legal and regulatory requirements, including but not limited to anti-fraud and anti-money laundering obligations.


Some types of analytics data, such as usage and tracking data, are handled through cookies. Further information can be found in our Cookie Policy on the website.

7. How We Collect Your Personal Data

We collect most of your Personal Data directly from you, such as:

  • When you visit our website.
  • When you interact with us via email, phone, or in person.
  • When you sign up for our services via a demo request or contact us.

 

We may also collect your Personal Data from third parties, including:

  • Reputable companies who provide lead generation contact lists.
  • Others to whom you have provided consent.
  • Publicly available sources such as social media platforms.

8. Recording of Calls

Incoming and Outgoing calls are recorded and retained in accordance with:

  • Data Protection Act 2018
  • The UK General Data Protection Regulation (UK GDPR)
  • The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000
  • Investigatory Powers (Interception by Businesses etc. for Monitoring and Record-keeping Purposes) Regulations 2018

 

Calls are recorded to help improve the services we provide, monitoring service quality and staff performance, training and performance, help protect our staff from abusive or nuisance calls and to pursue our own legitimate interests.

Where possible, we will inform outgoing callers their call is being recorded for the reasons stated above so they have the opportunity to consent by continuing the call or hanging up.

We will make every reasonable effort to communicate that calls may be recorded.

  • This will be communicated to actual and prospective customer and/or general callers by: Publishing this policy on the Culverdocs website
  • Informing all clients and callers that call the office in the first instance via a recorded announcement for incoming calls.

 

Access to call recordings is restricted to authorised personnel only. Recordings are stored securely and protected from unauthorised access, alteration or deletion. Any unauthorised access of call recordings without valid reasons by staff may be considered under our disciplinary procedure.

9. Purposes, Lawful Bases, and Retention Periods

We retain Personal Data in accordance with applicable legal, regulatory, and contractual requirements. Legitimate Interests may include enhancing our services, improving user experience, and supporting our business operations, provided that these interests are not overridden by your privacy rights. We store your Personal Data for the Retention Period that is consistent with our business purposes and will retain the data for the length of time needed to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.


Most commonly, we will use your Personal Data in the following circumstances:

Categories of IndividualsCategories of Personal DataPurpose of ProcessingLawful BasisRetention Period
CustomerName, address, email addressTo fulfil your orderContract6 years following the transaction
CustomerName, job title, work email, work phone number, company nameTo send newsletters and promotional materialContract & Legitimate InterestsFor the duration of your active account and up to 12 months after closure, unless a longer period is required by law
CustomerName, contact details, transaction historyTo manage our relationship with you (e.g. to notify you of changes)Contract6 years following the transaction
Prospective CustomerName, company details, address, email address, telephone numbersTo contact you regarding the use of the Culverdocs platformLegitimate Interests6 years following last meaningful contact

10. Sharing your Personal Data

Your Personal Data will not be sold to or shared with third parties without your explicit consent, except with trusted sub-processors to support our business operations or where legally required. In cases where we utilise sub-processors for the purposes of processing your data for our business use, we may share your Personal Data with trusted third-party services (sub-processors) who help us operate and provide our services.

 

All sub-processors are subject to strict contractual obligations, including Data Processing Agreements (DPAs) or Standard Contractual Clauses (SCCs) ensuring compliance with applicable data protection laws. These third-party services are subject to their own privacy policies and are only permitted to process your Personal Data on our behalf.

 

These third-party services are contracted to provide specific services, and they are obligated not to use or disclose your data for any other purpose. You can find a full list of sub-processors here: https://www.culverdocs.co.uk/sub-processors.

 

In addition to our processing, you may optionally provide us with additional personal information relating to your users to enable us to process data provided to us as part of the Culverdocs service and data processing activities. Further information can be found in our Terms and Conditions, but privacy-related information on each service has been detailed below:

Google Drive Integration

If you choose to use Google Drive as part of our service via Integrations, we will only access your data within Google Drive with your explicit consent and as required for the service, such as tasks for storing files in the pre-determined locations. The data processed through Google Drive will be subject to Google’s privacy policies and terms.

The data we collect about you is what you have provided to us, including your name, email address and access details for your account in order to complete the integration tasks provided. Culverdocs will not store any personal information regarding your Google Drive contents, other than the information you provide us from the integration containing your account details, or folder/path names (if applicable) to store files in the required location.

We will use your data to provide you with the services you requested, such as uploading files produced through the configured Workflows which have access to write to your Google Drive folder determined by you, and based on the relevant access permissions provided.

You can manage or revoke the Google Drive integration permissions at any time through your Culverdocs account settings or within your Google account permissions.

You can find more details about how Google handles personal data in the Google Privacy Policy and Google Cloud Privacy Notice.

11. International Transfers

The Personal Data we hold as a Data Controller may be processed outside of the UK or EEA. This is because the organisations we use to provide our service to you may be based outside the UK. We have taken appropriate steps to ensure that the Personal Data processed outside the UK has an equivalent level of protection to that guaranteed in the UK. This includes:

  • Ensuring that your Personal Data is only processed within the UK or EEA with adequate protection, and/or;
  • Ensuring that Data Processing Agreements (DPAs) and relevant Standard Contractual Clauses (SCCs) are in place where international processing is required, in line with the ICO IDTA requirements.
  • We assess third-country data transfers under the updated DUAA standard; transfers are permitted where protections are not materially lower that those required by UK data protection law.

12. Your Data Protection Rights

You have the following rights regarding your Personal Data:

  • Access: You have the right to request a copy of your Personal Data.
  • Correction: You have the right to correct any Personal Data we hold about you that is inaccurate or incomplete.
  • Deletion: You have the right to request that we delete your Personal Data, subject to certain conditions.
  • Objection: You have the right to object to us processing your Personal Data for certain purposes.
  • Restriction: You have the right to restrict the processing of your Personal Data in certain circumstances.
  • Portability: You have the right to request a transfer of your Personal Data to another service provider where technically feasible.

 

To exercise these rights, please contact us using the contact details provided below. To protect your Personal Data, we may require additional information to verify your identity before processing your request.

We may pause the one-month deadline to respond to your data access request while waiting for additional information needed to proceed. We will resume timing once we are able to continue. You are entitled to reasonable and proportionate searches.

We will handle all requests in accordance with ICO guidelines and ensure compliance with the latest legal requirements. In the event of any changes to the ICO’s guidance, those updates may supersede the information provided in this policy to maintain compliance with applicable data protection laws.

If you believe we have not complied with your data protection rights, you also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.

You have a statutory right to raise privacy-related complaints directly with us—for example, through our online form. We will acknowledge receipt within 30 days and seek to resolve and inform you of the outcome.

13. How We Protect Your Data

We implement industry-standard technical and organisational measures to protect your Personal Data and the confidentiality of your Personal Data, including encryption, access controls, and regular security assessments to safeguard against unauthorised access, alteration, disclosure, or destruction.


In addition to technical measures, we maintain robust organisational policies, including staff training on data protection and strict access controls to safeguard your Personal Data.


Further information on our technical measures and organisational measures through compliance activities can be shared on request by contacting us.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new Privacy Policy on our website and updating the “Last Updated” date. Please review this policy regularly for updates to how we process your Personal Data.

15. How to Contact Us

If you have any questions about this Privacy Policy or our data processing practices, or to exercise your rights, please contact us at:

  • Email[email protected]
  • Phone: +44 (0)1793 200 664
  • Address: Suite A2, Gemini House, Hargreaves Road, Swindon, Wiltshire, SN25 5AZ, United Kingdom.