Privacy Policy

1. Introduction

This Privacy Policy explains how Domtree Limited ("we", "us", or "our") collects, uses, and protects your personal data when you use our website at domtree.com and our services, including the Zero Test Framework.

We are committed to protecting your privacy and handling your data in an open and transparent manner in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Who We Are

Domtree Limited
Company Number: 16798134
Registered in England and Wales

For any privacy-related enquiries, please contact us at: contact@domtree.com

3. What Data We Collect

We may collect and process the following types of personal data:

Account Information

• Email address (required for Zero Test Framework subscriptions)
• Name (when provided via contact forms)
• Company name (when provided)

Payment Information

• Payment card details are processed securely by Stripe and are not stored on our servers
• Stripe subscription identifiers and transaction references
• Billing information as required for invoicing

Service Usage Data

• Framework generation requests and configuration preferences
• Uploaded requirements documents (for framework generation)
• Usage counts and subscription plan details

Technical Data

• IP address and browser information
• Device and operating system information
• Cookies and similar tracking technologies (see our Cookie Policy)

4. How We Use Your Data

We use your personal data for the following purposes:

• Service Delivery: To provide and maintain our services, including generating test frameworks, processing subscriptions, and managing your account
• Payment Processing: To process payments via Stripe and manage your subscription
• Communication: To respond to your enquiries, provide customer support, and send service-related notifications
• Service Improvement: To analyse usage patterns and improve our tools and services
• Legal Compliance: To comply with legal obligations and protect our legitimate interests

5. Legal Bases for Processing

We process your personal data under the following legal bases:

• Contract: Processing necessary for the performance of our contract with you (e.g., providing subscribed services)
• Consent: Where you have given explicit consent (e.g., marketing communications)
• Legitimate Interests: For purposes such as improving our services, fraud prevention, and business administration, where these do not override your rights
• Legal Obligation: Where processing is required by law

6. Data Processors and Third Parties

We work with the following third-party service providers who may process your data on our behalf:

• Stripe: Payment processing and subscription management
• Heroku / Cloud Hosting: Website and application hosting
• Google (Google Sheets): Secure data storage for user account management

All our data processors are required to handle your data in accordance with applicable data protection laws and our instructions.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Account data: Retained for the duration of your account and for a reasonable period thereafter for legal and business purposes
• Transaction records: Retained for 7 years for tax and accounting purposes
• Uploaded documents: Processed for framework generation and not retained beyond the generation process unless otherwise agreed

You may request deletion of your account and associated data at any time by contacting us.

8. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at contact@domtree.com.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. This includes:

• Secure HTTPS encryption for all data transmission
• Secure password hashing for account credentials
• Regular security reviews and updates
• Access controls limiting who can view personal data

10. International Transfers

Some of our third-party service providers may be located outside the UK. Where this is the case, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK authorities.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: contact@domtree.com
Website: domtree.com/contact

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not handled your data appropriately: ico.org.uk