Privacy Policy

1. Introduction

Technocrat Services Ltd (company number 14052107) ("we", "us", "our", or the "Company") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, disclose, and protect your personal data when you visit our website at technocratservices.com (the "Website"), use our products including BucketSync (the "Products"), or engage with our services (collectively, the "Services").

This Policy is issued in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the EU General Data Protection Regulation (EU GDPR, Regulation 2016/679), the Privacy and Electronic Communications Regulations 2003 (PECR), and all other applicable data protection and privacy legislation worldwide, including but not limited to the California Consumer Privacy Act (CCPA/CPRA), the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), the Australian Privacy Act 1988, and Brazil's Lei Geral de Proteção de Dados (LGPD).

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this Policy, you should discontinue use of our Services immediately.

2. Data Controller

For the purposes of applicable data protection legislation, the data controller is:

If you have any questions about this Privacy Policy or our data practices, or if you wish to exercise any of your rights as a data subject, please contact us using the details above.

3. Information We Collect

We may collect and process the following categories of personal data:

3.1 Information You Provide Directly

• Contact Information: name, email address, telephone number, company name, and job title when you submit enquiry forms, request consultations, or contact us.
• Account Information: credentials and profile data if you register for an account or subscribe to our Products.
• Communication Data: the content of correspondence, emails, messages, and any attachments you send to us.
• Transaction Data: billing information, payment details (processed by our third-party payment processors — we do not store full payment card details), purchase history, and subscription information.
• Feedback and Survey Data: responses to surveys, reviews, testimonials, or feedback you voluntarily provide.

3.2 Information Collected Automatically

• Technical Data: IP address, browser type and version, operating system, device identifiers, screen resolution, time zone setting, and browser plug-in types.
• Usage Data: pages visited, time spent on pages, navigation paths, click data, referral URLs, and interaction patterns with our Website.
• Log Data: server logs including access times, error logs, and diagnostic data.
• Cookie and Tracking Data: information collected through cookies, web beacons, pixels, and similar tracking technologies (see Section 10 below).

3.3 Information from Third Parties

• Analytics Providers: aggregated and anonymised data from analytics services.
• Business Partners: referral information from partners, resellers, or integration platforms.
• Publicly Available Sources: information from public registers, social media profiles, and publicly available databases where lawful.

3.4 BucketSync Product Data

BucketSync is designed with privacy at its core. The application connects directly from your device to your own S3 compatible storage server. We do not have access to, collect, store, transmit, or process any files, data, credentials, encryption keys, or content that you store, sync, stream, or transfer using BucketSync. Your server credentials are stored exclusively on your device using platform-native secure storage (iOS Keychain and Android EncryptedSharedPreferences) and are never transmitted to our servers. Any end-to-end encryption keys are generated and stored solely on your device under a zero-knowledge architecture.

4. Lawful Basis for Processing

We process your personal data only where we have a valid lawful basis under applicable data protection law. The lawful bases we rely on are:

• Consent (Article 6(1)(a) UK/EU GDPR): where you have given clear, informed, and unambiguous consent for us to process your personal data for a specific purpose, such as subscribing to marketing communications or accepting non-essential cookies.
• Contractual Necessity (Article 6(1)(b)): where processing is necessary for the performance of a contract to which you are party, or to take steps at your request prior to entering into a contract, including providing our Services and Products.
• Legitimate Interests (Article 6(1)(f)): where processing is necessary for our legitimate interests or those of a third party, provided your fundamental rights and freedoms do not override those interests. Our legitimate interests include operating and improving our Services, fraud prevention, network and information security, and direct marketing to existing clients.
• Legal Obligation (Article 6(1)(c)): where processing is necessary for compliance with a legal obligation to which we are subject, including tax, accounting, and regulatory requirements.

Where we rely on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

5. How We Use Your Information

We use your personal data for the following purposes:

• To provide, operate, maintain, and improve our Website, Products, and Services.
• To process and respond to your enquiries, requests, and communications.
• To fulfil contractual obligations, process transactions, and manage your account.
• To send you service-related notices, updates, security alerts, and administrative messages.
• To send marketing communications where you have consented or where we have a legitimate interest to do so (with an opt-out mechanism always available).
• To analyse usage patterns, conduct research, and improve user experience.
• To detect, prevent, and address fraud, security incidents, technical issues, and abuse.
• To comply with applicable laws, regulations, legal processes, and governmental requests.
• To enforce our terms, policies, and agreements.
• To protect our rights, property, safety, and the rights, property, and safety of our users and third parties.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data to third parties for their marketing purposes. We may share your personal data in the following limited circumstances:

• Service Providers and Processors: trusted third-party service providers who perform services on our behalf (e.g., hosting, analytics, payment processing, email delivery), bound by contractual obligations to process personal data only on our instructions and in accordance with applicable data protection law.
• Legal Requirements: where disclosure is required by applicable law, regulation, legal process, court order, or governmental request, or where we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers: in connection with a merger, acquisition, reorganisation, sale of assets, or bankruptcy, where personal data may be transferred as a business asset, subject to the commitments made in this Privacy Policy.
• With Your Consent: where you have given explicit consent for a specific disclosure.
• Professional Advisors: to our lawyers, auditors, accountants, insurers, and other professional advisors where necessary for the establishment, exercise, or defence of legal claims.

7. International Data Transfers

Your personal data may be transferred to, stored in, and processed in countries outside the United Kingdom and the European Economic Area (EEA) that may not provide an equivalent level of data protection.

Where we transfer personal data internationally, we ensure that appropriate safeguards are in place in accordance with applicable data protection law, including:

• Transfers to countries recognised by the UK Secretary of State or the European Commission as providing an adequate level of data protection.
• Use of the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or the EU Standard Contractual Clauses (SCCs), as applicable.
• Binding Corporate Rules or other approved certification mechanisms or codes of conduct.
• Your explicit consent to the transfer, where no other safeguard is available and where you have been informed of the possible risks.

You may request a copy of the appropriate safeguards by contacting us using the details in Section 2.

8. Data Retention

We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, including to satisfy any legal, regulatory, accounting, or reporting requirements. In determining the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, and the purposes for which we process it.

As a general guide:

• Enquiry and contact data: retained for up to 24 months from your last interaction, unless a contractual relationship is established.
• Contractual and transaction data: retained for the duration of the contract and for up to 7 years thereafter to comply with legal and tax obligations.
• Marketing data: retained until you withdraw consent or opt out, plus a suppression record to ensure we respect your preferences.
• Technical and analytics data: retained in anonymised or aggregated form and may be retained indefinitely for statistical and analytical purposes.

When personal data is no longer required, we will securely delete or irreversibly anonymise it.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction, alteration, or damage. These measures include, but are not limited to:

• Encryption of data in transit using TLS/SSL protocols.
• Encryption of data at rest where appropriate.
• Access controls and authentication mechanisms limiting access to personal data to authorised personnel only.
• Regular security assessments, vulnerability testing, and penetration testing.
• Secure development practices and code review processes.
• Incident response procedures for the detection, investigation, and reporting of personal data breaches.
• Staff training on data protection and information security.

Notwithstanding the above, no method of transmission over the internet or method of electronic storage is completely secure. Whilst we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security and accept no liability for any unauthorised access, disclosure, loss, or destruction of personal data arising from circumstances beyond our reasonable control, including but not limited to hacking, cyberattack, system failure, force majeure events, or the acts or omissions of third parties.

10. Cookies and Tracking Technologies

Our Website may use cookies and similar tracking technologies to distinguish you from other users, enhance your browsing experience, and analyse site usage. Cookies are small text files stored on your device by your web browser.

We use the following categories of cookies and technologies:

10.1 Strictly Necessary Cookies

Essential for the operation of the Website. These include cookies set by our hosting provider, Cloudflare, for security purposes (such as bot management and DDoS protection). These cookies do not require your consent and cannot be disabled.

10.2 Analytics and Performance

We use Cloudflare Web Analytics, a privacy-focused analytics service that does not use cookies and does not collect personally identifiable information. It helps us understand how visitors interact with our Website by collecting anonymised data such as page views, referrers, and browser information. This technology is only activated with your consent.

10.3 Functionality

These store your preferences such as cookie consent choices and display settings. They are only set with your consent.

10.4 Marketing and Targeting

We do not currently use marketing or targeting cookies. If this changes, this section will be updated and your consent will be sought before any such cookies are placed on your device.

10.5 Managing Your Preferences

Non-essential cookies and technologies will only be activated with your prior consent, in accordance with the Privacy and Electronic Communications Regulations 2003 (PECR) and applicable EU ePrivacy legislation. You may manage your preferences at any time through:

• the cookie consent banner displayed on our Website;
• your browser settings (instructions vary by browser — consult your browser's help documentation); or
• clearing your browser's local storage to reset your consent preferences.

Please note that disabling certain technologies may affect the functionality and performance of the Website.

11. Your Rights

Under applicable data protection legislation (including the UK GDPR, EU GDPR, CCPA/CPRA, and other jurisdictional laws), you may have the following rights in relation to your personal data:

• Right of Access: the right to request confirmation of whether we process your personal data and to obtain a copy of such data.
• Right to Rectification: the right to request correction of inaccurate or incomplete personal data.
• Right to Erasure ("Right to be Forgotten"): the right to request deletion of your personal data in certain circumstances.
• Right to Restriction of Processing: the right to request that we restrict processing of your personal data in certain circumstances.
• Right to Data Portability: the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
• Right to Object: the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: where processing is based on consent, the right to withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
• Rights Related to Automated Decision-Making: the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.
• Right to Lodge a Complaint: the right to lodge a complaint with a supervisory authority (see Section 12).

For residents of California (USA): you additionally have the right to know what personal information is collected, the right to request deletion, the right to opt out of the sale or sharing of personal information, and the right to non-discrimination for exercising your privacy rights under the CCPA/CPRA.

To exercise any of your rights, please contact us at privacy@technocratservices.com. We will respond to your request without undue delay and in any event within one month (or such longer period as may be permitted by law). We may require verification of your identity before processing your request.

12. Supervisory Authority and Complaints

If you are not satisfied with our response to a privacy concern or believe that our processing of your personal data is not in accordance with the law, you have the right to lodge a complaint with a supervisory authority.

For the United Kingdom, the relevant authority is:

For the European Union, you may contact the supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

We would, however, appreciate the opportunity to address your concerns before you approach a supervisory authority and would ask that you contact us in the first instance.

13. Third-Party Links and Services

Our Website and Products may contain links to third-party websites, services, plug-ins, applications, or integrations that are not operated or controlled by us. This Privacy Policy does not apply to any third-party services, and we are not responsible for the privacy practices, content, security, or data handling of any third party. We strongly encourage you to review the privacy policy of every third-party service you interact with.

We accept no responsibility or liability whatsoever for any loss, damage, or harm arising from your use of or reliance on any third-party website, service, or content linked to from our Website or Products.

14. Children's Privacy

Our Services are not directed at, and we do not knowingly collect personal data from, children under the age of 16 (or the applicable age of digital consent in your jurisdiction). If we become aware that we have collected personal data from a child without appropriate parental or guardian consent, we will take steps to delete such information promptly. If you believe we may have collected information from a child, please contact us immediately.

15. Limitation of Liability

To the fullest extent permitted by applicable law, Technocrat Services Ltd, its directors, officers, employees, agents, contractors, affiliates, and licensors shall not be liable for any indirect, incidental, special, consequential, punitive, or exemplary damages, including but not limited to damages for loss of profits, revenue, goodwill, data, or other intangible losses, arising out of or in connection with:

• your use of, inability to use, or reliance on our Website, Products, or Services;
• any unauthorised access to, use of, or alteration of your personal data or transmissions;
• any breach of security or data breach caused by circumstances beyond our reasonable control;
• any interruption, suspension, or termination of our Services;
• any bugs, viruses, or other harmful components transmitted through our Services by any third party;
• any errors, omissions, inaccuracies, or defects in any content or information provided through our Services; or
• any third-party conduct, content, websites, or services accessed through or linked from our Services.

In any event, our total aggregate liability to you for all claims arising out of or relating to this Privacy Policy or our processing of your personal data shall not exceed the greater of (a) the amount you have paid to us in the twelve (12) months preceding the claim, or (b) one hundred pounds sterling (£100).

Nothing in this section shall exclude or limit our liability for death or personal injury caused by our negligence, fraud or fraudulent misrepresentation, or any other liability that cannot be lawfully excluded or limited under applicable law.

16. Indemnification

You agree to indemnify, defend, and hold harmless Technocrat Services Ltd, its directors, officers, employees, agents, contractors, and affiliates from and against any and all claims, liabilities, damages, losses, costs, and expenses (including reasonable legal fees) arising out of or in connection with: (a) your breach of this Privacy Policy; (b) your violation of any applicable law or regulation; (c) your misuse of our Website, Products, or Services; or (d) any content or data you submit, transmit, or make available through our Services.

17. BucketSync — Product-Specific Privacy Provisions

The following provisions apply specifically to the BucketSync application:

• No Server-Side Data Collection: BucketSync operates on a direct-connection model. The application communicates directly between your device and your own S3 compatible storage server. We do not operate, manage, or have access to any intermediary server, proxy, or relay through which your data passes.
• Zero-Knowledge Architecture: we have no knowledge of, and no ability to access, your storage credentials, encryption keys, file contents, file names, bucket structures, server configurations, or any data stored on your servers.
• On-Device Storage: all credentials, configuration, encryption keys, and cached data are stored exclusively on your device using platform-native secure storage mechanisms. This data is not transmitted to, backed up on, or accessible by our servers.
• Optional Analytics: BucketSync may collect anonymised, non-personally-identifiable usage analytics (such as app version, operating system, crash reports, and feature usage statistics) solely to improve the product. This can be disabled in the application settings.
• No Liability for Data Loss: We expressly disclaim all liability for any loss, corruption, unauthorised access, or destruction of data stored on your S3 compatible servers, whether arising from the use of BucketSync or otherwise. You are solely responsible for the security, backup, and integrity of your own servers, infrastructure, credentials, and data. BucketSync is provided "as is" and "as available" without warranties of any kind, whether express, implied, or statutory, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and non-infringement.
• Encryption Disclaimer: whilst BucketSync offers optional end-to-end encryption (AES-256-GCM), the security of encrypted data depends on the strength of your passphrase and the security of your device. We are not responsible for any data exposure resulting from weak passphrases, compromised devices, or user error. Loss of your encryption passphrase will result in permanent, irrecoverable loss of access to encrypted data.

18. Governing Law and Jurisdiction

This Privacy Policy and any disputes arising out of or in connection with it (including non-contractual disputes) shall be governed by and construed in accordance with the laws of England and Wales. The courts of England and Wales shall have exclusive jurisdiction to settle any dispute arising out of or in connection with this Privacy Policy, provided that this shall not affect any mandatory consumer protection rights you may have under the laws of your country of residence.

For users in the European Union, nothing in this section shall affect your right to bring proceedings in the courts of the EU Member State in which you are domiciled.

19. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time at our sole discretion. Any changes will be effective immediately upon posting the revised Policy on this page with an updated "Last updated" date. Where changes are material, we will make reasonable efforts to notify you (for example, by email or by a prominent notice on our Website).

Your continued use of our Services after the posting of any changes constitutes your acceptance of such changes. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data.

20. Severability

If any provision of this Privacy Policy is held to be invalid, illegal, or unenforceable by a court or tribunal of competent jurisdiction, such provision shall be modified to the minimum extent necessary to make it valid and enforceable, or if modification is not possible, shall be severed from this Privacy Policy. The remaining provisions shall continue in full force and effect.

21. Entire Agreement

This Privacy Policy, together with our Terms of Service and any other policies referenced herein, constitutes the entire agreement between you and Technocrat Services Ltd with respect to the subject matter hereof and supersedes all prior or contemporaneous communications, representations, or agreements, whether oral or written, relating to the same.

22. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our processing of your personal data, please contact us:

We will endeavour to respond to all legitimate requests within one month. Occasionally it may take longer if your request is particularly complex or if you have made a number of requests, in which case we will notify you and keep you informed of progress.