Evidentful
Open navigation menu

Legal

Privacy Policy

How Evidentful Limited collects, uses, and protects personal data in accordance with UK GDPR and the Data Protection Act 2018.

Last updated: 15 June 2026

Introduction

Evidentful Limited ("we", "us", "our") is committed to protecting your personal data. This policy explains how we collect, use, store, and share personal data when you visit this website, contact us, or use our services.

This policy applies to website visitors, prospective customers, and force personnel who interact with Evidentful in a business capacity. Where we process witness data on behalf of a police force, that force is typically the data controller and we act as a processor under a separate data processing agreement.

Who we are

Evidentful Limited is the data controller for personal data collected via this website and for business enquiries. For data protection queries, contact [email protected].

What personal data we collect

We collect personal information you provide directly to us, including via contact forms, demo requests, security review enquiries, and correspondence. This may include your name, work email address, phone number, organisation, role, and the content of your message.

We may collect limited technical information when you use this website, such as browser type, device information, and pages visited. We use this to maintain security and improve the site.

How we use your personal data

We use your personal data to:

  • Respond to your enquiries and provide information about our services
  • Arrange demonstrations, pilots, and security reviews
  • Manage contractual relationships with police forces and partners
  • Improve and develop our products and services
  • Comply with our legal obligations
  • Protect and enforce our legal rights

Legal basis for processing

We process your personal data on the following bases under UK GDPR:

  • Contract performance (Article 6(1)(b)) — where processing is necessary to provide our services or take steps at your request before entering a contract
  • Legitimate interests (Article 6(1)(f)) — for example, responding to enquiries, maintaining website security, and improving our services, where those interests are not overridden by your rights
  • Legal obligation (Article 6(1)(c)) — where required by law
  • Consent (Article 6(1)(a)) — where we have asked for and received your consent

Data storage, retention, and security

Personal data relating to our services is stored in secure UK data centres (Azure UK South / UK West). We take appropriate technical and organisational measures to protect data against unauthorised access, loss, or misuse, including encryption in transit and at rest.

We retain personal data only for as long as necessary for the purposes described in this policy, to meet contractual obligations, or to comply with legal requirements. Enquiry data is typically retained for up to 24 months unless a longer period is required for an active evaluation or contract.

While we take reasonable steps to maintain secure connections, if you provide personal data over the internet, the provision of that information is at your own risk.

Sharing your personal data

We do not sell your personal data. We may share it with:

  • Service providers (subprocessors) who support our operations, under appropriate data processing agreements and UK data residency requirements where applicable
  • Professional advisers where reasonably required
  • Regulators, law enforcement, or other authorities where required by law
  • Any person authorised by you

Subprocessors

We use carefully selected subprocessors to host infrastructure, provide authentication, and support service delivery. A current subprocessor list, including purpose and location, is available on request and through our Trust Centre for force evaluation.

We require subprocessors to meet appropriate security and confidentiality standards and to process personal data only on our documented instructions.

International transfers

Evidentful is designed so that witness and force operational data is stored and processed within the United Kingdom. Where limited business contact data is processed by a subprocessor outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR.

Your rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Request erasure of your data in certain circumstances
  • Restrict or object to processing in certain circumstances
  • Data portability where applicable
  • Withdraw consent at any time (where processing is based on consent)
  • Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk

Cookies

This website uses essential cookies to support basic functionality and security. For more detail, see our

Cookie Policy.

Changes to this policy

We may update this policy by publishing a revised version on this website. Material changes will be reflected in the "Last updated" date at the top of the page.

Contact us

For questions about this policy or to exercise your rights, contact [email protected].