Draft — legal review pending This document has been prepared based on standard UK SaaS and UK GDPR patterns. It is not legal advice and has not yet been reviewed by a qualified solicitor. The content must be reviewed and amended before you rely on it.

Privacy policy

Last updated: 18 April 2026

Vallumio takes your privacy seriously. This policy explains what personal data we collect, why we collect it, how we use it, and your rights under UK GDPR.

1. Who we are

Vallumio is a managed WordPress hosting service operated from the United Kingdom. For the purposes of UK GDPR and the Data Protection Act 2018, we are the data controller in respect of the personal data we collect directly from visitors to vallumio.com.

For personal data relating to an agency's end clients, the agency is the data controller and Vallumio acts as data processor under a separate agreement.

You can contact us about this policy at hello@vallumio.com.

2. What personal data we collect

Contact form submissions

When you submit the contact form we collect the name, email address, optional company name, and the message you write. We also log the IP address the submission came from and the browser's User-Agent string for security and abuse prevention.

Cookies and technical data

We set a small number of strictly necessary cookies on this website — see our cookie policy. We do not use analytics cookies, advertising cookies, or any third-party tracking.

Account data (customers only)

If you sign up for a Vallumio account, we process additional information necessary for the contract — name, email address, billing address, VAT number where applicable, and payment information processed on our behalf by Stripe. This is covered in more detail in our customer-facing data processing terms.

3. Why we collect it (lawful bases)

  • Contact form enquiries — legitimate interests (replying to enquiries about our service).
  • Security logging (IP addresses, user agents) — legitimate interests (preventing abuse and securing the service).
  • Service delivery for customers — performance of a contract.
  • Legal compliance (tax records, accounting) — legal obligation.

4. Who we share data with

We share personal data only with service providers that are necessary to operate our service, under written data processing agreements:

  • Postmark — for sending transactional email (contact form confirmations, customer notifications).
  • DigitalOcean — for hosting the platform servers in the United Kingdom.
  • Cloudflare — for DNS and SSL certificate management.
  • Stripe — for payment processing (customers only).
  • Backblaze B2 — for encrypted off-site backups (customers only).

We do not sell personal data. We do not share personal data for advertising or marketing purposes.

5. How long we keep it

  • Contact form submissions — 24 months, then deleted.
  • Security and access logs — 30 days.
  • Encrypted backups — up to 90 days on our retention schedule.
  • Customer account and billing records — 6 years after the account closes (required for UK tax and accounting).

6. International transfers

Postmark and Backblaze B2 may process data outside the UK and EEA. Where this is the case, transfers are covered by the UK International Data Transfer Agreement or equivalent safeguards.

7. Your rights

Under UK GDPR you have the right to:

  • Be informed about our use of your personal data (this policy).
  • Access a copy of your personal data.
  • Have inaccurate data corrected.
  • Have your data erased, where applicable.
  • Restrict or object to our use of your data.
  • Receive your data in a portable format.
  • Withdraw consent where we rely on consent.
  • Complain to the Information Commissioner's Office (ico.org.uk).

To exercise any of these rights, email hello@vallumio.com. We aim to respond within one month.

8. Security

We take appropriate technical and organisational measures to protect personal data, including encryption at rest (AES-256 for backups), encryption in transit (TLS 1.2+ for all connections), isolated per-customer networks, and strict access controls on our platform.

9. Changes to this policy

We may update this policy as our service evolves. The "Last updated" date at the top reflects the most recent revision. For material changes that affect your rights, we will notify affected users by email.

10. Contact

Questions about this policy? Email hello@vallumio.com.