Privacy Policy

Last updated: March 2026

1. Overview

We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you visit our website (documenti.co.uk) and use our services. Documenti is a trading name of Apavai Ltd, registered in England & Wales (Company No. 17036797), with its registered office at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ. Apavai Ltd is the data controller for the personal data collected through this website.

This policy is compliant with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What Data We Collect

We may collect the following types of personal data:

Information you provide

Email address: When you join our waitlist through the signup form.
Name: If provided when joining the waitlist or contacting us.
Correspondence: Any information you provide when you contact us via email.

Information collected automatically

Usage data: Pages visited, time spent on pages, referral source, and browser type (collected via Google Analytics).
Device information: Device type, operating system, and screen resolution.
IP address: Collected by Google Analytics (anonymised by default).
Cookies: See our Cookie Policy for full details.

3. How We Use Your Data

We use your personal data for the following purposes:

To manage your waitlist signup and send you updates about Documenti's launch and availability.
To understand how visitors use our website so we can improve it.
To respond to enquiries or correspondence you send us.
To comply with legal obligations.

4. Legal Basis for Processing

Under the UK GDPR, we rely on the following legal bases:

Consent: When you submit your email to join the waitlist, you consent to receiving communications from us. You can withdraw this consent at any time by unsubscribing.
Legitimate interests: We use analytics data to understand website usage and improve our services. This is balanced against your privacy rights.
Legal obligation: Where we need to process your data to comply with a legal requirement.

5. Who We Share Your Data With

We do not sell your personal data to third parties. We share data only with the following service providers who process data on our behalf:

Mailchimp (Intuit Inc.): To manage our email waitlist and send communications. Mailchimp's servers are located in the United States. Data transfers are protected by Standard Contractual Clauses. Mailchimp Privacy Policy.
Google Analytics (Google LLC): To analyse website traffic. IP addresses are anonymised. Data may be processed in the United States under Standard Contractual Clauses. Google Privacy Policy.
Google Cloud Platform: Our website is hosted on Google Cloud Run in the europe-west1 region (Belgium).

6. Data Retention

We retain your personal data only for as long as necessary:

Waitlist email addresses: Retained until you unsubscribe, or until the waitlist is no longer active.
Analytics data: Google Analytics data is retained for 14 months, after which it is automatically deleted.
Correspondence: Retained for up to 2 years for reference purposes, unless a longer retention period is required by law.

7. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

Right of access: You can request a copy of the personal data we hold about you.
Right to rectification: You can ask us to correct any inaccurate data.
Right to erasure: You can ask us to delete your personal data.
Right to restrict processing: You can ask us to limit how we use your data.
Right to data portability: You can request your data in a machine-readable format.
Right to object: You can object to processing based on legitimate interests.
Right to withdraw consent: Where we rely on consent, you can withdraw it at any time.

To exercise any of these rights, please contact us. We will respond within one month.

8. Data Security

We take appropriate technical and organisational measures to protect your personal data, including:

HTTPS encryption on all pages of our website.
Secure hosting on Google Cloud Platform with data stored in the EU.
Access controls limiting who can view personal data within our organisation.

No method of internet transmission or electronic storage is completely secure, but we strive to use commercially acceptable means to protect your data.

9. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

10. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.

11. Complaints

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office

Website: ico.org.uk

Helpline: 0303 123 1113

12. Contact Us

If you have any questions about this privacy policy or how we handle your data, please get in touch.