This Privacy Policy explains how Vitilage Ltd collects, uses, stores, and protects your personal data. We are committed to transparency and to handling your information responsibly.
Last Updated: January 15, 2026
Vitilage Ltd ("Vitilage," "we," "us," or "our") is the data controller responsible for the personal data collected through our website at www.vitilage.com and our AI-powered financial intelligence platform. We are a company registered in England and Wales with our registered office at 14 Appold Street, London, EC2A 2HE, United Kingdom.
This Privacy Policy applies to all individuals who visit our website, request product demonstrations, subscribe to our communications, or use our platform services. It describes the types of personal data we collect, the purposes for which we process that data, the legal bases we rely on under the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR), and the rights you have regarding your personal information.
We take your privacy seriously and have implemented appropriate technical and organisational measures to protect your personal data. We encourage you to read this policy carefully. If you have any questions or concerns about how we handle your data, please reach out to us using the contact details provided at the end of this document.
By accessing our website or using our services, you acknowledge that you have read and understood this Privacy Policy. Where we require your consent for specific processing activities, we will request it separately and clearly at the point of data collection.
We collect several categories of personal data depending on how you interact with our website and services. Below is a detailed breakdown of the information we may gather:
We collect personal data through the following methods and channels:
Website Forms: When you complete a demo request form, contact form, or newsletter subscription form on our website, we collect the information you enter into those fields. All forms clearly indicate which fields are required and which are optional.
Cookies and Tracking Technologies: Our website uses cookies, web beacons, and similar technologies to collect technical and usage data automatically as you browse. We use Google Analytics for website traffic analysis and may deploy the Meta Pixel if you arrive at our site through a Meta advertising campaign. Both tools are configured to minimise the collection of personally identifiable information, and IP addresses are anonymised where technically feasible.
Server Logs: Our web servers automatically record standard log entries, which include your IP address, the requested URL, the HTTP status code, the referrer URL, and the user agent string of your browser. These logs are maintained for security monitoring and troubleshooting purposes.
Email Communications: When you correspond with us via email, we retain the contents of those communications along with your email address and any metadata attached to the messages. If we send you marketing emails (with your prior consent), we may track whether you open them and which links you click to measure the effectiveness of our communications.
Platform Usage: If you become a registered user of our platform, we collect data about how you use the service, including the features you access, the queries you run, the alerts you configure, and the reports you generate. This data is used to improve the platform experience and to provide you with relevant support.
Under the UK GDPR and EU GDPR, we must have a lawful basis for processing your personal data. We rely on the following legal bases as set out in Article 6 of the GDPR:
We rely on your explicit consent when sending you marketing communications such as newsletters, product updates, or event invitations. You may withdraw your consent at any time by clicking the unsubscribe link in any marketing email or by contacting us directly. Withdrawing consent does not affect the lawfulness of processing that occurred before you withdrew it.
When you sign up for a demo, request access to our platform, or enter into a service agreement with us, we process your personal data as necessary to fulfil our contractual obligations. This includes creating your account, providing access to the platform, delivering the services described in your agreement, and communicating with you about your subscription.
We process certain data based on our legitimate business interests, provided those interests do not override your fundamental rights and freedoms. Our legitimate interests include: improving and optimising our website and platform performance; understanding how users interact with our services through analytics; detecting and preventing security threats, fraud, or abuse; maintaining internal records and administering our business operations; and responding to enquiries submitted through our website.
In some cases, we are required to process your data to comply with legal or regulatory obligations, such as maintaining financial records for tax purposes, responding to lawful requests from law enforcement or regulatory authorities, or fulfilling our obligations under anti-money laundering regulations applicable to financial technology providers.
We use the personal data we collect for the following specific purposes:
We do not use your personal data for automated decision-making or profiling that produces legal effects or similarly significantly affects you. Our AI algorithms analyse market data, not personal data about our users.
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Below are our specific retention periods for each category of data:
| Data Category | Retention Period |
|---|---|
| Contact form submissions | 2 years from the date of submission |
| Demo request data | 2 years from the date of the request |
| Platform account data | Duration of the service agreement plus 3 years |
| Marketing consent records | Until consent is withdrawn, plus 6 months for record-keeping |
| Server logs | 90 days |
| Analytics cookies | 13 months from the date they are set |
| Billing and invoicing records | 7 years (as required by UK tax law) |
| Email correspondence | 3 years from the last communication |
When your data reaches the end of its retention period, we securely delete or anonymise it so that it can no longer be associated with you. In cases where deletion is not immediately possible due to technical constraints (such as data in backup archives), we ensure the data is isolated and protected from further processing until deletion can be completed.
We do not sell, rent, or trade your personal data to third parties. We share your data only with the following categories of recipients, each of whom is bound by contractual obligations to protect the confidentiality and security of your information:
All third-party processors we engage are vetted for their data protection practices and are required to enter into Data Processing Agreements (DPAs) that comply with the requirements of the UK GDPR and EU GDPR.
Our primary data storage and processing facilities are located within the United Kingdom and the European Economic Area (EEA). However, some of the third-party service providers we use may process data in countries outside the UK and EEA, including the United States.
Where personal data is transferred outside of the UK or EEA, we ensure that appropriate safeguards are in place to protect your data in accordance with applicable data protection law. These safeguards include:
You may request a copy of the specific safeguards we use for international transfers by contacting us at the details provided in Section 13 of this policy.
Under the UK GDPR and EU GDPR, you have the following rights regarding your personal data. These rights are not absolute and may be subject to certain conditions and exemptions as defined by applicable law:
You have the right to request a copy of the personal data we hold about you, together with information about how and why we process it. We will provide this information free of charge within one calendar month of receiving your request.
If any of the personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it without undue delay.
You have the right to request that we delete your personal data in certain circumstances, including where the data is no longer necessary for the purposes for which it was collected, where you withdraw consent, or where the data has been unlawfully processed.
You may request that we restrict the processing of your personal data in certain situations, such as when you contest the accuracy of the data or when you have objected to processing pending verification of our legitimate grounds.
Where we process your data based on consent or contract performance, you have the right to receive the data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
You have the right to object to the processing of your personal data where we rely on legitimate interest as the legal basis. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
Where processing is based on your consent, you have the right to withdraw that consent at any time. You can do this by clicking the unsubscribe link in marketing emails or by contacting us directly.
How to exercise your rights: To exercise any of the above rights, please contact us at [email protected] or write to us at the postal address listed in Section 13. We will respond to your request within one calendar month. If your request is complex or we receive a high volume of requests, we may extend this period by a further two months, in which case we will notify you of the extension and the reasons for it.
Right to lodge a complaint: If you are not satisfied with how we have handled your personal data or your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection. The ICO can be contacted at ico.org.uk or by telephone at 0303 123 1113. If you are located in the EEA, you may also contact your local Data Protection Authority.
Our website and services are designed for professionals working in the financial industry and are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16 years of age.
If we become aware that we have inadvertently collected personal data from a child under 16, we will take immediate steps to delete that data from our systems. If you are a parent or guardian and believe that your child has provided personal data to us, please contact us at [email protected] so that we can take appropriate action.
We may update this Privacy Policy from time to time to reflect changes in our data processing practices, legal requirements, or business operations. When we make material changes to this policy, we will notify you by posting the updated version on this page with a new "Last Updated" date.
For significant changes that materially affect your rights or how we process your data, we will also provide additional notice, such as an email notification to registered users or a prominent banner on our website. We encourage you to review this page periodically to stay informed about our data protection practices.
The current version of this policy has been in effect since January 15, 2026.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please do not hesitate to contact us through any of the following channels:
Data Controller
Vitilage Ltd
Registered Address
14 Appold Street, London, EC2A 2HE, United Kingdom
Privacy Enquiries
General Enquiries
Telephone
Supervisory Authority
Information Commissioner's Office (ICO)
ico.org.uk | 0303 123 1113
We aim to respond to all privacy-related enquiries within five business days and to resolve formal data subject requests within one calendar month, as required by the UK GDPR.