Vendrpulse
Get Your First Report

Privacy Policy

Version 0.1·Last updated 3 June 2026

Draft, not yet legally reviewed. This document is a working template prepared for Ziplake Limited. It has not been reviewed by a solicitor and is not legal advice. The published version will be signed off by qualified UK counsel before it becomes binding.

This Privacy Policy explains how Ziplake Limited, trading as Vendrpulse, collects and uses personal data. We are the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

Ziplake Limited (company number 13208965) is registered in England and Wales. Our registered office is at The Workspace Boarding School Yard, 90 Marygate, Berwick-Upon-Tweed, Northumberland, TD15 1BN. You can reach our data team at privacy@vendrpulse.co.uk.

2. What this policy covers

This policy covers personal data we collect when you visit the Vendrpulse website, place an order for a report, send us an email, or interact with us in any other way as a customer or prospective customer.

It also explains the limited circumstances in which our reports may contain personal data about other individuals (typically company directors), and how we handle that data.

3. What personal data we collect

We collect the following categories of personal data:

  • Order data you give us: your name, work email address, the name of the company you work for, and (optionally) the contract value band relevant to the report.
  • Payment data from Stripe: Stripe acts as the payment processor. We receive a confirmation of payment, the last four digits of the card, the card brand and country, and a Stripe customer reference. We do not receive or store full card details.
  • Correspondence: any emails or messages you send us, and our replies.
  • Technical data: standard server logs, including IP address, user agent, request path and timestamp, retained for 30 days for security and debugging.
  • Subject Company data: in the course of preparing a report we gather information from Companies House and similar public registries about the company you have asked us to assess. This may include the names of directors and persons with significant control, which is personal data about those individuals.

4. Why we use it and the lawful basis

We use personal data for the following purposes:

  • To take your order, deliver your report, and provide customer support. Lawful basis: performance of a contract.
  • To send you transactional emails (order confirmation, delivery, refund notification). Lawful basis: performance of a contract.
  • To comply with our legal and tax obligations, including keeping records for HMRC. Lawful basis: legal obligation.
  • To prepare and deliver reports that include information from public registries about a Subject Company and its directors. Lawful basis: legitimate interests, namely the legitimate interests of our Customer in assessing counterparties and our own legitimate interest in providing the service. We have considered the interests, rights and freedoms of the individuals concerned and concluded that processing limited, publicly filed information for these purposes is proportionate.
  • To keep our service secure and detect misuse. Lawful basis: legitimate interests.

We do not currently use personal data for marketing without your explicit consent. If we introduce a marketing list in future, you will be asked to opt in and may opt out at any time.

5. Special category data

We do not knowingly collect or process special category data (such as health, race, religion, or political opinions). Please do not share such information with us in correspondence.

6. Cookies and similar technologies

We use two categories of cookies and similar technologies:

  • Strictly necessary cookies — for example, to maintain a session while you place an order, and to remember your cookie preferences. These do not require consent under the Privacy and Electronic Communications Regulations.
  • Analytics cookies (with your consent)— we use Google Analytics 4 to understand how visitors use the site so we can improve it. Google Analytics 4 does not collect IP addresses for storage. We have configured the integration with Google Consent Mode v2, so no analytics cookies are set unless you have selected "Accept analytics" in our cookie banner. You can change your choice at any time via the "Cookie preferences" link in the footer.

We also use Vercel Analytics, which is a cookieless, aggregated measurement service provided by our hosting provider Vercel. It records anonymised page-view counts and does not set cookies or fingerprint individual visitors. As such, it relies on our legitimate interests rather than consent.

We do not use any advertising or cross-site tracking cookies.

7. Who we share data with

We share personal data only with the following categories of recipient:

  • Service providers who help us run the service, under written processor terms: Vercel (website hosting and cookieless analytics), Google (Google Analytics 4, where you have given consent), Stripe (payments), our email delivery provider (transactional email), and Companies House (as a data source).
  • Professional advisers (accountants, auditors, lawyers) where necessary and under a duty of confidence.
  • Authorities where we are required to do so by law, by a court order, or by a regulator.

We do not sell personal data and we do not share it for advertising purposes.

8. International transfers

Most of our processing takes place in the United Kingdom or the European Economic Area. Where a service provider transfers personal data outside these regions (for example, certain Vercel infrastructure in the United States), the transfer is protected by the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or an applicable adequacy decision.

9. How long we keep data

  • Order records (including invoice data): 6 full financial years after the end of the financial year in which the order was placed, to comply with HMRC requirements.
  • Delivered reports and the data used to compile them: 5 years from delivery.
  • Customer correspondence: 3 years from the last interaction.
  • Server logs and technical telemetry: 30 days.
  • Google Analytics 4 data: 2 months (the minimum permitted by Google).
  • Vercel Analytics page-view counts: aggregated and retained per Vercel's data retention defaults.
  • If you ask us to delete your account or your data, we will do so to the extent we are not required to retain it by law.

10. Your rights

Under UK GDPR you have the following rights:

  • the right to be informed about our processing (this policy);
  • the right of access to a copy of your personal data;
  • the right to rectification of inaccurate data;
  • the right to erasure in certain circumstances;
  • the right to restrict processing in certain circumstances;
  • the right to data portability for data we hold under a contract or consent;
  • the right to object to processing carried out on the basis of legitimate interests;
  • the right to withdraw consent at any time where consent is the lawful basis;
  • the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects.

To exercise any of these rights, email privacy@vendrpulse.co.uk. We will respond within one calendar month.

11. Complaints

If you are unhappy with how we have handled your personal data, please contact us first so we have an opportunity to put things right. You also have the right to complain to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection, at ico.org.uk.

12. Children

Vendrpulse is a B2B service. It is not directed at children, and we do not knowingly collect personal data from anyone under 18.

13. Changes to this policy

We may update this Privacy Policy from time to time. The current version, with the version number and last updated date, will always be published at this page. Material changes will be communicated by email to current customers.

Questions about this document? Email legal@vendrpulse.co.uk.