Skip to content

Legal

Introduction

BEAQUA LTD (‘we’, ‘us’, ‘Beaqua’) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect personal data. It applies to:

  • Visitors to our website at m31g.com.
  • Prospects and customers who provide their details via email, contact form, or sales enquiry.
  • Customers using the Beaqua Service.

We act as a data controller for personal data collected from the website and prospects. When you use Beaqua to process documents containing personal data, we act as a data processor under the Data Processing Addendum at /legal/dpa.

What personal data we collect

From website visitors and prospects

When you visit m31g.com or contact us, we may collect:

  • Your name, email address, company, and job title.
  • Your message content if you submit a contact form.
  • Your IP address, browser type, and pages visited (via web server logs).
  • Cookies and similar technologies (see /legal/cookies for detail).

From customers using the Service

When you sign up for Beaqua, we collect:

  • Account details: email, name, password hash, company name, and account tier.
  • Billing details: VAT number, billing address, payment method (processed securely by Stripe).
  • Usage data: features you use, documents you process, and frequency of access.
  • Communications: support tickets, feedback, and messages sent via in-app chat.

Personal data within uploaded documents

When you upload documents to Beaqua, we process any personal data contained within them (names, email addresses, identification numbers, financial information, health data, etc.) only as your data processor. See the DPA at /legal/dpa for how we handle this data.

How we use personal data

Website visitors and prospects

  • Responding to enquiries: We use your email and message to respond to your contact form or sales enquiry. Lawful basis: legitimate interest and, for marketing, your consent.
  • Product improvement: We anonymise and aggregate usage data to understand user behaviour and improve the website. Lawful basis: legitimate interest.
  • Marketing communications: If you opt in, we send emails about Beaqua updates, features, and document-intelligence insights. Lawful basis: consent. You can unsubscribe at any time.

Customers

  • Providing the Service: We use account and usage data to deliver Beaqua, manage your subscription, and support you. Lawful basis: contract performance.
  • Billing: We process billing details to invoice you and handle payments. Lawful basis: contract performance.
  • Security and fraud prevention: We monitor account activity for unauthorised access and fraud. Lawful basis: legitimate interest.
  • Product improvement: We analyse usage patterns (anonymised) to identify feature requests and usability improvements. Lawful basis: legitimate interest.

Cookies and analytics

Our website uses minimal cookies. See /legal/cookies for the full cookie policy. In brief:

  • We use one cookie for strictly necessary functionality (contact form CSRF protection).
  • We do not use third-party analytics or marketing cookies.
  • We honour Do Not Track signals from your browser.

Sharing and disclosure

We do not sell personal data. We do share data with:

  • Subprocessors: When you use Beaqua, your data may be processed by:
    • AWS (cloud hosting, default region: EU-Frankfurt; UK-only available on Enterprise).
    • Cloudflare (CDN and DDoS protection).
    • Resend (email delivery).
    • Stripe (payment processing).
    • Sentry (error logging and monitoring; logs contain metadata, not document content).
  • Legal obligations: We may disclose data if required by court order, law enforcement request, or regulatory authority (ICO, etc.). We will attempt to notify you unless prohibited by law.
  • Professional advisors: Your data may be shared with our solicitors, accountants, or auditors as needed (under confidentiality obligations).

Data residency

Your account and usage data is stored in the EU (AWS Frankfurt region) by default. For Enterprise customers, UK-only storage and processing is available on request.

When we use subprocessors, data may transit through other regions. We rely on UK IDTA and EU Standard Contractual Clauses to ensure lawful international transfers.

Uploaded documents are stored in the region you select at account creation. No document is used for AI model training or improvement.

Data retention

  • Marketing enquiries: If you contact us but do not become a customer, we retain your details for 24 months. If you reply to a message within that period, the clock resets.
  • Customer account data: We retain account, usage, and billing data for the term of your subscription plus 60 days. During that period, you can request deletion.
  • Uploaded documents: We retain documents only as instructed by you. You can request deletion of documents at any time via the Service or by contacting us; we will delete them within 30 days.
  • Billing records: We retain invoices and payment records for 6 years (UK tax and company law requirement).
  • Support tickets: We retain support conversations for 12 months from resolution, then delete unless you request retention.

Your rights under UK GDPR

You have the following rights:

  • Access: You can ask for a copy of your personal data we hold. We will provide it within 30 days (or 60 days in complex cases).
  • Rectification: You can ask us to correct inaccurate data.
  • Erasure: You can request deletion of your data, subject to legal obligations (e.g., billing records).
  • Restriction: You can ask us to restrict processing (e.g., during a dispute).
  • Portability: You can ask for your data in a portable format (e.g., CSV).
  • Object: You can object to processing for marketing purposes; we will stop immediately.

To exercise any of these rights, contact us at contact@m31g.com.

Security

We implement reasonable technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include:

  • Encryption of data in transit (TLS 1.2 or higher) and at rest.
  • Role-based access controls for staff who handle data.
  • Regular security audits and penetration testing.
  • Incident response procedures.

However, no security is absolute. See our Security page for more detail on our security practices and incident reporting procedures.

International transfers

UK GDPR allows certain transfers outside the UK/EEA only where adequate safeguards exist. We rely on:

  • UK IDTA (International Data Transfer Agreement) — for transfers to countries without adequacy decisions.
  • EU Standard Contractual Clauses — for transfers within the scope of EU GDPR.

You can request a copy of these transfer mechanisms at contact@m31g.com.

Children

Beaqua is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

Changes to this policy

We may update this Privacy Policy at any time. If the change is material, we will notify you by email at least 30 days before the change takes effect. Your continued use of our website or Service after the notice period constitutes acceptance of the updated policy.

Contact and complaints

If you have questions about this Privacy Policy or our privacy practices, contact us at contact@m31g.com.

If you are unhappy with how we have handled your personal data, you can lodge a complaint with the Information Commissioner’s Office (ICO):

  • Website: www.ico.org.uk
  • Phone: 0303 123 1113
  • Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Questions about this document? Email contact@m31g.com.

BEAQUA LTD · 12 Orchard Way, Kings Sutton, Banbury, England, OX17 3PZ · Registered in England & Wales.