GDPR Compliance

Last updated: April 2026

This page explains how Uptrue complies with the General Data Protection Regulation (GDPR) and the UK GDPR. It supplements our Privacy Policy and provides specific information about your rights under data protection law.

1. Data Controller

The data controller for personal data processed through the Uptrue platform is:

• Company: Vision Software Solutions Limited
• Company Number: 02710980
• Registered Address: C/O Benison Solvers Limited, 1000 Great West Road, Brentford, United Kingdom, TW8 9DW

2. Data Protection Contact

For all data protection enquiries, you can contact us at:

• Email: privacy@uptrue.io
• Post: Data Protection, Vision Software Solutions Limited, C/O Benison Solvers Limited, 1000 Great West Road, Brentford, United Kingdom, TW8 9DW

3. Legal Basis for Processing

We process personal data under one or more of the following legal bases:

• Consent: Where you have given explicit consent for us to process your data for a specific purpose (e.g., marketing emails, cookie preferences). You may withdraw consent at any time.
• Contract: Where processing is necessary to perform our contract with you (e.g., providing the monitoring service, processing payments, sending alert notifications).
• Legitimate Interest: Where processing is necessary for our legitimate business interests, provided those interests do not override your fundamental rights (e.g., fraud prevention, platform security, service improvement, analytics).
• Legal Obligation: Where processing is necessary to comply with a legal obligation (e.g., tax records, law enforcement requests).

4. Your Rights Under GDPR

Under the GDPR and UK GDPR, you have the following rights regarding your personal data:

• Right of Access: You have the right to obtain confirmation of whether we process your personal data and to request a copy of that data.
• Right to Rectification: You have the right to request correction of inaccurate personal data or completion of incomplete data.
• Right to Erasure: You have the right to request deletion of your personal data where there is no compelling reason for its continued processing.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format (JSON or CSV).
• Right to Restriction: You have the right to request that we restrict processing of your data in certain circumstances.
• Right to Object: You have the right to object to processing based on legitimate interests or for direct marketing purposes.
• Rights Related to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. Uptrue does not currently make automated decisions of this nature.

5. How to Exercise Your Rights

You can exercise your data rights in two ways:

• In-dashboard: Use the data export and account deletion features in your Account Settings to download your data or request deletion directly.
• By email: Send your request to privacy@uptrue.io. We will verify your identity before processing any request.

We will respond to all valid requests within 30 days. In complex cases, we may extend this by a further 60 days, but we will inform you of any extension and the reason for it within the initial 30-day period.

6. Data Location

All customer data is stored in the European Union. Our primary database is hosted by Supabase in the Frankfurt (eu-central-1) region. This ensures your data remains within the EU/EEA at all times during normal operation.

7. Sub-processors

We use a limited number of third-party sub-processors to deliver the Uptrue service. Each sub-processor has been assessed for GDPR compliance and is bound by appropriate data processing agreements. For a full list of our sub-processors, please refer to our Data Processing Agreement.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Account data: Retained for the duration of your account plus 30 days after deletion to allow for recovery.
• Monitoring data (check results, incidents): Retained according to your plan (typically 90 days for free plans, 1 year for paid plans).
• Billing records: Retained for 7 years to comply with UK tax and accounting obligations.
• Audit logs: Retained for 1 year.
• Marketing consent records: Retained for the duration of consent plus 3 years.

9. Cookies

We use cookies and similar technologies as described in our Cookie Policy. You can manage your cookie preferences at any time using the cookie consent banner or your browser settings.

10. International Data Transfers

Where data is transferred outside the EU/EEA (for example, to service providers in the United States), we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Additional technical and organisational measures to protect your data during transfer

11. Right to Complain

If you believe your data protection rights have been infringed, you have the right to lodge a complaint with your local supervisory authority:

• United Kingdom: Information Commissioner's Office (ICO) — ico.org.uk
• European Union: Your relevant national Data Protection Authority. A list is available at edpb.europa.eu

We encourage you to contact us first at privacy@uptrue.io so that we can attempt to resolve your concern before you escalate to a supervisory authority.

12. Changes to This Policy

We may update this GDPR compliance page from time to time. Material changes will be communicated via email or a notice on the Service at least 30 days before taking effect. The "last updated" date at the top of this page indicates the most recent revision.