Who We Are and What This Covers

CortexSparkFlow operates from 7th Group Scout Hut, Watsons Green Rd, Dudley DY2 7LH, United Kingdom. We focus on mobile platform game development, which means we work with clients, partners, and users across different projects. This policy explains how we collect and use personal information in all those interactions.

When we say "personal data," we mean any information that can identify you as an individual. That could be your name, email address, phone number, or even your IP address when you browse our site. Under UK data protection law (specifically the UK GDPR and Data Protection Act 2018), we're what's called a "data controller" for the information we collect.

Information We Collect

Different situations mean different types of data. Here's what we typically gather and why:

Information You Give Us Directly

This happens when you fill out forms on our website, send us emails, or talk with us about potential projects. You might share:

• Your name and job title
• Email address and phone number
• Company name and business information
• Project details and requirements when you're discussing work with us
• Payment information if we're working together (though we don't store full card details ourselves)

Information We Collect Automatically

Like most websites, ours collects some technical information when you visit. Nothing invasive, just the basics that help us keep things running smoothly:

• Your IP address and general location (city level, not your exact address)
• Browser type and device information
• Pages you visit on our site and how long you spend there
• Referring website if you clicked through from somewhere else
• Date and time stamps of your visits

Information from Other Sources

Sometimes we receive information about you from other places. For example, if you connect with us through LinkedIn or another professional network, we might see your public profile information. Or if you work for a company that's our client, they might provide your contact details so we can coordinate on a project.

How We Use Your Information

We're not in the business of collecting data for the sake of it. Everything we gather serves a specific purpose. Here's what we actually do with your information:

Who We Share Your Data With

We don't hand your information out freely, but sometimes we need to share it with specific parties to provide our services properly:

Service Providers

We work with other companies that help us run our business. These might include hosting providers for our website, email services, payment processors, and project management tools. They only get access to the information they need to do their specific job, and they're contractually required to keep it secure.

Professional Advisors

Our lawyers, accountants, and other professional advisors sometimes need to see client information. This happens when we need legal advice about a contract or when our accountants are preparing financial statements.

Legal Requirements

If we're legally required to disclose information (like responding to a valid court order), we will. We'd prefer not to, but sometimes the law demands it. We'll always verify that any such request is legitimate before handing over data.

Business Transfers

If CortexSparkFlow is acquired by another company or merges with one, your information would likely transfer as part of that transaction. We'd let you know if this happens and explain any changes to how your data is handled.

International Data Transfers

We're based in the United Kingdom, and we try to keep your data within the UK and European Economic Area when possible. However, some of our service providers operate servers in other countries. When your data does travel internationally, we make sure appropriate safeguards are in place.

This usually means using providers who comply with recognized data protection frameworks or signing standard contractual clauses approved by UK authorities. The goal is simple: your information should have the same level of protection wherever it goes.

How We Protect Your Information

Security isn't just a checkbox for us. We've implemented several measures to keep your data safe:

• Our website uses SSL encryption for all data transmission
• We restrict access to personal information on a need-to-know basis within our team
• Regular security updates and patches for all systems we use
• Secure password policies and multi-factor authentication where available
• Regular backups stored securely and encrypted
• Clear procedures for handling and reporting any potential data breaches

That said, no system is completely impenetrable. We do everything reasonable to protect your information, but we can't guarantee absolute security. If you notice anything suspicious, let us know immediately.

How Long We Keep Your Data

We don't keep information longer than necessary. But "necessary" depends on the context:

• Active client data: We keep this for the duration of our working relationship plus a reasonable period afterwards to handle any follow-up questions or support needs
• Financial records: UK law requires us to keep these for at least six years after the end of the relevant accounting period
• General enquiries: If you contacted us but didn't become a client, we'll typically keep your information for up to two years in case you want to reconnect
• Marketing contacts: We keep these until you unsubscribe or until it's clear you're no longer interested (usually after three years of no engagement)
• Website analytics: Usually retained for 26 months and then automatically deleted

When we no longer need your information, we don't just delete the file and call it done. We securely erase or destroy the data so it can't be recovered or reconstructed.

Your Rights and How to Use Them

UK data protection law gives you several rights regarding your personal information. Here's what you can do and how to actually do it:

Right to Access Your Information

You can ask us for a copy of the personal data we hold about you. This is called a "subject access request." We'll provide this free of charge, usually within one month. Just send us an email at support@cortexsparkflow.com with your request, and include enough information so we can verify your identity.

Right to Correction

If information we hold about you is wrong or incomplete, you can ask us to fix it. We'll do this promptly once we've verified the correct information.

Right to Deletion

Sometimes called the "right to be forgotten," this lets you ask us to delete your personal data. We'll comply unless we have a legitimate reason to keep it (like an ongoing contract or legal requirement to retain financial records).

Right to Restrict Processing

You can ask us to pause how we use your data in certain situations. For example, if you're challenging the accuracy of information or questioning whether we really need it.

Right to Data Portability

For data you've provided to us directly, you can ask for a copy in a commonly used electronic format. You can then transfer this to another service provider if you want.

Right to Object

You can object to us processing your data for certain purposes, particularly marketing. We'll stop unless we have compelling legitimate grounds to continue.

Rights Related to Automated Decision-Making

We don't use automated systems to make significant decisions about you without human involvement. But if we ever did, you'd have the right to challenge those decisions.

Cookies and Similar Technologies

Our website uses cookies, which are small text files stored on your device. They help us understand how people use our site and remember your preferences.

We use essential cookies that are necessary for the website to function properly. These don't require your consent because they're fundamental to providing the service you're requesting.

We also use analytics cookies to understand traffic patterns and improve our site. These are optional, and you can control them through your browser settings. Most browsers let you refuse cookies or alert you when websites try to place them.

Blocking cookies might affect your experience on our site, but core functionality should still work fine.

Children's Privacy

Our services are aimed at businesses and professionals, not children. We don't knowingly collect information from anyone under 16. If you're a parent and believe your child has provided us with personal information, please contact us so we can delete it.

Changes to This Policy

We'll update this policy occasionally to reflect changes in our practices or legal requirements. When we make significant changes, we'll let you know through our website or by email if we have your contact details.

The date at the top of this policy shows when it was last updated. We'd recommend checking back periodically, especially if you haven't visited in a while.

Third-Party Links

Our website might contain links to other sites that we find useful or relevant. Once you click through to another site, this privacy policy no longer applies. We're not responsible for their privacy practices, so have a look at their policies before sharing personal information there.