SuLe Privacy Policy

This privacy policy (version 2.0) was published on 24 February 2026.

This privacy policy relates to the collection and use of personal data by SuLe Hub Limited (hereinafter referred to as 'we', 'us', and 'our'), a company incorporated in England and Wales under company number 14829079, whose registered office address is at Capital Office, 124-128 City Road, London, United Kingdom, EC1V 2NX.

We operate the SuLe Hub platform and related services available via our websites, which include:

(a) the SuLe Founder Hub, a platform designed to support startup founders with company formation, compliance and operational tools; and

(b) the SuLe Venture Hub, an end-to-end venture capital automation platform used by law firms and VC departments to manage startup client matters, including investment workflows, shareholder management and cap table administration.

Our websites and services are routinely updated from time to time.

We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint. This privacy policy does not apply to any third party websites that may have links to our website. Please also refer to our terms and conditions and any applicable terms of engagement for further information on the services we provide and confidentiality.

We collect, use and are responsible for certain personal data about you. When we do so we are subject to UK data protection laws, including (but not limited to): (i) the UK GDPR (as defined below); (ii) the Data Protection Act 2018; (iii) the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426); and (iv) the Data (Use and Access) Act 2025 (together, the 'data protection laws').

Key terms

It would be helpful to start by explaining some key terms used in this privacy policy:

AI assistant means our AI-powered FAQ / support assistant made available on our websites or via the SuLe Founder Hub and/or the SuLe Venture Hub.

Data subject means the identified or identifiable living individual to whom personal data relates.

Our websites www.sule.io and www.sulehub.com.

LLM means a large language model which is a type of machine learning model designed to generate text in response to prompts.

LLM service providers means a third party provider that supplies LLM technology and processes queries on our behalf to generate AI assistant responses.

Personal data any information relating to an identified or identifiable living individual.

Special category personal data personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, Genetic data, Biometric data (where used for identification purposes), data concerning health, sex life, or sexual orientation.

SuLe Founder Hub means the SuLe Founder Hub, a platform designed to support startup founders with company formation, compliance and operational tools, as further described on our website.

SuLe Venture Hub means the SuLe Venture Hub, an end-to-end venture capital automation platform provided to law firms and VC departments (including on a white-label basis) to manage startup client matters, as further described on our website.

UK GDPR Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 (as supplemented by section 205(4) of the Data Protection Act 2018) and as further defined under section 66 of the Data (Use and Access) Act 2025.

Our role when we process personal data

For most of the personal data processing described in this privacy policy, we act as the data controller, meaning we determine the purposes and means of processing your personal data.

However, in respect of the SuLe Venture Hub, where we provide our platform to law firms and other professional services firms on a white-label or managed-service basis, we typically act as a data processor on behalf of the relevant law firm or professional services firm (who will be the data controller). In those circumstances, the law firm's own privacy policy will apply to the processing of your personal data through the Venture Hub, and any queries about how your personal data is used should be directed to that firm. We process such data strictly in accordance with our contractual obligations and the documented instructions of the relevant controller.

Where you interact with us directly (for example, by visiting our website, creating an account on the Founder Hub, or contacting us), we act as the data controller and this privacy policy applies in full.

Personal data we collect about you

The personal data we collect about you depends on the particular services we provide to you. We will collect and use the following personal data about you:

· your name and contact information, including email address and telephone number and company details;

· information to check and verify your identity, e.g. your date of birth (where relevant);

· your billing information, transaction and payment card information;

· your personal or professional interests;

· shareholder and investor information, including names, addresses, shareholding details, investment amounts and associated correspondence;

· cap table data, including details of share classes, equity allocations, option grants, vesting schedules and related corporate records;

· corporate and entity information, including details of directors, officers, persons with significant control (PSCs) and company formation or filing records;

· transaction and deal data, including information relating to investment rounds, due diligence materials and legal documentation managed through the platform;

· your professional online presence, e.g. LinkedIn profile;

· your contact history, purchase history and saved items;

· information about how you use our website, IT, communication and other systems;

· technical and log information, such as your IP address, device type, operating system, browser type/settings, time zone (where available), and timestamps relating to your use of our websites and platform;

· usage data, such as how you interact with features on our websites and platform, including pages or features you access and actions you take;

· AI interaction information, including messages/prompts you submit to the AI assistant and the AI assistant's responses/outputs;

· your responses to surveys, competitions and promotions; and

· details of the services you request from us and how you use our platform, including account details (such as your username) and any messages you submit to us (including through our AI-powered FAQ / support assistant).

We collect and use this personal data for the purposes described in the section 'How and why we use your personal data' below. If you do not provide personal data we ask for, it may delay or prevent us from providing services to you.

Children

Our websites and platform are not directed to, or intended for, children under 13. We do not knowingly collect personal data from children under 13. If you believe that a child has provided personal data to us, please contact us and we will take appropriate steps, which may include deleting the information.

How your personal data is collected

We collect most of this personal data directly from you, including in person, by telephone, text or email and/or via our websites and apps. However, we may also collect information:

· directly from a third party, including (but not limited to) business contacts, credit reference agencies, fraud prevention agencies, and publicly available sources;

· from a third party with your consent;

· via our IT systems, including automated monitoring of our websites and other technical systems such as computer networks, CCTV, door access and telephone records;

· through cookies on our website (please see our cookie policy for further details).

How and why we use personal data

Under data protection law, we can only use your personal data if we have a proper reason, e.g.:

· where you have given consent;

· to comply with our legal and regulatory obligations;

· for the performance of a contract with you or to take steps at your request before entering into a contract; or

· for our legitimate interests or those of a third party.

A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests to balance our interests against your own.

Our use of Artificial Intelligence (AI)

We use an AI-powered FAQ / support assistant (the "AI assistant") to help answer general, FAQ-style questions, provide product and platform information, and route support queries more efficiently.

How the AI assistant works (in plain English)

The AI assistant uses large language model ("LLM") technology. When you submit a question, the LLM generates a response by identifying patterns in language and predicting a helpful response based on (i) your prompt and (ii) relevant context we provide to it (for example, content from a curated internal knowledge base). The AI assistant is not a search engine or a database of facts, and responses may vary even for similar prompts.

Accuracy and limitations

The AI assistant is designed to provide general information only. Because the output is generated automatically, it may be incomplete, inaccurate, out of date, or not applicable to your circumstances. You should not rely on AI assistant output as professional advice (including legal advice) or as a substitute for consulting a qualified professional. Where the AI assistant output appears incorrect, please contact us so that we can assist and, where appropriate, improve our knowledge base and support experience.

No solely automated decision-making

The AI assistant is designed to provide informational guidance and support only. It does not make solely automated decisions that produce legal or similarly significant effects concerning you (as defined under Article 22 of the UK GDPR). Where any decision-making is required (for example, account, billing or compliance decisions), it is subject to appropriate human oversight.

What data is processed when you use the AI assistant

If you choose to use the AI assistant, we will process:

· the content of your message/prompt and any information you include in it (which may include personal data);

· the AI assistant's response; and

· limited technical and usage data (for example, timestamps, device/browser information, and identifiers needed to operate and secure the service).

Please do not submit sensitive information

We encourage you not to submit special category personal data (or other sensitive or confidential information) via the AI assistant. If you include such information, it may be processed to generate a response, and it may be visible to people who support and maintain the AI assistant (see "Human review and quality control" below).

Human review and quality control

To maintain quality, improve accuracy, troubleshoot issues, and keep our systems secure, we may review a limited number of AI interactions (including prompts and outputs). Access is restricted to authorised personnel and processors with a genuine business need, subject to appropriate confidentiality and security controls.

Our LLM service providers

To generate responses, AI interaction data may be transmitted to and processed by our third-party LLM service providers. Our LLM service providers may differ from time to time. These providers process AI interaction data on our instructions as our processors (or sub-processors) for the purpose of generating responses and supporting the AI assistant we provide on our websites or platforms including the SuLe Founders Hub and/or the SuLe Venture Hub. We use appropriate contractual, technical and organisational controls (including data processing agreements and account/configuration settings where available) to help protect this data.

If you would like an up-to-date list of the LLM service providers we currently use, please contact us using the details in "How to contact us" below.

Retention specific to AI interactions

We retain AI interaction data for a limited period, as described in the section "How long your personal data will be kept". We may retain certain information for longer where necessary for security, fraud prevention, legal compliance, or to establish, exercise or defend legal claims.

Aggregation and de-identification

We may aggregate and/or de-identify personal data so that it can no longer be used to identify you. We use this information to analyse how our websites and platform are used, improve our services (including the AI assistant), and for internal reporting and analytics. We will maintain and use de-identified information in de-identified form and will not attempt to re-identify it unless required by law.

AI-generated output and personal data

If you believe that information generated by our AI assistant contains personal data about you that is inaccurate, you can ask us to correct or remove the personal data we hold in our records (for example, in stored AI interaction logs). We will consider your request in accordance with applicable law and our technical capabilities. Depending on the circumstances, we may address the issue by deleting relevant stored records, correcting underlying source content (such as our knowledge base), and/or implementing reasonable measures designed to reduce the likelihood of the same issue recurring.

Summary of purposes

What we use your personal data forOur reasons
Providing services to youTo perform our contract with you or to take steps at your request before entering into a contract.
Preventing and detecting fraud against you or usFor our legitimate interest, i.e. to minimise fraud that could be damaging for you and/or us.
Conducting checks to identify our customers and verify their identity (where relevant)Depending on the circumstances: to comply with our legal and regulatory obligations that apply to our business. For our legitimate interests, i.e. to protect our business, interests and rights and those of others.
To enforce legal rights or defend or undertake legal proceedingsDepending on the circumstances: to comply with our legal and regulatory obligations; and in other cases, for our legitimate interests, i.e. to protect our business, interests and rights.
Gathering and providing information required by (or relating to) audits, enquiries and/or investigations (or directions) by regulatory bodiesNecessary for us to comply with our legal and regulatory obligations.
Ensuring business policies are adhered to, e.g. policies covering security and internet useFor our legitimate interests, i.e. to make sure we are following our own internal procedures.
Operational reasons, such as improving efficiency, training and quality controlFor our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you at the best price.
Ensuring the confidentiality of commercially sensitive informationDepending on the circumstances: for our legitimate interests, i.e. to protect trade secrets and other commercially valuable information; and to comply with our legal and regulatory obligations.
Statistical analysis to help us manage our businessFor our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you at the best price.
Preventing unauthorised access and modifications to systemsDepending on the circumstances: for our legitimate interests, i.e. to prevent and detect criminal activity; and to comply with our legal and regulatory obligations.
Protecting the security of systems and data used to provide the servicesNecessary for us to comply with our legal and regulatory obligations. We may also use your personal data to ensure the security of systems and data to a standard that goes beyond our legal obligations, and in those cases our reasons are for our legitimate interests.
Updating and enhancing customer recordsDepending on the circumstances: to perform our contract with you; to comply with our legal and regulatory obligations; and for our legitimate interests, e.g. making sure that we can keep in touch with our customers.
Statutory returnsNecessary for us to comply with our legal and regulatory obligations.
Ensuring safe working practices, staff administration and assessmentsDepending on the circumstances: to comply with our legal and regulatory obligations; and for our legitimate interests, e.g. to make sure we are following our own internal procedures and working efficiently.
Marketing our services to existing and former customers and third parties who have previously expressed an interestFor our legitimate interests, i.e. to promote our business to existing and former customers.
External audits and quality checksDepending on the circumstances: for our legitimate interests, i.e. to maintain our accreditations; and to comply with our legal and regulatory obligations.
To share your personal data with third parties in connection with a significant corporate transactionFor our legitimate interests, i.e. in connection with a merger, acquisition, asset sale, initial public offering or in the event of our insolvency.

How and why we use your personal data — in more detail

PurposeProcessing operationLawful basisCategories of personal data
To provide our services and manage our relationship with youRegistering you as a customer/user; creating and administering your account; providing access to our platform; delivering services to you; and managing your subscriptions, consultations, and any engagements between us and you.Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract (Article 6(1)(b)) UK GDPRYour name and contact information; account details; billing information; contact history, purchase history and saved items; and messages and information you provide when using our platform.
To process payments and manage accounts and recordsProcessing payments; issuing invoices and receipts; managing refunds (where applicable); and maintaining accounting records.Processing is necessary for the performance of a contract with you (Article 6(1)(b)) UK GDPR; and for compliance with a legal obligation (Article 6(1)(c)) UK GDPR.Your name and contact information; billing information; transaction and payment card information; and purchase history.
To provide customer support and respond to enquiriesHandling and responding to any enquiries and support requests (including where you choose to use our AI-powered FAQ / support assistant).Processing is necessary for our legitimate interests (Article 6(1)(f)) UK GDPR, i.e. to respond to messages and other enquiries.Your name and contact information; account details (if applicable); and messages and other information you provide.
AI assistant usageUser queries may be transmitted to and processed by our LLM service providers.Processing is necessary for the performance of a contract with you (Article 6(1)(b)) UK GDPR.Queries submitted through the AI assistant.
To operate, secure and improve our websites, platform and servicesMaintaining the security of our systems; monitoring and troubleshooting; improving functionality; and generating statistical/analytical insights.Processing is necessary for our legitimate interests (Article 6(1)(f)) UK GDPR, and (where relevant) for compliance with a legal obligation (Article 6(1)(c)) UK GDPR.Information about how you use our website, IT and other systems; technical and usage data; and cookie data (where applicable).
Marketing communicationsSending marketing communications about our services; and managing your marketing choices and preferences.Processing is necessary for our legitimate interests (Article 6(1)(f)) UK GDPR; and (where required) consent (Article 6(1)(a)) UK GDPR.Your name and contact information; marketing preferences; and records of consents and opt-outs.
To comply with legal obligations and deal with legal claimsComplying with legal and regulatory obligations; responding to requests from legal authorities or regulators; and establishing, exercising or defending legal claims.Processing is necessary for compliance with a legal obligation (Article 6(1)(c)) UK GDPR; and for our legitimate interests (Article 6(1)(f)) UK GDPR.Identity and contact information; account and transaction records; and communications and related records.

How and why we use your personal data — Special category personal data

Certain personal data we collect is treated as Special category personal data to which additional protections apply under data protection law.

Where we process Special category personal data, we will also ensure we are permitted to do so under data protection laws, e.g.:

· we have your explicit consent; or

· the processing is necessary to establish, exercise or defend legal claims.

Marketing

We may use your personal data to send you updates (by email, text message, telephone or post) about our services, including exclusive offers, promotions or new services.

We have a legitimate interest in using your personal data for direct marketing purposes. However, where we send direct marketing by electronic means (such as email and text message/SMS), we will only do so where permitted under PECR. In practice, this means we will send electronic marketing messages to you only where we have your consent, or where an exemption applies (such as the "soft opt-in", where applicable).

Where PECR requires consent, we will rely on your consent as our lawful basis under the UK GDPR for that marketing activity.

You do, however, have the right to opt out of receiving marketing communications at any time by:

· contacting us at hello@sulehub.com

· using the 'unsubscribe' link in emails or 'STOP' number in texts (such functionalities as provided by us from time to time); or

· updating your marketing preferences in your account on our platform.

If you opt out of marketing, we may retain a record of your opt-out request and contact details on a suppression list to ensure we continue to respect your preferences.

We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future, or if there are changes in the law, or the structure of our business.

We will always treat your personal data with the utmost respect and never sell it to other organisations for marketing purposes.

Who we share your personal data with

In order to provide our services to you, we may need to share personal data with:

· third parties who help to deliver our services, e.g. payment service providers and technology service providers (including cloud hosting providers);

· other third parties who help us run our business, e.g. marketing agencies or website hosts;

· third parties approved by you, e.g. legal professionals you choose to engage with via us during the services;

· our insurers and brokers, where strictly required to pursue our legitimate business interest; and

· our banks.

We only allow those third party organisations to handle your personal data if we are satisfied that they take appropriate measures to protect your personal data. We also impose contractual obligations on them to ensure they can only use your personal data to provide services to us and to you.

We or the third parties mentioned above occasionally also share personal data with:

· external auditors, e.g. in relation to the audit of our accounts, in which case the recipient of the information will be bound by confidentiality obligations;

· professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations;

· to comply with requests from legal authorities, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations; and

· other parties that have or may acquire control or ownership of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency — usually, information will be anonymised, but this may not always be possible. The recipient of any of your personal data will be bound by confidentiality obligations.

Who we share your personal data with — in more detail

RecipientProcessing operation (use) by recipientCategories of personal data transferred
Technology and IT service providers (including cloud hosting, website and platform providers, communications tools and CRM systems)Provide hosting, storage, communications and other IT services that support our operations and enable us to provide our services to youAny of the personal data we collect about you, as relevant to the service provided.
Legal professionals and other experts where necessary to provide the services to youTo provide or support delivery of the services you requestName and contact details; company details; information relevant to the service being provided.
LLM service providers used to help power our AI-powered FAQ / support assistantTo process user queries and generate responses via our AI-powered FAQ / support assistantContent of messages/queries you submit via the AI assistant and any related context you provide.
Payment service providers and banksProcess payments and manage financial transactions and related recordsName and contact details; billing information; transaction and payment card information; purchase history.
Professional advisers, auditors, insurers, regulators and to comply with legal obligationsProvide professional advice; audit services; insurance-related services; and/or comply with legal obligationsAny personal data relevant to the matter (identity, contact, account, transaction and communications records).

If you would like more information about who we share our data with and why, please contact us (see 'How to contact us' below).

Where your personal data is held

Personal data may be held within our secure information technology cloud storage solution provided by our third party service providers. Personal data may also be held by our third party services providers as described above (see: 'Who we share your personal data with').

Some of these third parties may be based outside the UK. For more information, including on how we safeguard your personal data when this happens, see below: 'Transferring your personal data out of the UK'.

How long your personal data will be kept

We will not keep your personal data for longer than we need it for the purpose for which it was collected. For example, we typically keep:

· account and customer records for up to seven years after the end of our relationship;

· financial and transaction records for up to seven years; and

· logs of support interactions (including messages submitted through our AI-powered FAQ / support assistant) for a limited period (typically up to 12 months), unless we need to keep them for longer (for example, to deal with queries, complaints or legal claims).

Different retention periods apply for different types of personal data. Further details on this are available on request. Following the end of the relevant retention period, we will delete or anonymise your personal data.

Where you request deletion of personal data, we may retain a minimal record of the request (and our response) for compliance, audit, and record-keeping purposes.

Data controls and choices

We provide the following controls and choices relating to your personal data:

· AI assistant use: you can choose not to use the AI assistant and instead contact us via email or other support channels listed in "How to contact us".

· Do not include sensitive information: you can help minimise personal data processed via the AI assistant by not including personal data (and by avoiding special category personal data) in your messages.

· Deletion of AI interactions: you can request deletion of AI Interaction Data that we hold about you by contacting us. Where we can, we will delete or anonymise this information in accordance with our retention practices and subject to legal/security exceptions.

· Marketing preferences: you can opt out of marketing communications at any time as described in the "Marketing" section.

· Cookies: you can manage cookie preferences using our cookie controls (where available) and by adjusting your browser settings. For more information, please see our cookie policy.

Transferring your personal data out of the UK/EEA

It is sometimes necessary for us to transfer your personal data to countries outside the UK and EEA. In those cases, we will comply with applicable data protection laws designed to ensure the privacy of your personal data.

Please note that where our LLM service providers (or related hosting providers) are located outside the UK/EEA, your AI Interaction Data may be transferred and processed internationally in accordance with the safeguards described in this section.

In providing our services to you, we may transfer your personal data to:

· our service providers located outside the UK (including in the United States), and

· other recipients located outside the UK (where relevant), for example legal professionals or other service providers engaged (with your instruction) to provide services to you.

Under data protection laws, we can only transfer your personal data to a country outside the UK/EEA where:

· the UK government has decided the particular country ensures an adequate level of protection of personal data (known as the 'adequacy regulations') pursuant to Article 45 of the UK GDPR. We rely on adequacy regulations for transfers to certain organisations located in the United States where such organisations are certified under the UK Extension to the EU-U.S. Data Privacy Framework (the UK-US data bridge). The UK-US data bridge only applies where the relevant US recipient is certified to the UK Extension and appears on the Data Privacy Framework List. Where a recipient is not certified (or where we otherwise cannot rely on the UK-US data bridge), we will use another permitted transfer mechanism (such as the IDTA) or rely on another lawful basis for the transfer where available. For more information on the Data Privacy Framework, please visit https://www.dataprivacyframework.gov;

· where we have in place a contract that contains standard contractual clauses using the Information Commissioner's Office United Kingdom International Data Transfer Agreement ('IDTA') that ensures an adequate level of protection equivalent to the rights and freedoms afforded to data subjects under UK GDPR (and where there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you); or

· where a specific exception applies under relevant data protection law that permits the transfer.

Any changes to the locations to which we send personal data or in the transfer mechanisms we rely on to transfer personal data internationally will be notified to you in accordance with the section on 'Changes to this privacy policy' below.

If you would like further information about data transferred outside the UK/EEA, please contact us (see 'How to contact us').

International transfers — in more detail

Recipient countryRecipientUse by recipientLawful safeguard
United States ('US')Service providers (including, where applicable, our LLM service providers used for our AI-powered FAQ support assistant and other technology providers)Provision of cloud and IT services; and (where applicable) processing of user queries for our AI-powered FAQ support assistantWhere applicable: adequacy regulation under the UK-US data bridge (for transfers to organisations certified to the UK Extension to the EU-U.S Data Privacy Framework); or legally approved standard contractual clauses (such as the IDTA) for transfers from a controller to processor recognised or issued pursuant to Article 46(2) of the UK GDPR.

Your rights

You have the following rights, which you can exercise free of charge:

· Access: The right to be provided with a copy of your personal data

· Rectification: The right to require us to correct any mistakes in your personal data

· Erasure (right to be forgotten): The right to require us to delete your personal data in certain situations

· Restriction of processing: The right to require us to restrict processing of your personal data in certain circumstances, e.g. if you contest the accuracy of the data

· Data portability: The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party in certain situations

· To object: The right to object at any time to your personal data being processed for direct marketing (including profiling); and in certain other situations, to our continued processing of your personal data

· Not to be subject to automated individual decision making: The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you

· The right to withdraw consent: If you have provided us with your consent to use your personal data then you have a right to withdraw that consent at any time by contacting us at hello@sulehub.com; or by using the 'unsubscribe' link in marketing emails or 'STOP' number in texts, and/or (for cookie consents) by using our cookie settings tool. Withdrawing consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn.

For more information on each of those rights, including the circumstances in which they apply, please contact us (see 'How to contact us' below) or visit the Guidance from the UK Information Commissioner's Office (ICO).

If you would like to exercise any of those rights, please:

· email or write to us (see below: 'How to contact us');

· provide enough information to identify yourself (e.g. your full name, address and customer or matter reference number) and any additional identity information we may reasonably request from you; and

· let us know what right you want to exercise and the information to which your request relates.

Keeping your personal data secure

We have appropriate security measures to prevent personal data from being lost accidentally or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality.

While we use appropriate technical and organisational measures to protect personal data, no method of transmission over the internet and no method of storage is completely secure. You should also take care to keep any account credentials confidential and to use a strong password where applicable.

We also have procedures to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

How to complain

Please contact us if you have any queries or concerns about our use of your personal data (see below 'How to contact us'). We hope we will be able to resolve any issues you may have.

You may also have the right to lodge a complaint with the Information Commissioner (the UK data protection regulator). The ICO's contact details are: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; telephone: 0303 123 1113.

If you are located outside the UK, you may also have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction.

Changes to this privacy policy

We may change this privacy notice from time to time. When we do we will inform you via our website and, where appropriate, by email or other means of contact.

Updating your personal data

We take reasonable steps to ensure your personal data remains accurate and up to date. To help us with this, please let us know if any of the personal data you have provided to us has changed, e.g. your surname or address — see below 'How to contact us'. You can also update your personal data yourself via your account on our platform.

How to contact us

You can contact us by post or email if you have any questions about this privacy policy or the information we hold about you, to exercise a right under data protection law or to make a complaint.

Our contact details are shown below:

Email: support@sule.io or hello@sulehub.com

Post: SuLe Hub Limited, Capital Office, 124-128 City Road, London, EC1V 2NX.

Do you need extra help?

If you would like this notice in another format (for example audio, large print, braille) please contact us (see 'How to contact us' above).