Privacy Policy
Contents
1. Who we are
1.1 Deep Trovian ("we", "us", "our") operates the Deep Axion product line and the website at deep-axion.com. We are based in the United Kingdom.
1.2 For the purposes of the UK GDPR and the EU GDPR, Deep Trovian is the data controller of personal data collected through our website, during the purchase process, on activation of our software, and in the course of providing support.
1.3 We can be contacted for privacy matters at [email protected] (or, until that mailbox is operational, at [email protected] with the subject line "Privacy"). Postal address will be published at deep-axion.com/contact once our registered office is formalised.
2. Scope of this policy
2.1 This policy applies to personal data we collect about:
- visitors to our website at
deep-axion.com; - prospective customers and lead enquirers;
- direct and dealer-channel purchasing customers;
- end users of the Deep Axion software (to the extent that licence activation and optional telemetry involve any personal data);
- Authorised Dealers and their named contacts; and
- respondents to our support, warranty and enquiry inboxes.
2.2 This policy does not describe data processed by our Authorised Dealers in their own capacity — each Authorised Dealer is a separate data controller for its own customer relationships and publishes its own privacy notice.
3. What personal data we collect
3.1 Data you provide directly
- Enquiry data: your name, email address, company name, country, any free-text message content you include, at the point you email
[email protected],[email protected]or any CTA form on our website. - Purchase data: billing name, billing address, shipping address, VAT number (where applicable), telephone number, purchase-order reference, payment reference (we do not store full card details — see clause 3.4).
- Dealer application data: company registration details, director names, trading addresses, referee contacts, sample installation portfolio (where provided).
3.2 Data collected automatically
- Licence activation data: when the Deep Axion software activates, it transmits to our licensing server the Hardware Fingerprint (a hash derived from stable hardware identifiers), the Licence Key, the activation timestamp, the installed software version and a coarse-grained locale/timezone identifier.
- Website analytics: aggregated, privacy-preserving website usage statistics (page views, approximate geographic region at country-only resolution, referring URL, browser category). We do not use cross-site advertising tracking, third-party behavioural trackers, or fingerprinting scripts on our own website. Where we publish via a third-party marketing platform (e.g. GoHighLevel), that platform's privacy practices apply in addition — see clause 9.
3.3 Data generated during support
- Email correspondence, support ticket content, screenshots you provide, diagnostic logs you attach, call-recording metadata (where applicable and with your consent).
3.4 Data we do NOT collect
- Full payment card details. Where we accept card payments, they are processed by our PCI-compliant third-party payment provider; we receive only a masked reference and transaction status.
- Biometric data. We do not collect fingerprints, facial recognition data, voice prints or any other biometric identifier.
- Special category data (as defined in UK GDPR Article 9). We do not knowingly collect health data, religious belief data, political opinions, sexual orientation, or trade-union membership.
- Children's data. Our Products are B2B and high-end B2C and are not directed at children. We do not knowingly collect personal data from any person under the age of 18. If you believe we have inadvertently done so, please contact us immediately.
- In-software end-user data from your network. The Deep Axion software runs on your premises under your control. It discovers services on your VLANs and displays them in your web console; this data never leaves your network under normal operation. We do not collect or receive device names, service inventories, rule sets, or any customer-of-customer data from running installations, with the sole exception of the licence activation data in clause 3.2 (Hardware Fingerprint + Licence Key + version) and any diagnostic data you voluntarily provide to our support team.
4. How we use your personal data (purposes and legal bases)
We process personal data only where we have a lawful basis to do so under UK GDPR Article 6:
| Purpose | Categories of data | Legal basis |
|---|---|---|
| Responding to enquiries and providing quotes | Enquiry data | Art 6(1)(b) — necessary to take steps at your request before entering a contract |
| Processing and fulfilling orders | Purchase data | Art 6(1)(b) — performance of a contract |
| Activating and validating software licences | Licence activation data | Art 6(1)(b) — performance of the Licence Agreement |
| Providing technical support | Support correspondence | Art 6(1)(b) — performance of a contract |
| Sending transactional notifications (order confirmation, shipping, licence renewal reminders) | Purchase + contact data | Art 6(1)(b) — performance of a contract |
| Administering our Authorised Dealer programme | Dealer application data | Art 6(1)(b) — performance of the Dealer Agreement |
| Complying with legal, regulatory and tax obligations | All of the above as required | Art 6(1)(c) — legal obligation |
| Preventing fraud, sanctions breaches and licence piracy | Purchase + activation data | Art 6(1)(f) — legitimate interests |
| Website analytics (aggregated, non-behavioural) | Usage data | Art 6(1)(f) — legitimate interests (minimal impact) |
| Sending occasional product-announcement emails to existing customers | Contact data | Art 6(1)(f) — legitimate interests (soft-opt-in under PECR Reg 22(3)); you can unsubscribe at any time |
| Sending direct marketing to prospects who have opted in | Contact data | Art 6(1)(a) — consent |
We do not use personal data for automated decision-making with legal or similarly significant effects. We do not use personal data for profiling.
5. How long we keep personal data
We retain personal data only for as long as is necessary for the purposes set out in clause 4, taking into account legal, accounting and operational requirements:
| Data category | Retention period |
|---|---|
| Unsolicited enquiry emails with no follow-on purchase | 24 months from last contact, then deleted |
| Active customer purchase records | Duration of the customer relationship, plus 7 years for tax/VAT audit purposes |
| Licence activation records | Duration of the active licence, plus 3 years (to service re-activation and legacy support requests) |
| Dealer application records | 24 months for unsuccessful applications; duration of the Authorised Dealer Agreement plus 6 years for successful ones |
| Support ticket content | 3 years from closure of the ticket |
| Aggregated website analytics | 13 months (rolling) |
| Marketing contact records where consent was given | Until consent is withdrawn, plus a 30-day grace period to ensure propagation |
After the retention period expires, we delete the data or anonymise it irreversibly.
6. Who we share personal data with
We share personal data only in the following circumstances:
6.1 Our service providers (processors acting on our behalf): cloud-hosting provider for our licence server; email service provider for transactional messaging; marketing-platform vendor for the website (e.g. GoHighLevel, where used); accounting firm; payment processor; logistics and shipping partners. All processors are bound by data-processing agreements under UK GDPR Article 28.
6.2 Authorised Dealers, where you have initiated an enquiry that is routed to the dealer nearest to you or where the dealer has introduced you to us. In either case, each party is a separate controller for its own records of the relationship.
6.3 Professional advisers (our lawyers, accountants, insurers, auditors) on a confidential basis, only where necessary.
6.4 Law-enforcement or regulatory authorities where we are legally compelled to disclose, or where disclosure is necessary to prevent or investigate fraud, crime, or breaches of our Terms.
6.5 A successor entity in the event of a sale, merger or acquisition affecting Deep Trovian, in which case the successor will be bound to honour this policy or provide equivalent protections.
6.6 We do not sell personal data. We do not share personal data with third parties for their own independent marketing purposes.
7. International transfers
7.1 We are based in the United Kingdom. Some of our processors (notably cloud-hosting and email providers) may process data in the European Economic Area, the United States, or other jurisdictions.
7.2 Where personal data is transferred outside the UK and the EEA, we put in place appropriate safeguards, including:
- transfers to countries covered by a UK adequacy decision or the EU Commission's adequacy decisions, where applicable;
- the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, where transfers are to processors in third countries without adequacy; and
- supplementary measures (encryption in transit and at rest, data-minimisation, contractual restrictions on onward disclosure) where the recipient jurisdiction's laws create additional risk.
7.3 You can request a copy of the safeguards applicable to any specific transfer by contacting us at [email protected].
8. Your rights under UK and EU GDPR
You have the following rights in respect of personal data we hold about you:
- Right of access — to be informed whether we process your data, and if so, to receive a copy of that data.
- Right to rectification — to have inaccurate or incomplete data corrected.
- Right to erasure ("right to be forgotten") — to have your data deleted, subject to exceptions where we must retain data for legal, contractual or public-interest reasons.
- Right to restriction of processing — to have the processing of your data paused in specified circumstances.
- Right to data portability — to receive personal data you provided to us in a commonly-used, machine-readable format, and to have it transmitted to another controller where feasible.
- Right to object — to object to processing based on legitimate interests (clause 4 above), including direct marketing.
- Right to withdraw consent — where we rely on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
- Right not to be subject to automated decision-making — though, as noted, we do not conduct such decision-making.
To exercise any of these rights, contact us at [email protected]. We will respond within one month of receipt of your request, extendable by up to two further months where the request is complex or voluminous, in which case we will notify you of the extension and the reasons for it. There is no charge except where a request is manifestly unfounded or excessive.
9. Cookies and website tracking
9.1 Our website at deep-axion.com uses only the cookies strictly necessary to operate the site (for example, session cookies needed for forms to function). We do not set advertising or behavioural-targeting cookies on our own pages.
9.2 Where we publish campaign pages through a third-party marketing platform (currently GoHighLevel, subject to change), that platform may set its own cookies. Where this is the case, a cookie banner is presented on first visit and you may decline all non-essential cookies. Your choice is stored in a first-party preference cookie.
9.3 You can disable cookies entirely in your browser settings. Some parts of our website may not function correctly without session cookies.
10. Security
10.1 We take appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction or damage, including without limitation:
- encryption in transit (TLS 1.2+ or current industry standard) on all web traffic;
- encryption at rest for database-stored personal data on our licensing and customer-record systems;
- role-based access control with the principle of least privilege for our staff;
- regular security reviews of our licence server, website platform and processor arrangements;
- secure software development practices for the Deep Axion product itself, including Cython-compilation of object code to protect the integrity of anti-piracy logic; and
- a written breach-response plan to meet the UK GDPR's 72-hour notification deadline.
10.2 No system is 100% secure. In the unlikely event of a personal-data breach that poses a risk to the rights and freedoms of affected individuals, we will notify the UK Information Commissioner's Office (ICO) within 72 hours of becoming aware, and will notify affected individuals without undue delay where the breach is likely to result in a high risk to them.
11. Changes to this policy
11.1 We may update this policy from time to time to reflect changes in our processing activities, changes in the law, or other developments. The current version will always be available at deep-axion.com/privacy.
11.2 Where the changes are material (for example, a new purpose of processing, or a new category of recipient), we will notify existing customers by email at least 30 days before the changes take effect.
12. How to complain
12.1 If you are unhappy with how we have handled your personal data, please first contact us at [email protected] so we have the opportunity to put things right.
12.2 You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Phone: 0303 123 1113
- Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom
12.3 If you are in the European Economic Area, you may also lodge a complaint with your local national supervisory authority.
13. Contact
- Privacy enquiries and data-subject rights requests: [email protected] (or, transitionally, [email protected] with subject line "Privacy")
- General sales enquiries: [email protected]
- Dealer-channel enquiries: [email protected]
End of Privacy Policy.