Privacy Policy

Last updated: 27 March 2026

1. Who We Are

Buckden Ltd ("Buckden", "we", "us") is the data controller for the personal data described in this policy. We are registered in England and Wales (Company No. 10729771) at 1st Floor, 27 Shirwell Crescent, Furzton, Milton Keynes, MK4 1GA, United Kingdom.

2. What We Collect

Data	Purpose	Legal Basis
Email address	Account creation, login, communications	Contract
Display name	Personalisation	Contract
Phone number	Two-factor authentication (SMS OTP)	Consent
Password (hashed)	Authentication	Contract
IP address, device info	Security, fraud prevention, session management	Legitimate interest
Usage analytics	Service improvement	Legitimate interest
Payment details	Subscription billing (via Stripe)	Contract

3. SMS / Mobile Messaging

We use your mobile phone number to send one-time verification codes (OTP) when logging into Buckden services. This is the sole purpose for which your mobile number is used.

Mobile opt-in data and phone numbers will not be shared with third parties for marketing or promotional purposes.

Message and data rates may apply. Message frequency varies; typically one message per login attempt.

Opt out: Reply STOP to any message to unsubscribe.
Help: Reply HELP for assistance, or contact richard@buckden.io.

4. How We Use Your Data

To provide and maintain our services
To authenticate your identity and secure your account
To process payments and manage subscriptions
To send transactional emails (password resets, verification codes, account notifications)
To detect and prevent fraud and abuse
To improve our services through aggregated, anonymised analytics

5. Third-Party Processors

Processor	Purpose	Location
Amazon Web Services	Hosting, authentication (Cognito), database, email (SES), SMS (SNS)	EU (London)
Stripe	Payment processing	US/EU
Google Analytics (GA4)	Usage analytics	US/EU
Microsoft Clarity	Session replay and heatmaps	US/EU

All processors are bound by data processing agreements and comply with applicable data protection regulations.

6. Data Retention

Account data: Retained while your account is active, deleted within 30 days of account closure
Audit logs: Retained for 2 years (730 days) for security and compliance
Session data: Automatically expires (24-hour access tokens, 30-day refresh tokens)
Analytics: Aggregated data retained per Google/Clarity policies; no personal identifiers stored

7. Your Rights (UK GDPR)

You have the right to:

Access — request a copy of your personal data
Rectification — correct inaccurate data via your account settings
Erasure — request deletion of your account and data
Data portability — export your data in a machine-readable format
Restriction — limit how we process your data
Object — object to processing based on legitimate interest
Withdraw consent — where processing is based on consent (e.g. phone number for SMS)

To exercise any of these rights, contact us at richard@buckden.io or use the data export feature in your account settings.

8. Cookies & Tracking

We use Google Tag Manager to manage analytics tags. GTM loads Google Analytics 4 and Microsoft Clarity. These services may set cookies to measure usage. We do not use cookies for advertising. You can control cookies through your browser settings.

9. International Transfers

Your data is primarily stored in the EU (AWS London region). Where data is transferred outside the UK/EEA (e.g. Stripe US), transfers are protected by Standard Contractual Clauses or equivalent safeguards.

10. Security

We implement appropriate technical and organisational measures to protect your data, including encryption at rest and in transit, access controls, and regular security reviews.

11. Children

Our services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with data, contact us and we will delete it.

12. Changes

We may update this policy from time to time. We will notify registered users of material changes via email. The "last updated" date at the top indicates when the policy was last revised.

13. Contact & Complaints

Buckden Ltd
1st Floor, 27 Shirwell Crescent, Furzton
Milton Keynes, MK4 1GA, United Kingdom
Company No. 10729771
richard@buckden.io

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.