Privacy Notice

This privacy notice explains how Hoptrail Limited ("Hoptrail", "we", "us") collects, uses, and protects your personal data when you visit our website, contact us through our forms, download our resources, or engage with us as a client or prospect.

We are committed to protecting your personal data and respecting your privacy rights under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the EU General Data Protection Regulation (EU GDPR) where applicable.

Last updated: June 2026.

1. Important information and who we are

Hoptrail Limited is the data controller responsible for your personal data. We are registered in England and Wales.

Contact details

  • Full name of legal entity: Hoptrail Limited
  • Country of registration: England and Wales
  • Data privacy manager: Henry Burrows
  • Email address: info@hoptrail.io

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to address your concerns directly before you approach the ICO, so please contact us in the first instance.

2. The data we collect about you

We may collect, use, store, and transfer the following categories of personal data:

  • Identity Data: first name, last name, job title, professional role.
  • Contact Data: work email address, company name, country, telephone number (if you provide it).
  • Communications Data: the content of any messages, enquiries, or form submissions you send us, and our responses.
  • Technical Data: IP address, browser type and version, time zone setting, operating system, and device information, automatically collected by our hosting provider when you visit our site.
  • Usage Data: information about which pages you visit and how you interact with the website. Note that we do not currently use third-party analytics, so this data is limited to what our hosting provider collects in server logs.
  • Marketing Data: your preferences in receiving marketing communications from us.

We do not collect special category data (such as data about race, religion, health, sexual orientation, or political opinions) or data about criminal convictions.

If you are a client engaging us for Enhanced Due Diligence (EDD) work, we will collect additional data as set out in our separate client engagement terms. That data is processed under a separate legal basis and is governed by our client data processing agreements.

3. How we use your personal data, and our lawful basis

Under UK GDPR, we must have a lawful basis to process your personal data. We rely on the following bases:

  • Legitimate interest — to respond to enquiries you initiate via our contact form, to send you the resources you request (such as our guides), to manage our business relationship with you, and to keep records of communications for compliance and audit purposes.
  • Consent — where we send you marketing communications you have opted in to receive. You can withdraw consent at any time by emailing info@hoptrail.io.
  • Contract — to perform our contractual obligations to you as a client (where applicable).
  • Legal obligation — to comply with our regulatory and legal obligations, including AML, anti-fraud, and tax obligations.

Specifically, we use your data to:

  • Respond to your enquiries and requests for information or resources.
  • Provide you with the products, services, or content you have requested.
  • Send you marketing communications about Hoptrail products and content where you have consented.
  • Improve our website, products, and services.
  • Comply with our legal, regulatory, and audit obligations.

4. How we share your personal data

We do not sell your personal data. We share your personal data only with trusted third-party service providers ("processors") who help us run our business. These providers act on our instructions and are contractually bound by data processing agreements that comply with UK GDPR.

The categories of processors we currently use include:

  • Hosting and infrastructure: Netlify (website hosting), Google Cloud (application hosting).
  • Email services: Microsoft 365 (corporate email), Resend (transactional email for forms), Mailgun (transactional email).
  • Authentication: Auth0 (for our platform login).
  • Customer relationship management and marketing: HubSpot.
  • Professional advisors: our lawyers, accountants, and auditors, where necessary.

We may also share your data where required by law, regulator request, court order, or in connection with a corporate transaction (such as a sale or merger), in which case the recipient would be bound by equivalent data protection obligations.

5. International transfers

Some of our service providers are based outside the UK and EU, including in the United States. Where personal data is transferred outside the UK or EU, we rely on appropriate safeguards including:

  • UK International Data Transfer Agreement or EU Standard Contractual Clauses.
  • Adequacy decisions where the destination country has been recognised as providing an adequate level of protection.
  • Equivalent contractual safeguards built into our processors' data processing agreements.

For specific information about where your data is transferred and the safeguards in place, please contact info@hoptrail.io.

6. Data security

We take the security of your personal data seriously. Hoptrail is certified to ISO 27001 for Information Security Management. We have put in place appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used, accessed, altered, or disclosed in an unauthorised way.

We limit access to your personal data to those employees, agents, and contractors who have a business need to know it, and they are subject to a duty of confidentiality. We also have procedures to deal with any suspected personal data breach and will notify you and the ICO of any breach where we are legally required to do so.

7. Data retention

We retain your personal data only for as long as reasonably necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.

Typical retention periods are as follows:

  • Marketing enquiries and resource downloads: 3 years from your last interaction with us, unless you ask us to delete the data earlier.
  • Active client relationships: for the duration of our engagement plus 7 years thereafter, to meet our regulatory and audit obligations.
  • Website server logs: generally 30–90 days, in line with our hosting providers' standard retention.

In some circumstances, we may anonymise your personal data so it can no longer be associated with you, in which case we may use that information indefinitely without further notice to you.

8. Your legal rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access: request a copy of the personal data we hold about you.
  • Right of rectification: request correction of inaccurate or incomplete data.
  • Right of erasure: request deletion of your data, subject to certain exceptions.
  • Right to restrict processing: request that we suspend processing of your data.
  • Right to data portability: request transfer of your data to another organisation.
  • Right to object: object to processing where we rely on legitimate interests.
  • Right to withdraw consent: where we rely on consent, you can withdraw it at any time.

To exercise any of these rights, please contact info@hoptrail.io. We will respond within one month of your request. There is no fee for these requests, although we may charge a reasonable fee or refuse to respond if a request is clearly unfounded, repetitive, or excessive.

You also have the right to make a complaint to the Information Commissioner's Officeat any time. We would, however, appreciate the opportunity to address your concerns first.

9. Cookies

Hoptrail's website uses only strictly necessary cookies — these are required for the site to function and cannot be switched off in our systems. We do not use cookies for analytics, marketing, tracking, or advertising purposes.

Strictly necessary cookies include:

  • Cookie consent preference — stores your response to our cookie banner so we don't show it again on every visit.
  • Session cookies (if applicable) — temporary cookies set by our hosting provider (Netlify) to deliver our website.

You can clear cookies at any time through your browser settings. Disabling strictly necessary cookies may affect the functionality of the site.

We do not share cookie data with third parties, and we do not embed third-party tracking pixels (Facebook Pixel, LinkedIn Insight Tag, Google Analytics, etc.) on this site.

If we add analytics or marketing tracking in the future, we will update this notice and ask for your consent before setting any new cookies.

10. Changes to this notice

We may update this privacy notice from time to time. When we do, we will update the "Last updated" date at the top of this notice and, where the changes are significant, take additional steps to bring the changes to your attention.

11. Further details

If you have any questions about this privacy notice, our data protection practices, or how we process your personal data, please contact info@hoptrail.io.