Privacy
Privacy notice
Effective date: 8 July 2026
1. Who this notice is for
This notice explains how Regardful handles information connected with enquiries, authorised website reviews, customer administration and written service delivery.
2. Contact
For privacy questions, email hello@regardful.co.uk.
3. Regardful's data protection roles
Regardful is the controller for its own business records, including enquiries, emails, orders, invoices, service administration, suppression requests and website operation.
For authorised school website review material, the school or trust remains responsible for deciding the lawful basis, review purpose, scope and final action. Regardful processes that material under the customer's written instructions.
4. Information Regardful may handle
- Business contact details, such as names, roles, school or trust names, work email addresses and correspondence.
- Authorisation, order and service records, including agreed scope, exclusions, delivery notes and invoice/payment records.
- Public website review references, such as page URLs, image URLs, review notes, priority levels, recommended actions and remediation status.
- Minimal suppression records where a contact asks not to receive further service emails.
5. Information Regardful is designed not to collect
- No facial recognition data.
- No facial templates, embeddings or biometric identifiers.
- No child identification or face matching.
- No ethnicity, health, disability, emotion, religion or other sensitive-trait inference.
- No copies of pupil images unless a specific exceptional need is agreed in writing.
6. How information is used
- To respond to enquiries and written requests.
- To confirm authorisation, scope and service instructions.
- To deliver Exposure Snapshots, full audit reports, remediation trackers and rechecks.
- To maintain business, finance, security and quality records.
- To maintain a suppression list where a business contact asks not to receive further email.
7. Lawful basis for Regardful's own business processing
Regardful relies on different lawful bases depending on the activity. These may include contract where processing is needed to provide a requested service, legitimate interests for business administration, security, service improvement and proportionate business-to-business communications, and legal obligation for records that must be kept for tax or regulatory reasons.
For authorised school review material, the school or trust decides and documents the lawful basis for the underlying processing. Regardful acts under the customer's written instructions for the agreed review scope.
8. Suppliers and storage
Regardful may use reputable service providers for email, website hosting, secure storage, payment/accounting administration and document handling. Suppliers are used only where needed for the service or business administration. Regardful does not sell personal information and does not use pupil imagery to train artificial intelligence models.
Some suppliers may process information outside the United Kingdom. Where this happens, Regardful expects appropriate contractual, technical and organisational safeguards to be in place through the relevant supplier terms.
9. Retention
- Unconverted enquiries: normally up to 24 months.
- Customer administration, order and invoice records: normally up to 6 years where needed for finance, tax, dispute or business records.
- Audit working records: normally deleted or returned within 30 days after final delivery, unless the customer requests a longer written retention period or a dispute/legal obligation requires retention.
- Suppression records: retained as minimal records so Regardful can honour opt-out requests.
10. Individual rights
People may have rights to access, correct, erase, restrict or object to processing of their personal information. Requests about Regardful's own business records can be sent to hello@regardful.co.uk.
If a request relates to a school website review carried out for a school or trust, Regardful may need to refer the request to that school or trust because it controls the underlying review purpose and decisions.
11. Security
Regardful uses written authorisation, scoped access, professional email authentication, restricted retention, no facial recognition, no child identification, and document-based delivery controls to reduce unnecessary exposure.
12. Complaints
Regardful will try to resolve privacy concerns directly. Individuals also have the right to raise concerns with the Information Commissioner's Office.