Legal

Privacy Policy.

How we collect, use, and protect your personal data — and the rights you have over it.

Last updated: 12 May 2026

1.Who we are

EpositBox (“we”, “us”, “our”) operates this website and the associated evidentiary custody platform. For the purposes of the UK GDPR and EU GDPR, EpositBox is the data controller for personal data collected through this Site. You can reach us via our contact form.

2.What this policy covers

This policy explains what personal data we collect through this website, why we collect it, how we use and share it, how long we keep it, and the rights you have over it. It applies to visitors to the Site and to people who submit information through our forms.

3.Personal data we collect

  • Information you provide. Name, work email, company, role, industry, and any message content you submit through demo requests, whitepaper downloads, or the contact form.
  • Communication preferences. Whether you have opted in to marketing email and your cookie consent choices.
  • Technical data. IP address, browser type and version, device type, referring URL, pages visited, and timestamps, collected automatically through server logs and (with consent) analytics.

We do not knowingly collect personal data from anyone under 16. We do not collect special-category data through this Site.

4.How we use personal data & legal bases

  • To respond to your requests — e.g. arranging a demo or sending you a whitepaper. Legal basis: performance of a contract or steps taken at your request prior to entering one.
  • To send marketing communications— only where you have opted in. Legal basis: consent. You can withdraw consent at any time using the unsubscribe link in any email.
  • To operate and secure the Site— logging, fraud prevention, abuse detection. Legal basis: legitimate interests in keeping the Site secure and reliable.
  • To measure and improve the Site— through analytics, only where you have given consent. Legal basis: consent.
  • To comply with legal obligations— including tax, accounting, and regulatory requirements. Legal basis: legal obligation.

5.Cookies & similar technologies

We use strictly necessary cookies to operate the Site and, with your consent, analytics and marketing cookies. You can review or change your choices at any time via .

6.How we share personal data

We do not sell personal data. We share it only with:
  • Service providers acting as processors on our behalf — for example, hosting, email delivery, analytics, and CRM — bound by written contracts requiring appropriate security and confidentiality.
  • Professional advisers such as lawyers and auditors where strictly necessary.
  • Authorities where required by law, regulation, or valid legal process.
  • Acquirers in connection with a merger, acquisition, or sale of assets, subject to confidentiality.

7.International transfers

Where personal data is transferred outside the UK or the European Economic Area, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, the UK Addendum, or the EU Standard Contractual Clauses, together with supplementary measures where required.

8.How long we keep personal data

We keep personal data only as long as necessary for the purposes set out in this policy and to meet our legal obligations. Demo and whitepaper enquiry data is typically retained for up to 24 months from your last interaction; marketing-consent records are retained while consent is active and for a reasonable period after withdrawal to evidence the change.

9.Your rights

Subject to applicable law, you have the right to: access your personal data; have inaccurate data corrected; have data erased; restrict or object to processing; request portability of data you have provided; and withdraw consent at any time (without affecting the lawfulness of processing carried out before withdrawal). To exercise any of these rights, contact us via the contact form. You also have the right to lodge a complaint with a supervisory authority — in the UK, the Information Commissioner's Office (ico.org.uk).

10.Security

We apply technical and organisational measures designed to protect personal data against unauthorised access, alteration, disclosure, or destruction, including encryption in transit, access controls, and least-privilege principles. No system is perfectly secure, but we work to reduce risk and respond to incidents promptly.

11.Automated decision-making

We do not use personal data collected through this Site to make decisions producing legal or similarly significant effects through solely automated means.

12.Changes to this policy

We may update this policy from time to time. Material changes will be reflected in the “Last updated” date above and, where appropriate, communicated through the Site.

13.Contact

For privacy questions or to exercise your rights, please use our contact form. See also our Terms of Use.