Privacy Policy

1. Who we are

Qorym Ltd is a software development agency registered in the United Kingdom. We act as the data controller for personal information collected via this website and during the course of providing our services.

If you have any questions about this policy, you can reach us at info@qorym.com.

2. Data we collect

Information you give us directly

When you submit the contact form on this site, we collect:

• Your first and last name
• Your work email address
• Your company name (optional)
• The type of service you are interested in
• Your approximate budget (optional)
• The free-text description of your project

If you email us directly at info@qorym.com, we will receive the content of your email and any information you choose to include in it.

Information collected automatically

When you visit qorym.com, our hosting provider may record technical information such as your IP address, browser type, operating system, the pages you view, the time of your visit, and the referring URL. This information is used for security, fraud prevention, and aggregate analytics. We do not use this data to build a personal profile about you.

Information from our service engagements

If you become a client, we will collect additional information necessary to deliver our services, including billing details, contractual correspondence, and any data you provide to us as part of your project (for example, codebase access credentials or business documents). This data is processed under our service agreement with you.

3. How we use your data

We use your personal data only for the purposes for which it was collected:

• To respond to your enquiry — when you submit the contact form, we use your information to reply, scope your project, and follow up with relevant proposals.
• To deliver our services — if you engage us as a client, we use your data to perform the agreed-upon work, manage the project, and bill you.
• To improve our website — aggregated, non-identifying technical data helps us understand which pages are most useful and where the site can be improved.
• To meet legal obligations — for example, retaining invoicing records for the period required by UK tax law.
• To protect our site and users — detecting and preventing abuse, spam, fraud, and security incidents.

We do not sell your personal data. We do not use your data for automated decision-making or profiling.

4. Legal basis for processing

Under UK GDPR, we rely on the following legal bases:

• Consent — for non-essential cookies and any marketing communications. You can withdraw consent at any time.
• Contract — to deliver the services you have engaged us to provide.
• Legitimate interest — to respond to your enquiries, maintain site security, and operate our business. We balance our interests against your rights and freedoms.
• Legal obligation — to comply with applicable laws, such as financial and tax record-keeping requirements.

5. Cookies and similar technologies

qorym.com uses a minimal set of technologies to function and to remember your preferences.

Essential storage

We store your cookie preference (whether you accepted or rejected non-essential cookies) in your browser's local storage under the key qorym_consent_v1. This is strictly necessary to remember your choice and does not require consent.

Analytics (only with your consent)

If you accept all cookies via our banner, we may load privacy-respecting analytics to understand aggregate site usage. This is opt-in. If you reject non-essential cookies, no analytics scripts are loaded.

Third-party services

Our contact form is delivered via Formspree, which receives the data you submit. Google Fonts is used to render typography and may log standard server-access information. Both are described further in section 6.

Managing cookies

You can clear our stored preference at any time using your browser's site data tools. The banner will reappear on your next visit and you will be asked again.

6. Sharing and third-party processors

We share personal data only with trusted service providers who process it on our behalf, under written data processing agreements where required:

• Formspree — processes contact form submissions and forwards them to info@qorym.com. See Formspree's privacy policy.
• Our email provider — used to deliver and store correspondence sent to info@qorym.com.
• Google Fonts — typography is loaded from fonts.googleapis.com. Google may log standard server access information. See Google's privacy policy.
• Our hosting provider — serves the website and may retain server logs for security and operational purposes.

We may disclose personal data if required by law, court order, or to protect the rights, property, or safety of Qorym, our clients, or others.

7. Data retention

We keep personal data only for as long as we need it for the purposes set out above:

• Contact-form enquiries that do not lead to a project: up to 12 months, then deleted or anonymised.
• Client and project records: for the duration of the engagement and 7 years afterwards, to meet UK accounting and tax obligations.
• Server access logs: typically 30–90 days, depending on the provider.

You may request earlier deletion at any time — see section 9.

8. Security

We take appropriate technical and organisational measures to protect your data, including encryption in transit (HTTPS/TLS), restricted access to systems on a need-to-know basis, regular security reviews, and secure handling of credentials. No method of transmission or storage is 100% secure, but we work to maintain industry-standard protections.

If a breach occurs that is likely to result in a risk to your rights, we will notify the Information Commissioner's Office (ICO) within 72 hours and, where required, inform affected individuals directly.

9. Your rights

Under UK GDPR, you have the following rights regarding your personal data:

• Right to be informed — to know how your data is used (this policy).
• Right of access — to request a copy of the personal data we hold about you.
• Right to rectification — to have inaccurate data corrected.
• Right to erasure — to ask us to delete your data, subject to legal retention requirements.
• Right to restrict processing — to limit how we use your data in certain circumstances.
• Right to data portability — to receive your data in a structured, machine-readable format.
• Right to object — to processing based on legitimate interest or for direct marketing.
• Right to withdraw consent — at any time, where consent is the basis for processing.

To exercise any of these rights, email info@qorym.com. We will respond within one month.

If you are unhappy with how we have handled your data, you may complain to the UK Information Commissioner's Office: ico.org.uk.

10. International transfers

Some of our service providers (such as Formspree and Google Fonts) are based outside the United Kingdom. When personal data is transferred internationally, we rely on appropriate safeguards under UK GDPR, including UK adequacy decisions, the UK International Data Transfer Agreement, or standard contractual clauses, to ensure your data continues to be protected.

11. Children

Our services are aimed at businesses and are not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us so we can delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal obligations, or other factors. The "Last updated" date at the top of this page indicates when the policy was last revised. We encourage you to review this policy periodically.

13. Contact us

If you have any questions about this Privacy Policy, your data, or how to exercise your rights, please contact us: