Effective Date: 31 March 2026

1. Introduction

Ubrix Ltd (“we”, “us”, or “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect personal data in connection with your use of our website at https://ubrix.co.uk/ and our software platform and related services (together, the “Services”).

We are a company registered in England and Wales under company number 15136854, with a registered office at 4 McMillan Close, Saltwell Business Park, Gateshead, United Kingdom, NE9 5BF. We are registered with the Information Commissioner’s Office (ICO) under registration number ZB730543.

This policy applies to all personal data we process as a data controller. Where we process personal data on behalf of our business customers as a data processor, the terms of our Data Processing Agreement apply.

Please read this policy carefully. If you have any questions, contact us at info@ubrix.co.uk.

2. Who We Are and How to Contact Us

Data Controller: Ubrix Ltd Company number: 15136854 Registered office: 4 McMillan Close, Saltwell Business Park, Gateshead, United Kingdom, NE9 5BF ICO registration number: ZB730543 Email: info@ubrix.co.uk Website: https://ubrix.co.uk/

For all data protection enquiries, please mark your communication “For the attention of: Data Protection” and send to the email or postal address above.

3. The Legal Framework

We process personal data in accordance with:

• the UK General Data Protection Regulation (UK GDPR)
• the Data Protection Act 2018
• the Privacy and Electronic Communications Regulations 2003 (PECR)

4. What Personal Data We Collect

Depending on how you interact with us, we may collect and process the following categories of personal data:

4.1 Information you provide to us directly

• Name, job title, and company name
• Email address, telephone number, and postal address
• Account login credentials (username; passwords are stored in encrypted form only)
• Information submitted through enquiry, contact, or demo request forms
• Communications you send to us by email, post, or through the platform

4.2 Information collected automatically when you use our Website

• IP address and device identifiers
• Browser type and version, operating system
• Pages visited, time spent on pages, and navigation paths
• Referring URLs
• Cookie identifiers (see our Cookie Policy for full details)

4.3 Information collected through use of our platform

Where you use the Ubrix platform as an authorised user on behalf of a business customer, we process personal data in our capacity as a data processor on behalf of that customer. This may include:

• Names and contact details of housebuilder staff, contractors, and site teams
• Names and contact details of homebuyers and new-build purchasers
• Defect reports, snagging lists, and communications relating to new-build properties
• Reservation, build, and handover records
• Workflow and task data submitted through the platform

4.4 Information from third parties

We may receive information about you from:

• Our business customers where they register you as an authorised user
• Publicly available sources, such as LinkedIn, for business development purposes
• Analytics and technology partners (in aggregated or pseudonymised form)

5. How We Use Your Personal Data

We use personal data only where we have a lawful basis to do so. The table below sets out the purposes for which we process personal data, and the legal basis for each.

Where we rely on legitimate interests as our legal basis, we have assessed that our interests are not overridden by your rights and interests. You have the right to object to processing based on legitimate interests — see section 11.

Where we rely on consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

6. Marketing Communications

We may send you information about our Services, product updates, industry insights, and relevant news where:

• you are an existing customer or have previously expressed interest in our Services and have not opted out; or
• you have given us your explicit consent to do so.

You can opt out of marketing communications at any time by:

• clicking the unsubscribe link in any marketing email; or
• emailing us at info@ubrix.co.uk with the subject line “Unsubscribe”.

Opting out of marketing will not affect service-related communications which are necessary for the operation of your account.

7. Who We Share Your Personal Data With

We do not sell, rent, or trade your personal data. We may share personal data with the following categories of recipients where necessary:

7.1 Service providers and sub-processors

We use carefully selected third-party service providers to support the delivery of our Services. These include:

• Microsoft Azure — cloud infrastructure and hosting (data stored within the UK and/or EU)
• Microsoft 365 — email, collaboration, and document management
• Stripe — payment processing
• Analytics providers — website performance analysis (e.g. Google Analytics)
• Marketing platforms — where used to send communications

All sub-processors are subject to appropriate data processing agreements and are required to process personal data only in accordance with our instructions and applicable data protection law.

7.2 Professional advisers

We may share personal data with our legal advisers, accountants, insurers, and other professional advisers where necessary for the conduct of our business.

7.3 Business transfers

In the event of a merger, acquisition, restructure, or sale of all or substantially all of our business or assets, personal data may be transferred to the relevant third party as part of that transaction. We will notify affected individuals where required by law.

7.4 Law enforcement and regulatory authorities

We may disclose personal data where required to do so by applicable law, court order, or at the request of a competent regulatory authority, including the ICO.

7.5 With your consent

We may share personal data with other third parties where you have given your explicit consent for us to do so.

8. International Transfers of Personal Data

Our primary data hosting infrastructure is located within the UK and/or the European Economic Area (EEA). Where we use third-party service providers who process data outside the UK or EEA, we ensure that appropriate safeguards are in place in accordance with UK GDPR requirements, including:

• reliance on UK adequacy regulations where applicable; or
• use of the International Data Transfer Agreement (IDTA) or UK Addendum to the EU Standard Contractual Clauses.

You may request details of the specific safeguards we rely on for any international transfer by contacting us at info@ubrix.co.uk.

9. How We Protect Your Personal Data

We take the security of your personal data seriously and maintain a comprehensive set of technical and organisational measures to protect it against unauthorised access, loss, destruction, or disclosure. Our security measures include:

• All production systems and personal data hosted on Microsoft Azure cloud infrastructure within the UK and/or EU
• Multi-factor authentication (MFA) enforced across all remote access, email accounts, cloud resources, and administrative systems
• Role-based access controls (RBAC) limiting data access to authorised personnel only
• Data encrypted in transit (TLS) and at rest
• Automated daily encrypted backups, replicated across geographically separate data centres, with at least one immutable instance
• Regular backup integrity testing
• Unique credentials required for all user accounts, with account lockout and brute force protections
• Automatic security patching with critical updates applied within 14 days of release
• Microsoft Defender Antivirus with real-time protection across all in-scope devices
• Cyber Essentials certification (certificate number: 726311be-0ee0-4009-a404-1d5ae226dcc1, certified 12 April 2025)
• Cyber liability insurance providing cover of up to £1,000,000
• Professional indemnity insurance providing cover of up to £1,000,000

We require any third-party sub-processors and contractors engaged in connection with the Services to maintain appropriate security standards consistent with our own.

Despite these measures, no method of transmission over the internet or electronic storage is completely secure. If you have reason to believe that your interaction with us is no longer secure, please notify us immediately at info@ubrix.co.uk.

10. How Long We Retain Your Personal Data

We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable law or regulation. Our general retention practices are:

Where we are required to retain data for longer periods by law, we will do so and will inform you where relevant.

11. Your Rights Under UK GDPR

You have the following rights in respect of your personal data. To exercise any of these rights, please contact us at info@ubrix.co.uk.

Right of access — You have the right to request a copy of the personal data we hold about you (a Subject Access Request). We will respond within one calendar month.

Right to rectification — You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

Right to erasure — You have the right to request that we delete your personal data in certain circumstances, for example where it is no longer necessary for the purpose for which it was collected.

Right to restriction of processing — You have the right to request that we restrict the processing of your personal data in certain circumstances, for example while a complaint is being resolved.

Right to data portability — Where processing is based on your consent or the performance of a contract, and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to object — You have the right to object to processing based on our legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or where processing is necessary for the establishment, exercise, or defence of legal claims. You have an absolute right to object to processing for direct marketing purposes.

Rights related to automated decision-making — You have the right not to be subject to decisions made solely by automated processing, including profiling, which produce legal or similarly significant effects on you. We do not currently carry out such automated decision-making.

Right to withdraw consent — Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

We will respond to all requests within one calendar month. In complex cases we may extend this by a further two months, in which case we will notify you. We will not charge a fee for handling your request unless it is manifestly unfounded or excessive.

12. Cookies

We use cookies and similar tracking technologies on our Website. Full details of the cookies we use, the purposes for which we use them, and how you can manage your preferences are set out in our Cookie Policy, available at https://ubrix.co.uk/.

13. Children’s Privacy

Our Website and Services are directed at businesses and are not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe that we have inadvertently collected personal data from a child, please contact us immediately at info@ubrix.co.uk and we will take steps to delete it.

14. Third-Party Links

Our Website may contain links to third-party websites and services. This Privacy Policy does not apply to those third-party sites and we are not responsible for their privacy practices. We encourage you to review the privacy policy of any third-party site you visit.

15. Changes to This Privacy Policy

We review this Privacy Policy periodically and will update it to reflect changes in our data processing activities, applicable law, or business practices. The effective date at the top of this page will be updated whenever material changes are made. Where changes are significant, we will notify you by email or by displaying a prominent notice on our Website. We encourage you to review this policy regularly.

16. How to Make a Complaint

If you have a concern about how we handle your personal data, we would ask that you contact us in the first instance at info@ubrix.co.uk so that we can try to resolve the matter.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the supervisory authority for data protection in the UK:

• Website: https://ico.org.uk/make-a-complaint/
• Telephone: 0303 123 1113
• Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
• 
  

17. Contact Us

For any questions, requests, or concerns relating to this Privacy Policy or our data processing activities, please contact us:

• Email: info@ubrix.co.uk
• Post: Ubrix Ltd, 4 McMillan Close, Saltwell Business Park, Gateshead, United Kingdom, NE9 5BF
• ICO registration: ZB730543
• 
  

Ubrix Ltd | Company No. 15136854 | Version 2.0 | Effective 31 March 2026