Privacy Policy Terms of Use &
Data Processing Addendum (DPA)
PRIVACY POLICY
Last updated: 26.01.2026
1. Overview
Stack Integral (“we”, “us”, “our”) is committed to protecting personal data and handling it responsibly.
This Privacy Policy explains how we collect, use, store, and protect personal information when you visit stackintegral.com, interact with us, or use our services.
We apply the UK GDPR and EU GDPR as our baseline standard, and we aim to meet applicable data protection requirements worldwide.
2. Scope & Applicability
This policy applies to:
Visitors to our website
Individuals who contact us or engage with our services
Users interacting with our content, communications, or systems
It does not cover third-party websites or services we do not control.
3. Our Role: Controller & Processor
Website & marketing data: Stack Integral acts as a data controller.
Client data processed through our systems: Stack Integral acts as a data processor, operating strictly under client instructions and contractual agreements.
This distinction is fundamental to how we design and operate AI-assisted workflows responsibly.
4. Information We Collect
Personal data you provide
Name
Email address
Phone number
Company name
Information submitted via contact forms, emails, or messages
Providing this information is voluntary.
Information collected automatically
When you visit our site, we may collect:
IP address
Browser type and device information
Pages visited and interaction data
Referring URLs
This data is used in aggregate to understand site usage and improve performance.
5. How We Use Personal Data
We use personal data to:
Respond to enquiries and communications
Provide and operate our services
Improve our website and systems
Manage marketing communications (where consent is given)
Ensure security, compliance, and operational integrity
We do not sell personal data.
6. Lawful Basis for Processing (GDPR)
We process personal data under one or more of the following lawful bases:
Consent – where you have explicitly opted in
Contractual necessity – to provide requested services
Legitimate interests – where processing is necessary and does not override your rights
7. AI & Automation Responsibility
We design AI-assisted systems with:
Defined guardrails
Human oversight and escalation
Brand-safe, appropriate communication standards
AI is applied to support consistency, speed, and reliability — not to remove accountability or judgement.
8. Cookies & Analytics
We use cookies and similar technologies to:
Improve website functionality
Understand visitor behaviour
Measure performance
Where required, consent is obtained via our cookie banner.
You can manage or disable cookies via your browser settings.
9. Marketing Communications
You may receive marketing communications from us if you:
Have opted in, or
Have a legitimate business relationship with us (where permitted by law)
You can unsubscribe at any time via links in our emails or by contacting us.
10. SMS Communications
Where you opt in to receive SMS communications:
Messages may relate to services, updates, or relevant offers
Message and data rates may apply
You may opt out at any time by replying STOP
We do not share phone numbers for third-party marketing without explicit consent.
11. Data Retention
We retain personal data only for as long as necessary to:
Fulfil the purpose it was collected for
Meet legal, contractual, or regulatory obligations
12. International Data Transfers
Personal data may be transferred to and processed in countries outside your country of residence, including the UK, EU, and jurisdictions where our service providers operate.
Where required, we apply appropriate safeguards such as:
Standard Contractual Clauses
Equivalent lawful transfer mechanisms
13. Your Rights
Subject to applicable law, you have the right to:
Access your personal data
Request correction or deletion
Restrict or object to processing
Withdraw consent
Request data portability
To exercise your rights, contact: [email protected]
13a. Right to Complain
You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your personal data has been handled unlawfully. Website: ico.org.uk | Helpline: 0303 123 1113
We would appreciate the opportunity to address your concerns before you contact the ICO.
14. Security
We implement appropriate technical and organisational measures to protect personal data, including:
Access controls
Secure systems
Encryption where appropriate
Please do not send sensitive information via unencrypted email.
15. Children’s Data
We do not knowingly collect personal data from children under 13.
If you believe such data has been provided, please contact us.
16. Policy Updates
We may update this Privacy Policy periodically.
Changes will be posted on this page and will not apply retroactively.
17. Contact
If you have questions about this policy or your data, contact:
[email protected]
ICO Registration Number: ZC110679
DATA PROCESSING ADDENDUM (DPA)
Data Processing Addendum (DPA)
Last updated: 26.01.2026
This Data Processing Addendum (“DPA”) forms part of any agreement between Stack Integral (“Processor”) and the client (“Controller”) where Stack Integral processes personal data on behalf of the Controller.
1. Purpose & Scope
This DPA governs the processing of personal data by Stack Integral on behalf of the Controller in connection with the provision of AI-assisted automation and workflow services.
It applies where Stack Integral processes personal data as a data processor, in accordance with:
UK GDPR
EU GDPR
Other applicable data protection laws
Where Stack Integral processes personal data for its own purposes (e.g. website enquiries), it acts as a data controller and those activities are governed by our Privacy Policy.
2. Roles & Responsibilities
Controller
The Controller:
Determines the purposes and means of processing personal data
Confirms it has a lawful basis for processing and sharing personal data
Is responsible for providing appropriate notices to data subjects
Processor (Stack Integral)
Stack Integral:
Processes personal data only on documented instructions from the Controller
Does not determine the purposes of processing
Applies appropriate technical and organisational safeguards
3. Nature & Purpose of Processing
Processing activities may include, but are not limited to:
Handling enquiries and communications
Managing follow-up, routing, qualification, and scheduling
Operating AI-assisted workflows under defined rules
Supporting operational automation agreed with the Controller
AI systems are configured with:
Defined guardrails
Human oversight and escalation
Brand-safe and context-appropriate behaviour
4. Categories of Data & Data Subjects
Categories of personal data may include:
Names
Contact details (email, phone)
Business information
Communication content
Interaction metadata
Categories of data subjects may include:
Customers
Prospects
Business contacts
Users interacting with the Controller’s systems
5. Lawful Processing & Confidentiality
Stack Integral shall:
Process personal data only as instructed by the Controller
Ensure personnel accessing personal data are bound by confidentiality
Not disclose personal data to third parties except as permitted under this DPA or required by law
6. Sub-Processors
The Controller authorises Stack Integral to engage sub-processors where necessary to deliver services (e.g. hosting, messaging, analytics platforms).
Stack Integral will:
Conduct appropriate due diligence
Ensure sub-processors are bound by data protection obligations
Remain responsible for sub-processor compliance
A list of sub-processors can be made available upon request.
Current sub-processors include, but are not limited to: HubSpot (CRM and communications), Apollo.io (lead data), and any platforms agreed in writing with the Controller at onboarding.
7. International Data Transfers
Where personal data is transferred outside the UK or EU, Stack Integral will ensure appropriate safeguards are in place, including:
Standard Contractual Clauses (SCCs)
Equivalent lawful transfer mechanisms
8. Security Measures
Stack Integral implements appropriate technical and organisational measures to protect personal data, including:
Access controls
Secure infrastructure
Data minimisation
Monitoring and logging where appropriate
Detailed security information may be provided upon reasonable request.
9. Data Subject Rights
Stack Integral will assist the Controller, where reasonably possible, in responding to data subject requests, including:
Access
Rectification
Erasure
Restriction
Objection
Data portability
10. Data Breach Notification
In the event of a personal data breach affecting data processed under this DPA, Stack Integral will:
Notify the Controller without undue delay
Provide available information to support compliance obligations
11. Data Retention & Deletion
Upon termination of services, Stack Integral will:
Delete or return personal data as instructed by the Controller
Retain data only where required by law or legitimate operational needs
12. Audits & Compliance
Stack Integral will:
Maintain appropriate records of processing activities
Provide reasonable information to demonstrate compliance
Cooperate with audits where required, subject to confidentiality and security constraints
13. Liability
Each party’s liability under this DPA is subject to the limitations set out in the main agreement, except where prohibited by law.
14. Governing Law
This DPA is governed by the laws of England and Wales, unless otherwise agreed in writing.
15. Contact
For data protection or DPA-related enquiries:
[email protected]
Company No. 17014408
Stack Integral
Privacy Policy | Cookies | Terms of Use | Contact Us
© 2026 Stack Integral. All rights reserved.