LODE ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website at go-lode.com or use our travel data analytics platform (collectively, the "Service").
This policy is written in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Please read it carefully.
Who We Are
The data controller responsible for your personal data is:
LODE
Email: info@go-lode.com
If you have any questions about how we handle your personal data, please contact us at the address above.
What Personal Data We Collect
We may collect and process the following categories of personal data:
Account and Identity Data
Name, email address, job title, and company name when you register for an account or contact us.
Usage Data
Information about how you use the Service, including pages visited, features used, query history, and session duration. This data is collected via cookies and similar technologies (see Section 8).
Communications Data
Any information you provide when you contact us via the enquiry form, email, or other channels, including the content of your messages.
Billing and Payment Data
Subscription tier, billing email, and payment status. We do not store full payment card details — all card transactions are processed by our payment provider, Stripe, under their own privacy policy.
Travel Data You Upload
LODE is a data analytics platform. When you upload travel data files (e.g., booking exports, expense reports), that data is stored within your secure, isolated data lake and used solely to provide the Service to you. We do not access, analyse, or share your uploaded travel data for our own purposes.
You remain the data controller for any personal data contained within the files you upload. We act as a data processor on your behalf for that data.
How We Use Your Personal Data
We use your personal data for the following purposes and on the following legal bases:
| Purpose | Legal Basis (UK GDPR) |
|---|---|
| To create and manage your account | Performance of a contract (Art. 6(1)(b)) |
| To provide and operate the Service | Performance of a contract (Art. 6(1)(b)) |
| To process payments and manage subscriptions | Performance of a contract (Art. 6(1)(b)) |
| To respond to your enquiries and provide support | Legitimate interests (Art. 6(1)(f)) |
| To send service-related notifications (e.g., billing, security) | Performance of a contract (Art. 6(1)(b)) |
| To send marketing communications (where you have opted in) | Consent (Art. 6(1)(a)) |
| To improve and develop the Service | Legitimate interests (Art. 6(1)(f)) |
| To comply with legal obligations | Legal obligation (Art. 6(1)(c)) |
How Long We Keep Your Data
We retain your personal data only for as long as necessary to fulfil the purposes set out in this policy, or as required by law:
- Account data: Retained for the duration of your account plus 2 years after closure, unless a longer period is required by law.
- Uploaded travel data: Retained for the duration of your subscription. Deleted within 30 days of account closure upon your request.
- Communications: Retained for up to 3 years from the date of your last communication.
- Billing records: Retained for 7 years to comply with financial record-keeping requirements.
Who We Share Your Data With
We do not sell your personal data. We may share it with trusted third parties only where necessary to deliver the Service:
- Stripe: Payment processing. Your payment details are handled directly by Stripe under their privacy policy.
- Amazon Web Services (AWS): Cloud infrastructure hosting. Data is stored in the EU (eu-west-2, London) region.
- Vercel: Website hosting and delivery.
- Legal authorities: Where required to comply with a legal obligation, court order, or to protect the rights of LODE or others.
All third-party processors are bound by data processing agreements that require them to protect your data in accordance with UK GDPR.
International Data Transfers
Your personal data is primarily stored and processed within the United Kingdom and the European Economic Area (EEA). Where data is transferred outside these regions (for example, to US-based service providers), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the relevant supervisory authority.
Your Rights
Under UK GDPR, you have the following rights in relation to your personal data:
Right of access
You may request a copy of the personal data we hold about you.
Right to rectification
You may ask us to correct inaccurate or incomplete data.
Right to erasure
You may request that we delete your personal data, subject to certain conditions.
Right to restrict processing
You may ask us to limit how we use your data in certain circumstances.
Right to data portability
You may request your data in a structured, machine-readable format.
Right to object
You may object to processing based on legitimate interests or for direct marketing.
Right to withdraw consent
Where we rely on your consent, you may withdraw it at any time.
Right to complain
You have the right to lodge a complaint with the Information Commissioner's Office (ICO).
To exercise any of these rights, please contact us at info@go-lode.com. We will respond within one calendar month.
You can also contact the ICO directly: ico.org.uk or by calling 0303 123 1113.
Cookies and Tracking Technologies
We use cookies and similar technologies to operate and improve the Service. Cookies are small text files stored on your device.
| Type | Purpose | Basis |
|---|---|---|
| Strictly necessary | Session management, authentication, and security. The Service cannot function without these. | Legitimate interests |
| Functional | Remembering your preferences and settings. | Legitimate interests |
| Analytics | Understanding how visitors use the site so we can improve it (e.g., page visits, session length). | Consent |
You can control cookies through your browser settings. Disabling strictly necessary cookies may affect the functionality of the Service.
Data Security
We take the security of your personal data seriously. Our security measures include:
- All data is encrypted in transit using TLS 1.2 or higher.
- Data at rest is encrypted using AES-256.
- Your uploaded data is stored in an isolated, private data lake accessible only to your organisation.
- Access to production systems is restricted to authorised personnel only.
- Regular security reviews and vulnerability assessments.
- JWT-based authentication with short-lived access tokens and secure refresh token handling.
Despite these measures, no transmission over the internet is entirely secure. If you believe your data has been compromised, please contact us immediately at info@go-lode.com.
Children's Privacy
The Service is intended for business use and is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will notify you by email (if you have an account) and update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
LODE
Email: info@go-lode.com