Expertluma Ltd ("Expertluma", "we", "us") operates a business-to-business ("B2B") software-as-a-service ("SaaS") platform for structured data workflows, including annotation, training data pipelines, and quality assurance. This Privacy Policy explains how we process personal data in connection with our website and services.
Who we are
Controller: Expertluma Ltd, 5 Brayford Square, London E1 0SG, United Kingdom. Contact: [email protected].
Company registration number (UK): 17139823
What data we process
Depending on your relationship with us, we may process:
- Account and contact data — name, work email, company name, role, and billing contacts.
- Service and usage data — log data, device/browser metadata, security signals, and operational metrics required to run the platform.
- Customer content — data you or your organisation uploads or generates in the platform (for example, tasks, annotations, and related assets), processed strictly to deliver the contracted service.
- Support communications — messages you send to us and records needed to resolve incidents.
- Waitlist sign-ups — information you submit through our waitlist forms (for example, name, email, company, domain expertise, and optional professional links) to register interest before launch.
Purposes and lawful bases (UK / GDPR)
We process personal data where:
- Contract — to provide the SaaS, authenticate users, invoice, and perform customer support.
- Pre-contract steps — to assess and respond to waitlist and sales enquiries at your request, ahead of any agreement.
- Legitimate interests — to secure our services, prevent abuse, improve reliability, and understand aggregate usage — balanced against your rights.
- Legal obligation — where required by applicable law.
- Consent — where we rely on consent (for example, certain marketing cookies or communications), you may withdraw consent at any time.
Processors and sharing
We use vetted infrastructure and service providers (for example, hosting, email, analytics, and security tooling) who process data on our instructions. We do not sell personal data. We may disclose information if required by law or to protect rights, safety, and integrity of our services.
International transfers
If personal data is transferred outside the UK or EEA, we implement appropriate safeguards (such as standard contractual clauses or equivalent mechanisms) where required by applicable law.
Retention
We retain data only as long as necessary for the purposes described, including legal, tax, accounting, and dispute resolution requirements. Customer content retention follows contract terms and configurable policies where available.
Security
We implement administrative, technical, and organisational measures appropriate to the nature of B2B SaaS processing. No method of transmission or storage is completely secure; we work continuously to reduce risk.
Your rights
Subject to applicable law, you may have rights to access, rectify, erase, restrict, or object to certain processing, and to data portability. You may also lodge a complaint with a supervisory authority. To exercise rights, contact [email protected].
Cookies and similar technologies
Our website may use cookies or similar technologies for essential operation, security, and (where permitted) analytics or preferences. You can control non-essential cookies through your browser settings and any cookie banner or preference centre we provide.
Children
Our services are not directed at children, and we do not knowingly collect personal data from children.
Changes
We may update this policy from time to time. Material changes will be communicated as appropriate (for example, via the website or email to account administrators).