Privacy Policy
Last updated: 29 April 2025
1. Who we are
We are Gingerbread Analytics Ltd (“we”, “our”, “us”), a company registered in England and Wales (company no. 15051414). We provide marketing-technology consultancy and software-as-a-service (SaaS) products to clients worldwide.
Registered office: Lytchett House, 13 Freeland Park, Wareham Road, Poole, Dorset, BH16 6FA, United Kingdom.
Data-protection contact: privacy@meetgingerbread.com.
2. The data we collect
| Category | Examples |
|---|---|
| Identity | name, job title, company |
| Contact | email, telephone, postal address |
| Account | usernames, hashed passwords, subscription tier |
| Usage | log-in timestamps, page views, feature interactions |
| Marketing | email preferences, survey responses |
| Technical | IP address, device type, browser, cookies, session-replay telemetry (mouse movement, clicks, scroll depth, form interactions) |
| Payment | last 4 digits of card, billing address (processed by our PCI-DSS-compliant provider) |
We do not knowingly collect special-category data.
3. How we obtain data
- Directly from you (forms, contracts, emails, calls).
- Automatically through our SaaS platform, cookies and session-replay scripts (see §11).
- From third parties (lead-generation partners, public sources) where lawful.
4. Purposes & lawful bases (UK GDPR Art. 6)
| Purpose | Lawful basis |
|---|---|
| Provide and secure our SaaS & consultancy services | Contract performance |
| Account administration & billing | Legitimate interests / contract |
| Product analytics, UX debugging & service improvement (inc. session-replay) | Legitimate interests* |
| Direct email marketing to existing customers | Legitimate interests (soft opt-in under PECR) |
| Prospect marketing | Consent |
| Legal, tax and regulatory compliance | Legal obligation |
| Detecting fraud or abuse | Legitimate interests |
*We balance our legitimate interests against your privacy, use proportional data capture, and honour opt-outs.
5. Marketing communications
You control whether you receive promotional emails. Use the unsubscribe link in any message or email privacy@meetgingerbread.com.
6. Sharing your data
- Cloud hosting, analytics and email vendors (all under data-processing agreements), including session-replay providers FullStory Inc. (USA) and Hotjar Ltd (Malta).
- Payment processor (Stripe Payments Europe Ltd) for card transactions.
- Professional advisers (lawyers, accountants).
- Authorities when the law requires.
We do not sell personal data.
7. International transfers
Our primary servers are in the UK/EU. Where we transfer data outside the UK/EU (e.g. to US-based sub-processors), we rely on UK/EU Standard Contractual Clauses (SCCs) or the UK IDTA, adequacy regulations (e.g. EU-US Data Privacy Framework), and additional safeguards.
8. Data retention
- Customer account data: life of contract + 7 years.
- Prospect data: 24 months after last interaction.
- Analytics logs & session replays: 25 months.
- Back-ups are purged on a 35-day rolling basis.
9. Security
- ISO 27001-aligned controls.
- Encryption in transit (TLS 1.3) and at rest (AES-256).
- Role-based access & multi-factor authentication.
- Regular penetration testing and vendor-risk reviews.
10. Your rights
Under the UK GDPR / EU GDPR you may access, correct, erase or port your data; restrict or object to processing (including session-replay analytics); and object to automated decision-making.
California and Brazilian residents have additional rights under the CCPA/CPRA and LGPD respectively.
Exercise any right by emailing privacy@meetgingerbread.com. We will respond within one month (or 45 days for CCPA requests). You may complain to the UK ICO at ico.org.uk or your local supervisory authority.
11. Cookies & similar tech
We use first- and third-party cookies, local storage and HTML5 session-replay scripts to:
- Keep you signed in.
- Remember preferences.
- Produce aggregated analytics and session-replay recordings to diagnose bugs and improve UX.
- Deliver and measure advertising (only with consent).
Manage cookies and session-replay consent via our Cookie Banner or your browser settings.
Opt-out links: FullStory |Hotjar
12. Automated decision-making
We do not make decisions producing legal or similarly significant effects solely by automated means.
13. Children
Our services are for business users. We do not knowingly collect data from anyone under 16.
14. Changes to this policy
We may update this notice to reflect changes in law or our practices. Material changes will be highlighted on this page and, where appropriate, notified by email.
15. Contact
Data Protection OfficerGingerbread Analytics Ltd
Lytchett House, 13 Freeland Park, Wareham Road, Poole, Dorset, BH16 6FA,
United Kingdom
privacy@meetgingerbread.com
