Last updated 22 October 2025
1.1 Astute Graphics Limited (company number 6465495) of Unit 1.03, Shell Store, Canary Drive, Hereford, HR2 6SR, ENGLAND is the controller for personal data it processes in connection with accounts, support, usage analytics, and service operations. Astute Graphics Limited is registered with the UK Information Commissioner’s Office (ICO) under registration number ZA326808. Astute Entity Limited (company number 16325129) is our holding company.
1.2 Paddle.com acts as the Merchant of Record for all purchases. Paddle is the independent controller for customer billing and payment data, which it processes in order to complete transactions, apply taxes, meet compliance requirements, and fulfil its own legal obligations. Further information on how Paddle handles personal data can be found in Paddle’s privacy policy: https://www.paddle.com/legal/privacy
2.1 Categories of personal data we may collect and process include:
(a) Identity and contact data (name, email address, account details, billing address);
(b) Technical data (device information, operating system, IP address, browser type);
(c) Usage data (interactions with the Services, preferences, logs, telemetry);
(d) Support data (queries, troubleshooting communications);
(e) Marketing and communications data (preferences, opt-ins, unsubscribes);
(f) Payment and tax data for any orders directly processed.
2.2 Purposes: provide and secure the Services; verify licences; process transactions; respond to support requests; improve features; comply with legal obligations; communicate important service information.
2.3 Legal bases for processing:
(a) Contract performance (providing the Services you purchase);
(b) Legitimate interests (service improvement, fraud prevention, usage analytics with safeguards);
(c) Consent (marketing emails or optional features requiring permission);
(d) Legal obligation (accounting, tax, compliance with authorities).
3.1 We use the following service providers (“subprocessors”) to process personal data on our behalf: Paddle (MoR), MailChimp, Capsule CRM, Google (email, analytics, reviews), Zendesk, Databricks, AWS (hosting), and XERO (accounting). A current list of subprocessors and their roles is maintained in our Annexes.
3.2 We may disclose data to competent authorities where required by law or court order.
4.1 Personal data may be processed outside the UK/EEA. Where this occurs, we rely on appropriate safeguards such as:
(a) adequacy regulations recognised by the UK government;
(b) the UK International Data Transfer Agreement (IDTA); or
(c) the EU Standard Contractual Clauses (SCCs) as applicable via our providers.
5.1 We retain personal data for as long as necessary to provide the Services and fulfil the purposes above. Payment records required by law may be retained after service termination in accordance with statutory requirements.
5.2 We do not retain Asset metadata (for example, file names) after Asset deletion, other than minimal logs required by law.
6.1 You may have the following rights under UK GDPR and equivalent data protection laws: to access your data; to rectify inaccurate data; to erase data; to restrict processing; to object to processing (including for direct marketing); to port data to another provider; and to withdraw consent where processing relies on consent. You may also lodge a complaint with the UK Information Commissioner’s Office (ico.org.uk) or with your local data protection authority if based outside the UK.
6.2 To exercise rights, contact hello@astutegraphics.com. You also have the right to complain to the UK Information Commissioner’s Office (ico.org.uk).
7.1 We apply technical and organisational measures to protect personal data, including: encryption in transit (HTTPS) and at rest (server-side encryption); role-based access controls; logging and monitoring; separation of environments; and vulnerability management and patching. These measures are proportionate to the risks presented and are regularly reviewed.
8.1 We may send service emails (transactional/operational). Marketing emails are sent with consent where required and include an unsubscribe option.
9.1 The Services are intended for adults (18+). We do not knowingly collect personal data from children.
10.1 We may update this Notice from time to time.