Privacy Policy

php4u Limited (“we”, “us”, “our”) is a private limited company registered in England and Wales.

We are the data controller for personal data processed in connection with our website (php4u.co.uk), the mobile applications developed and published by php4u Limited, and the services we provide. This policy explains how we collect, use, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. California residents have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) — please see Section 10 for details.

We may collect and process the following personal data:

• Contact information — such as your name and email address when you contact us directly.
• Communication data — the content of emails, messages, or enquiries you send to us.
• Technical data — IP address, browser type, and basic usage information collected automatically when you visit our website.
• Business information — details you provide as part of a professional enquiry or project engagement.

We do not collect sensitive personal data (such as health information, financial data, or data relating to criminal convictions) unless explicitly required and agreed upon for a specific engagement.

Mobile Application Usage Data — Our mobile applications collect aggregated, anonymous usage data only, including: app version, device operating system type (not device ID), session duration, feature interaction events, and crash/error reports. We do not collect names, email addresses, precise location, contacts, or any other personally identifiable information through our mobile applications.

We use your personal data for the following purposes:

• To respond to enquiries and provide information about our services.
• To manage and deliver contracted services.
• To fulfil legal obligations, including those under UK company law and tax law.
• To maintain records of business communications as required.
• To improve our website and services based on aggregated, anonymised usage data.
• To analyse anonymous usage patterns in our mobile applications to improve functionality and user experience.

We process your personal data under the following lawful bases as defined by UK GDPR:

• Contract — processing is necessary for the performance of a contract with you, or to take steps at your request before entering into a contract.
• Legitimate interests — we have a legitimate interest in processing data to respond to business enquiries and operate our business effectively, provided this does not override your rights.
• Legal obligation — we may process data where necessary to comply with a legal obligation.
• Consent — where you have given explicit consent, such as subscribing to communications.

We retain personal data only for as long as is necessary for the purposes for which it was collected, and in accordance with applicable legal requirements:

• Business enquiry data is retained for up to 12 months if no contract is formed.
• Client and contract data is retained for a minimum of 6 years following the end of the engagement, in accordance with UK tax and company law.
• Technical/website data (logs) is retained for no longer than 90 days.

We do not sell, share, or rent your personal information to third parties for their direct marketing purposes or for monetary consideration. This applies to all users including California residents under CCPA/CPRA.

We may share data in the following limited circumstances:

• Service providers — trusted third-party suppliers who assist in operating our business (e.g. email hosting, cloud infrastructure), under appropriate data processing agreements.
• Mobile app analytics processors — anonymised, aggregated usage data from our mobile applications may be processed by analytics service providers under strict data processing agreements. No personally identifiable information is shared.
• Legal requirements — if required to do so by law, court order, or regulatory authority.
• Business transfers — in the unlikely event of a business sale or merger, data may be transferred to the relevant successor entity.

Where data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place (e.g. Standard Contractual Clauses or UK International Data Transfer Agreements) in accordance with UK GDPR requirements.

Under UK GDPR, you have the following rights regarding your personal data:

• Right of access — you may request a copy of the personal data we hold about you.
• Right to rectification — you may request correction of inaccurate or incomplete data.
• Right to erasure — you may request deletion of your personal data in certain circumstances.
• Right to restriction — you may request that we restrict processing of your data.
• Right to data portability — you may request your data in a structured, commonly used format.
• Right to object — you may object to processing based on legitimate interests.
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at …. We will respond within one month of receiving your request.

If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

US residents please see Section 10 (California) and Section 11 (other US states) for applicable rights.

Our website may use essential cookies necessary for the site to function. We do not currently use tracking cookies, advertising cookies, or third-party analytics services that profile individual visitors.

If this changes, we will update this policy and, where required by law, seek your consent before placing non-essential cookies.

Our mobile applications do not use cookies. They may use device-level identifiers (such as a randomly generated session ID) solely to distinguish sessions for analytics purposes; these identifiers are not linked to any personal identity.

We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect data against unauthorised access, loss, or disclosure. However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

This section applies to residents of California under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

Categories of personal information we collect:

• Identifiers — such as name and email address (collected when you contact us directly).
• Internet or other electronic network activity — website server logs (IP address, browser type, pages visited).
• Inferences — none drawn from the above to create a profile.
• Sensitive personal information — none collected.

We do not sell or share personal information for cross-context behavioural advertising. California residents therefore need not submit an opt-out request, but we will honour any such request received.

California residents have the right to:

• Know what personal information we collect, use, disclose, and share.
• Delete personal information we hold about you, subject to certain exceptions.
• Correct inaccurate personal information we maintain about you.
• Opt-out of sale or sharing of personal information — not applicable as we do not sell or share personal information.
• Non-discrimination — we will not discriminate against you for exercising any of your CCPA/CPRA rights.
• Limit use and disclosure of sensitive personal information — we do not collect sensitive personal information as defined under CPRA.

To exercise any of these rights, please contact us using the email address in Section 1. We will respond within 45 days of receiving a verifiable consumer request. Where reasonably necessary, we may extend this period by a further 45 days and will notify you of the extension.

Shine the Light disclosure: We do not disclose personal information to third parties for their direct marketing purposes, and therefore no “Shine the Light” list is maintained.

This section applies to residents of the United States. Where applicable US state privacy laws grant you rights regarding your personal information, we are committed to honouring those rights.

Florida (FIPA): We comply with the Florida Information Protection Act (FIPA, Fla. Stat. § 501.171). In the event of a data breach affecting Florida residents, we will notify affected individuals within 30 days of discovery where required by law.

Other US states: We extend good-faith data rights — including access, deletion, correction, and opt-out of sale — to residents of other US states with applicable privacy laws (including Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Texas TDPSA, and others) to the extent required by those laws. To submit a request, please contact us using the email address in Section 1.

COPPA: Our website and mobile applications are not directed at children under 13. We do not knowingly collect personal information from children under the age of 13. If you believe a child has provided us with personal information, please contact us immediately and we will take steps to delete that information.

We do not use personal information for automated decision-making that produces legal or similarly significant effects on individuals.

We may update this privacy policy from time to time to reflect changes in our practices or legal obligations. The date at the top of this page indicates when the policy was last revised. We will notify users of material changes by updating the date and, where practical, by providing notice through our website or mobile applications. We encourage you to review this policy periodically.

If you have any questions about this privacy policy or how we handle your data: