Home / Privacy Policy

Privacy Policy

Last updated: 7 February 2026

1. Introduction

TechLake ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website techlake.co, use our products, or engage with our services.

We are a data controller for the purposes of the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018), and the Privacy and Electronic Communications Regulations 2003 (PECR).

Our registered location is London, United Kingdom.

2. Information We Collect

2.1 Information You Provide Directly

  • Contact form submissions: Name, email address, business name, description of your problem, and any additional message content you provide.
  • Purchase information: When you purchase our products (e.g., SME Cashflow & Spend Toolkit, Charity Spend Tracker, Personal Spend Tracker), payment is processed by our third-party payment provider, Lemonsqueezy. We do not directly collect or store your payment card details.
  • Email correspondence: Any information you provide when contacting us at hello@techlake.co or support@techlake.co.

2.2 Information Collected Automatically

  • Technical data: IP address, browser type and version, operating system, time zone, and general location data.
  • Usage data: Pages visited, time spent on pages, and how you navigate our website.
  • Cookie data: See Section 8 (Cookie Policy) below for full details.

2.3 Information Collected by Third Parties

  • Tawk.to (Live Chat): When you use our live chat widget, Tawk.to may collect your IP address, browser information, chat transcripts, and any personal details you voluntarily share in the chat. Tawk.to operates as a data processor on our behalf. Tawk.to Privacy Policy.
  • Lemonsqueezy (Payments): When you purchase a product, Lemonsqueezy collects and processes payment data including your name, email, billing address, and card details. Lemonsqueezy acts as an independent data controller for payment processing. Lemonsqueezy Privacy Policy.

3. How We Use Your Information

We process your personal data based on the following lawful bases under UK GDPR Article 6:

Purpose Lawful Basis
Responding to your contact form enquiries Legitimate interest / Consent
Processing product purchases and delivering digital products Contract performance
Providing consulting services Contract performance
Providing live chat support via Tawk.to Legitimate interest
Website security and fraud prevention (rate limiting, CSRF protection) Legitimate interest
Improving our website and services Legitimate interest
Complying with legal obligations Legal obligation

4. Data Sharing and Third Parties

We do not sell your personal data. We may share your data with the following categories of recipients:

  • Tawk.to - Live chat provider (data processor). Data may be transferred to and processed in countries outside the UK. Tawk.to maintains appropriate safeguards for international transfers.
  • Lemonsqueezy - Payment processor (independent data controller). Processes payment data on their own terms.
  • Hosting provider - Our website is hosted on shared hosting infrastructure. The hosting provider processes data as needed to deliver the service.
  • Law enforcement or regulatory bodies - Where required by law or to protect our legal rights.

5. International Data Transfers

Some of our third-party service providers operate outside the United Kingdom. Where personal data is transferred internationally, we ensure appropriate safeguards are in place as required by UK GDPR Chapter V, including:

  • Transfers to countries with UK adequacy decisions.
  • Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO).
  • Binding Corporate Rules where applicable.

6. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

  • Contact form submissions: Retained for up to 12 months, then securely deleted.
  • Purchase records: Retained for 6 years to comply with UK tax and accounting obligations (HMRC requirements).
  • Chat transcripts (Tawk.to): Subject to Tawk.to's own retention policies.
  • Server logs: Retained for up to 90 days for security purposes.

7. Your Rights Under UK GDPR

Under the UK GDPR and DPA 2018, you have the following rights:

  • Right of access (Article 15): Request a copy of the personal data we hold about you.
  • Right to rectification (Article 16): Request correction of inaccurate personal data.
  • Right to erasure (Article 17): Request deletion of your personal data ("right to be forgotten").
  • Right to restrict processing (Article 18): Request that we limit how we use your data.
  • Right to data portability (Article 20): Receive your data in a structured, machine-readable format.
  • Right to object (Article 21): Object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw at any time without affecting the lawfulness of prior processing.
  • Rights related to automated decision-making (Article 22): We do not use automated decision-making or profiling that produces legal effects concerning you.

To exercise any of these rights, please contact us at hello@techlake.co. We will respond within one month as required by law.

If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

8. Cookie Policy

In compliance with the Privacy and Electronic Communications Regulations 2003 (PECR) and the UK GDPR, we provide you with clear information about the cookies used on our website.

8.1 What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They serve various purposes including remembering your preferences and improving your experience.

8.2 Cookies We Use

Cookie Provider Purpose Type
cookie_consent TechLake Stores your cookie preference (accept/reject) Strictly necessary
TawkConnectionTime, __tawk_*, twk_* Tawk.to Live chat functionality, session management, chat history Functional / Analytics
PHPSESSID TechLake Server-side session management (admin area only) Strictly necessary

8.3 Your Cookie Choices

When you first visit our website, a cookie consent banner allows you to accept or reject non-essential cookies. Strictly necessary cookies (such as your cookie consent preference) cannot be disabled as they are essential for the website to function.

If you reject non-essential cookies, third-party services like Tawk.to live chat will not be loaded, and their cookies will not be set.

You can also manage cookies through your browser settings at any time. Please note that disabling certain cookies may affect website functionality.

9. Artificial Intelligence (AI) and Data Policy

9.1 Our Use of AI

TechLake offers AI-powered tools and services to help small businesses. We are committed to the responsible and transparent use of AI in compliance with applicable UK and EU legislation, including:

  • UK Data Protection Act 2018 and UK GDPR - governing how personal data is processed in AI systems.
  • EU Artificial Intelligence Act (EU AI Act) - the EU's comprehensive framework for AI regulation, which we monitor for applicability.
  • ICO Guidance on AI and Data Protection - guidance from the UK Information Commissioner's Office on fairness, transparency, and accountability in AI.

9.2 AI Data Processing Principles

When our AI tools process your data, we adhere to the following principles:

  • Purpose limitation: AI processes your data only for the specific purpose for which the tool is designed (e.g., cashflow analysis, spend tracking).
  • Data minimisation: Our AI tools only access the data necessary to perform their function. Our spreadsheet-based products (SME Cashflow Toolkit, Charity Spend Tracker, Personal Spend Tracker) operate entirely locally on your device and do not transmit your financial data to our servers.
  • No automated decision-making with legal effects: Our AI tools assist with analysis and recommendations but do not make automated decisions that produce legal or similarly significant effects on you (Article 22 UK GDPR).
  • Human oversight: All outputs from our AI tools are designed to support, not replace, human decision-making.
  • Transparency: We clearly identify where AI is used in our products and services.

9.3 Third-Party AI Services

Where we use third-party AI services, we ensure:

  • Appropriate data processing agreements are in place.
  • Your data is not used to train third-party AI models without your explicit consent.
  • Data transfers comply with UK GDPR requirements.

9.4 Your AI-Related Rights

In addition to your general data rights (Section 7), you have the right to:

  • Request meaningful information about the logic involved in any AI-assisted processing of your data.
  • Object to AI-assisted profiling.
  • Request human review of any AI-generated output that affects you.

10. Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • HTTPS encryption (TLS/SSL) on all pages.
  • Content Security Policy (CSP) headers.
  • CSRF token protection on all forms.
  • Rate limiting to prevent abuse.
  • Honeypot fields and timing checks for spam prevention.
  • Bcrypt password hashing for administrative access.
  • Secure session configuration (HttpOnly, Secure, SameSite=Strict).
  • Input sanitisation and validation.
  • HSTS (HTTP Strict Transport Security) enforcement.

Despite these measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the highest practical standard.

11. Children's Privacy

Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly.

12. Links to Third-Party Websites

Our website may contain links to external websites. We are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policies of any third-party websites you visit.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. Where changes are significant, we will make reasonable efforts to notify you.

14. Contact Us

Data Controller

TechLake
London, United Kingdom

Email: hello@techlake.co

For data protection enquiries, subject access requests, or to exercise your rights, please email us at the address above. We will respond within one calendar month.

15. Applicable Law

This Privacy Policy is governed by the laws of England and Wales and is subject to the jurisdiction of the English courts. The applicable data protection legislation includes:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018 (DPA 2018)
  • Privacy and Electronic Communications Regulations 2003 (PECR)
  • Computer Misuse Act 1990