Privacy Policy

Effective date: 12 June 2026

1. Who we are

1.1​ This Privacy Policy is issued by Securities and Financial Engineering (S.A.F.E) Limited (“SAFE”, “we”, “us”, or “our”), a company incorporated in England and Wales under company number 04715634, with its registered office at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom. SAFE is registered with the UK Information Commissioner’s Office (ICO) under registration number ZC167935.

1.2​ SAFE supplies software and technology for professional and business users, and provides professional services including consultancy, trading support, risk management, business development, and trading-desk setup. This policy explains what personal data we collect, why, how we use and retain it, and your rights. It applies to our products and services, our licence management and activation infrastructure, our customer support, and our website at safelimited.com.

1.3​ Applicable law. We process personal data in accordance with the UK General Data Protection Regulation and the Data Protection Act 2018 (together, “UK data protection law”). Because our products and services are sold internationally, the EU General Data Protection Regulation (“EU GDPR”) also applies where we offer products or services to, or monitor the behaviour of, individuals in the European Economic Area.

1.4 ​EU representative. Where the EU GDPR applies, our representative in the European Union for the purposes of Article 27 EU GDPR is [EU representative name and address to be inserted]. Individuals in the EEA may contact our EU representative on matters relating to the processing of their personal data.

1.5​ Questions about this policy, and all privacy enquiries, should be directed to privacy@safelimited.com.

2. Which products and services this covers

2.1​ SAFE currently supplies locally installed desktop software (such as SAFE TradeDesk), software deployed on the customer’s own servers or private cloud, and related professional services. This policy covers the personal data processed in connection with all of them, together with our website and support functions.

2.2​ SAFE does not currently offer hosted or software-as-a-service products. If SAFE introduces a hosted product in future, a product-specific privacy supplement will describe the additional processing and will apply in addition to this policy.

3. What data we collect

We collect only the data necessary to provide our products and services, manage licences, support customers, and operate our website, and we are committed to data minimisation.

3.1 ​Activation and licence data. Where a product uses our licence management infrastructure, we record: (a) customer name and company name supplied at purchase; (b) the email address associated with the licence account; (c) a device identifier, being a one-way cryptographic hash derived from hardware identifiers, which we treat as pseudonymised personal data under data protection law; (d) the IP address of the device at activation and at each periodic licence validation; (e) the version of the software installed; and (f) activation and check-in timestamps.

3.2​ Services and business data. When we provide professional services, or deal with prospective clients, we process business-contact details and the identities of relevant client personnel, together with engagement correspondence, instructions, and records. We process the personal data within materials a client provides to us only so far as necessary to deliver the service.

3.3​ Support data. When you contact us at support@safelimited.com or legal@safelimited.com, we process the content of those communications and any attachments, and retain the correspondence to manage and resolve your request.

3.4​ Website data. Our website collects standard web server logs, which may include IP addresses, browser type and version, pages visited, referral URLs, and timestamps, used for security, performance monitoring, and aggregate analytics. We do not use cross-site tracking for advertising.

3.5​ What we do not collect. For products designed to store data locally on the customer’s device or on the customer’s own servers (such as SAFE TradeDesk), SAFE does not collect, receive, or have access to the customer’s business data, including deal records, trade data, contact lists, financial figures, and company records. That data is held in a database encrypted at rest using AES-256, within the customer’s environment, and is never transmitted to SAFE.

4. How we use your data

4.1 ​Licence validation and activation. To issue, validate, bind, and where necessary revoke licences, to verify that a licence is used within its permitted scope, and to maintain records of active and expired licences.

4.2​ Providing services and managing the relationship. To deliver our professional services, communicate with clients and prospective clients, administer engagements, and manage and develop the business relationship.

4.3​ Customer support. To respond to enquiries, diagnose issues, and maintain a history of interactions to provide consistent support.

4.4​ Security and fraud prevention. To detect and investigate suspicious activity, including attempts to circumvent our licensing or to use a single licence beyond its permitted scope.

4.5​ Product improvement. We may analyse aggregated and anonymised activation data, such as version uptake and check-in patterns, to inform product development. This analysis is carried out on data from which individuals cannot be identified, and to that extent falls outside data protection law.

4.6​ Legal and compliance. To comply with legal obligations, respond to lawful requests, enforce our Terms and Conditions, and protect the rights, property, or safety of SAFE, our customers, or others.

5. Legal bases for processing

5.1​ Performance of a contract. Processing of activation and licence data, and of personal data necessary to deliver services to a client, is necessary to perform our contract with the customer or to take steps at the customer’s request before entering into one.

5.2​ Legitimate interests. We rely on our legitimate interests in protecting our intellectual property, preventing licence fraud, maintaining the security of our infrastructure, managing and developing client relationships, and conducting business-to-business outreach. We have assessed that these interests are not overridden by your rights and freedoms. Certain of these activities may fall within the recognised legitimate interests under the Data (Use and Access) Act 2025.

5.3​ Legal obligation. We process personal data where required by law, including in response to lawful requests from regulatory or law-enforcement authorities.

5.4​ Consent. Where we rely on consent, for example for optional analytics cookies or certain marketing, you may withdraw it at any time, without affecting processing carried out before withdrawal.

6. Billing data

6.1​ Where applicable, payment for software licences and subscriptions is handled by Paddle (Paddle.com Market Limited and its affiliates), acting as Merchant of Record. Where Paddle is used, you enter into a payment relationship with Paddle, which collects and holds your payment card or bank details under its own privacy policy and PCI DSS programme. SAFE does not receive, process, or store those details, and receives from Paddle only the information needed to fulfil the order, namely customer name, company name, email address, and order reference.

6.2 ​Where you purchase directly from SAFE rather than through Paddle, SAFE processes the billing and invoice information needed to administer the order, such as name, company name, billing contact, billing address, and invoice details. Where you pay by card, your card details are handled by SAFE’s PCI-compliant payment provider and SAFE does not store full card numbers. Where you pay by bank transfer, SAFE processes the payment reference and remittance information shown when your payment is received.

7. Data sharing

7.1​ Paddle. Paddle acts as Merchant of Record for licence sales and independently controls the payment data you provide at checkout. We share order-fulfilment information (name, company, email, order reference) with Paddle to enable licence issuance.

7.2​ Hosting and service providers. Our activation infrastructure and website are hosted by Hostinger or a successor provider, which processes server logs and activation request data on our behalf as a processor under a written data-processing agreement. We may use other processors (for example, professional advisers and IT providers) under equivalent terms.

7.3​ Legal and regulatory disclosure. We may disclose personal data to courts, regulators, or law-enforcement agencies where legally required, or where we reasonably believe disclosure is necessary to protect our legal rights, prevent fraud, or protect the safety of individuals.

7.4​ No sale of data. We do not sell, rent, trade, or otherwise transfer personal data to third parties for their own marketing, profiling, or commercial purposes.

7.5​ Business transfers. In a merger, acquisition, or sale of all or substantially all of our assets, personal data may be transferred to the successor entity. We will notify affected customers of any such transfer and the successor’s applicable privacy policy.

8. International transfers

8.1​ Activation data, services data, and support data are primarily processed within the United Kingdom and, where relevant, the European Economic Area. Personal data may flow between the UK and the EEA in both directions on the basis of the mutual adequacy decisions in force between them.

8.2​ Paddle processes payment and order data in the United States. Paddle relies on the UK International Data Transfer Agreement and the EU Standard Contractual Clauses as its transfer mechanism, as described in Paddle’s privacy policy.

8.3​ Where any other transfer of personal data outside the UK or EEA occurs, we ensure appropriate safeguards are in place, such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, the EU Standard Contractual Clauses, or an applicable adequacy decision.

9. Data retention

9.1​ Activation and licence records. Retained for the duration of the licence and for two (2) years after its expiry or termination, to investigate disputes, handle refund claims, and meet legal obligations.

9.2​ Services and engagement records. Retained for the duration of the engagement and for six (6) years after its end, reflecting contractual limitation periods and tax and accounting requirements.

9.3​ Support communications. Retained for three (3) years from the most recent communication in a thread, unless a longer period is required by an ongoing dispute or legal obligation.

9.4​ Website server logs. Retained for ninety (90) days, then deleted or anonymised.

9.5​ At the end of the applicable period, data is permanently deleted or anonymised so that it can no longer be linked to an individual.

10. Your rights

10.1 ​Under UK data protection law and, where it applies, the EU GDPR, you have the rights to: access your personal data; have inaccurate data corrected; have data erased where there is no compelling reason to retain it; receive certain data in a portable format; object to processing based on legitimate interests; restrict processing in certain circumstances; and withdraw consent where we rely on it. We do not make decisions producing legal or similarly significant effects by solely automated means.

10.2 ​We respond to valid requests within one month. That period may be extended by up to two further months for complex or numerous requests, and the time limit pauses while we verify your identity or seek clarification. To exercise your rights, contact privacy@safelimited.com; we may need to verify your identity first.

10.3​ Right to complain. If you are unhappy with how we handle your personal data, you may complain to us at privacy@safelimited.com, where a complaints form is also available. We will acknowledge your complaint within 30 days and respond without undue delay. You may also complain to the UK Information Commissioner’s Office at ico.org.uk or, if you are in the EEA, to your local supervisory authority.

11. Security

11.1​ We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, loss, or destruction. Our activation infrastructure communicates over HTTPS (TLS 1.2 or higher), and access to activation records is restricted to authorised personnel on a need-to-know basis.

11.2​ Where a product stores the customer’s business data locally or on the customer’s own servers, that data is encrypted at rest using AES-256, within the customer’s environment. Where we hold personal data on our own infrastructure, we use encryption in transit and at rest.

11.3​We will notify the ICO of a personal-data breach within 72 hours of becoming aware of it where the breach is notifiable, and will inform affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms. Where we act as a processor, we will notify the relevant controller without undue delay.

12. Cookies

12.1​ Our website uses a minimal set of cookies. Strictly necessary cookies, and certain low-risk first-party analytics and functionality cookies that are exempt from the consent requirement under the Data (Use and Access) Act 2025, are used on the basis of an opt-out, which you can exercise through our cookie controls. We do not use advertising, cross-site tracking, or third-party profiling cookies, which would require your prior consent.

12.2​ On your first visit you will see a cookie notice through which you can manage your preferences. Declining optional cookies does not affect your ability to use the website or any SAFE product. SAFE desktop applications do not use browser cookies.

13. Marketing

We may send existing and prospective business customers information about our products and services that we consider relevant to their business, on the basis of our legitimate interests and in accordance with applicable electronic-marketing rules. You may opt out of marketing at any time, using the unsubscribe link in any message or by contacting privacy@safelimited.com. We do not sell your data or share it for third-party marketing.

14. Children

SAFE products and services are professional, business-to-business offerings. They are not directed at, marketed to, or intended for individuals under the age of 18, and we do not knowingly collect personal data from them. If we learn that we have inadvertently done so, we will delete it promptly.

15. Changes to this policy

15.1​ We may update this policy from time to time to reflect changes in our practices, the law, or our products and services. The current version is always available at safelimited.com.

15.2​ Where we make material changes, for example introducing new categories of data collection or changing the purposes for which we use data, we will notify active customers by email at least 14 days before the changes take effect. This policy is an information notice and does not require your acceptance; if you object to a change, you may exercise your rights under section 10 or end your use of the relevant product or service.

16. Contact

Privacy enquiries, data-subject requests, and complaints should be directed to privacy@safelimited.com. Where the EU GDPR applies, you may also contact our EU representative (section 1.4).

Securities and Financial Engineering (S.A.F.E) Limited

Registered in England and Wales, company number 04715634

Registered office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom

ICO registration number ZC167935

Data protection contact: privacy@safelimited.com

Website: safelimited.com