Privacy Notice
Effective date: March 2026 · Version: 2026-03-v1
Tessari Technologies Ltd (“Tessari”, “we”, “us”) is committed to protecting the personal data of everyone who uses our platform. This notice explains what data we collect, why we collect it, and the rights you have over it.
1. Who We Are
Tessari Technologies Ltd is the data controller for personal data processed through the Tessari governance, risk and compliance platform.
Contact:
Email: privacy@tessari.co.uk
Address: Tessari Technologies Ltd, London, United Kingdom
2. What Data We Collect
| Category | Examples | Purpose |
|---|---|---|
| Account data | Name, email address, job title | Account creation and authentication |
| Organisation data | Organisation name, sector, size | Platform functionality |
| Usage data | Pages visited, features used, session duration | Service improvement and analytics |
| Compliance data | Documents, risk registers, audit records you upload | Core platform functionality |
| Consent records | Consent type, timestamp, IP address, user agent | Legal compliance (UK GDPR Art.7) |
| Security data | IP address, login attempts, device information | Fraud prevention and security |
3. Lawful Basis for Processing
- Contract performance — to provide the services you have signed up for
- Consent — for marketing communications (you may withdraw at any time)
- Legitimate interests — for security monitoring, fraud prevention, and service improvement
- Legal obligation — to comply with applicable laws and regulations
4. How We Use Your Data
- Create and manage your account and organisation workspace
- Deliver the Tessari platform and its compliance features
- Send service-related communications (billing, security alerts, important updates)
- Send marketing communications (only with your consent)
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations under UK GDPR, NDPA 2023, and other applicable law
- Improve the platform through aggregated, anonymised analytics
We do not sell your personal data to third parties.
5. Sharing Your Data
We may share your data with:
- Supabase — database and authentication infrastructure (EU/UK servers)
- Resend — transactional email delivery
- Upstash — rate limiting and session data (Redis)
- Vercel — platform hosting and edge infrastructure
- Law enforcement or regulators — when required by law
All third-party processors are bound by data processing agreements that meet UK GDPR standards.
6. Data Retention
| Data type | Retention period |
|---|---|
| Account and profile data | Duration of account + 7 years |
| Session and authentication logs | 90 days |
| Analytics events | 13 months |
| Consent records | Duration of account + 7 years |
| Security events | Duration of account + 7 years |
| Inactive accounts | Anonymised after 2 years of inactivity |
7. Your Rights
Under UK GDPR and NDPA 2023, you have the right to:
- Access — request a copy of your personal data
- Rectification — ask us to correct inaccurate data
- Erasure — ask us to delete your data (subject to legal obligations)
- Portability — receive your data in a machine-readable format
- Object — object to processing based on legitimate interests
- Withdraw consent — withdraw marketing consent at any time via Settings → Privacy
To exercise any of these rights, submit a request at tessari.ng/dsr or email privacy@tessari.co.uk. We will respond within 30 days.
8. Cookies
We use essential cookies for authentication and session management. These cannot be disabled without affecting your ability to use the platform.
We use optional analytics cookies to understand how the platform is used. You can accept or decline these when you first visit.
9. International Transfers
Your data is processed primarily within the UK and EEA. Where data is transferred outside these regions, we ensure appropriate safeguards are in place (Standard Contractual Clauses or equivalent).
10. Changes to This Notice
We will notify you by email and via an in-platform banner if we make material changes to this notice.
| Version | Date | Summary |
|---|---|---|
2026-03-v1 | March 2026 | Initial privacy notice for platform launch |
11. Contact and Complaints
For privacy questions, contact us at privacy@tessari.co.uk.
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk or the Nigeria Data Protection Commission (NDPC) if you are based in Nigeria.