Caib

Privacy policy

How Caib (operated by TASL Ltd) collects and uses personal data when you use caib.io.

Last updated: 26 March 2026. This policy is drafted for UK compliance (UK GDPR and the Data Protection Act 2018). Have it reviewed by your legal adviser before high-risk processing or large-scale marketing.

1. Who we are

TASL Ltd (“we”, “us”, “our”) is the data controller for personal data processed through the website caib.io and related early access communications for the Caib product.

Contact (privacy): [email protected]

If we appoint a data protection officer (DPO) or EU/UK representative for other services, we will publish those details here.

2. What this policy covers

This policy applies when you visit caib.io, use our waitlist or contact facilities, receive emails from us about early access, and when we use cookies or similar technologies as described in our Cookie policy.

It does not govern third-party sites we link to (for example form providers or analytics tools); their privacy notices apply to them.

3. Personal data we collect

Depending on how you interact with us, we may process:

  • Identity and contact data: name, business name, job role or category (e.g. supplier/agency), and email address.
  • Communication data: messages you send us (including optional free-text on forms), and correspondence records.
  • Technical and usage data: IP address, browser type, device type, approximate location derived from IP, pages viewed, and referring URLs — typically collected via logs, cookies, or analytics as described in our Cookie policy.
  • Marketing preferences: consents or objections where the law requires them.

We do not intend to collect special category (sensitive) data via the public website. Please do not submit health or other sensitive information unless we explicitly ask for it under appropriate safeguards.

4. How we use your data and lawful bases

UK GDPR requires a “lawful basis” for each purpose. We rely on the following:

  • Waitlist and early access: to register your interest, communicate about onboarding, and manage capacity — legitimate interests (Article 6(1)(f)) in developing and launching our product, and/or performance of steps at your request prior to a contract (Article 6(1)(b)) where applicable. You may object to purely marketing use as described in section 9.
  • Responding to enquiries: legitimate interests in operating our business and assisting users, and/or contract where we are discussing a commercial relationship.
  • Website operation, security, and analytics: legitimate interests in securing our site, understanding aggregate use, and improving content; where cookies are non-essential, we will ask for consent (Article 6(1)(a)) in line with PECR and our Cookie policy.
  • Legal obligations and claims: where we must comply with law or establish/defend legal claims — legal obligation (Article 6(1)(c)) or legitimate interests in legal protection (Article 6(1)(f)).

5. Where data is processed

Our hosting and form or email providers may process data in the United Kingdom and/or countries outside the UK. Where we transfer personal data outside the UK, we will ensure an appropriate safeguard under UK GDPR (for example the UK International Data Transfer Agreement / Addendum, standard contractual clauses, or adequacy regulations), unless a specific derogation applies.

6. Recipients

We may share data with:

  • Service providers who host our website, support our waitlist API and data storage, send email, or provide analytics — only on our instructions and subject to appropriate terms.
  • Professional advisers (lawyers, accountants) where confidential.
  • Authorities when required by law or to protect rights and safety.

We do not sell your personal data.

7. Retention

We keep personal data only as long as necessary for the purposes above, including resolving disputes and satisfying legal, accounting, or reporting requirements. Indicative periods:

  • Waitlist and marketing contacts: until you withdraw consent or object (where applicable), or up to [24] months after last meaningful contact, unless a longer period is justified for legal claims or product delivery — we will review periodically.
  • Server and security logs: typically [30–90] days unless longer retention is needed for security investigations.

Adjust the bracketed periods to match your internal policy and document them in your records of processing.

8. Security

We implement appropriate technical and organisational measures appropriate to the risk, including access controls, encryption in transit (HTTPS), and vendor due diligence. No method of transmission over the Internet is completely secure; we cannot guarantee absolute security.

9. Your rights

Under UK data protection law you may have the right to:

  • Access your personal data and obtain certain information about processing;
  • Rectification of inaccurate data;
  • Erasure in certain circumstances;
  • Restriction of processing in certain circumstances;
  • Data portability for data you provided, where processing is automated and based on consent or contract;
  • Object to processing based on legitimate interests (including profiling in some cases);
  • Withdraw consent where processing is consent-based, without affecting lawfulness of prior processing;
  • Lodge a complaint with the Information Commissioner’s Office (ICO)ico.org.uk.

To exercise rights, contact [email protected]. We may need to verify your identity. You will not usually pay a fee; we will respond within one month (extendable in complex cases).

10. Automated decision-making

We do not use solely automated decision-making that produces legal or similarly significant effects in relation to public waitlist sign-ups. If that changes, we will update this policy and explain your rights.

11. Children

Our services are aimed at businesses and professionals. We do not knowingly collect data from children under 16 through this site. If you believe we have, contact us and we will delete it.

12. Changes

We may update this policy from time to time. The “Last updated” date will change and, where appropriate, we will notify you by email or a notice on the site.

13. Contact

Questions about this policy or our use of personal data: [email protected].