GDPR compliance at Stratford IQ
AVASOFT INNOVATION LTD. Registered in England and Wales No. 16368580. builds Stratford IQ to meet the expectations of UK GDPR, EU GDPR, and the UK Data Protection Act 2018. This summary explains our approach to collecting, securing, and processing personal data.
Data controller
AVASOFT INNOVATION LTD. Registered in England and Wales No. 16368580. is the data controller for personal data we collect to operate Stratford IQ, deliver services, and meet legal obligations. Our registered address is in the United Kingdom and privacy enquiries can be directed to support@stratfordiq.com.
Lawful bases for processing
- Legitimate interests in sourcing public business intelligence and maintaining a secure, reliable platform for our customers.
- Contractual necessity for authentication, account management, billing, and support services.
- Legal obligation to retain records for compliance and taxation.
- Consent for optional marketing updates, webinars, or beta programmes. Consent can be withdrawn at any time.
Categories of data
Platform user data
- Identity data (name, email, job title, organisation).
- Authentication data, audit logs, and usage telemetry.
- Subscription, invoicing, and support correspondence.
Business intelligence data
- Companies House filings, PSC registers, officer appointments, and statutory accounts.
- Public business contact information such as phone, email, and social profiles.
- Website metadata derived from our UK domain crawl.
Scoring & automated analysis
Stratford IQ may generate scores, ratings, or intelligence about companies and individuals. These outputs represent our subjective interpretation or automated inference based on available data. They are provided for informational purposes only and do not constitute assertions of fact. Users should independently verify outputs before relying on them for any decision.
Data minimisation & retention
We collect only what is needed to deliver our services. Business intelligence data is refreshed on a regular cadence from authoritative sources. Customer account data is retained for the duration of the contract and archived for up to twelve months to settle billing, disputes, or legal obligations before secure deletion. Marketing contact records are suppressed when consent is withdrawn or activity ceases for 24 months.
Data subject rights
Individuals may exercise their rights by emailing support@stratfordiq.com. We respond within statutory timeframes to:
- Access, portability, and rectification requests.
- Objections or restrictions to processing based on legitimate interests.
- Deletion requests, subject to legal retention requirements.
- Marketing opt-outs and do-not-contact preferences.
Security & governance
- TLS 1.2+ encryption in transit and encryption at rest for stored data.
- Role-based access control, multi-factor authentication, and least-privilege policies.
- Continuous monitoring.
- Documented incident response process with regulatory and customer notification workflows.
International transfers
Where sub-processors operate outside the UK or EEA, we rely on adequacy regulations or approved safeguards such as the UK Addendum to the EU Standard Contractual Clauses. Details of current processors and transfer mechanisms are provided in our Data Processing summary.
Sub-processors
We work with a small number of infrastructure and service providers. Each sub-processor is under a written agreement requiring GDPR-compliant safeguards and is monitored for performance.
| Processor | Service | Location | Safeguard |
|---|---|---|---|
| Postmark | Transactional email delivery | EU / USA | SCCs with UK Addendum |
Payment processing is provided by Paddle, who acts as an independent data controller for billing data under their own privacy policy.
Contact & complaints
Questions about this notice can be sent to support@stratfordiq.com. You may also contact the UK Information Commissioner's Office (ICO) at ico.org.uk.
Last updated: 1st January 2026