Privacy Policy

TRAGenX is a remote-first software studio and the data controller responsible for the personal data processed through this website. "Controller" means the organisation that decides how and why your personal data is used. TRAGenX is a subsidiary of PyramidLedger.

Because we operate on a remote-first basis, we communicate with website visitors and enquirers by email rather than through a postal address or telephone line. You can contact us about this policy, or about any personal data we hold, by email at info@pyramidledger.com.

We are not required to appoint a statutory Data Protection Officer under Article 37 of the UK GDPR, and we have not appointed one. Responsibility for data-protection matters rests with TRAGenX, and any enquiry sent to the email address above will be routed to the right person.

This website is a marketing and portfolio site. There are no user accounts, no payments or e-commerce, and no operational newsletter. The personal data we hold is either provided by you directly through one of our two web forms, or generated automatically as limited technical data when you visit the site. Both are described below.

Information you give us through the Contact form

• Your full name (required)
• Your email address (required)
• Your message (required)
• Your company name (optional)
• A topic, where you choose one — Products, a development project, Academy, Partnership, or Other (optional)

Information you give us through the Get a Quote form

• Your full name (required)
• Your email address (required)
• Your project details or message (required)
• Your company name (optional)
• An engagement type, where you choose one (optional)

Technical data processed when you use the site

Our website runs on the Cloudflare platform, which acts as our hosting, content-delivery, and security layer. As part of operating and protecting the site, Cloudflare processes limited technical data on our behalf, which may include:

• Your IP address
• Your browser type and device or user-agent information
• Request and security logs, including the pages requested and the date and time of the request

Anti-spam verification

When you submit a form, your IP address is processed transiently to verify Cloudflare Turnstile, a privacy-friendly anti-spam check (a CAPTCHA alternative). This verification helps us confirm that a submission comes from a genuine person rather than an automated script. We do not use this data to build a profile of you or to track you across other websites.

If you choose to include additional personal data within the free-text fields of either form — for example, in your message or project details — that information will also be processed by us. Please share only what is necessary for us to respond to your enquiry.

We only use your personal data for the purposes for which it was provided, and we always rely on a lawful basis under Article 6 of the UK GDPR. The headings below set out what we do and the lawful basis on which we do it.

Responding to and managing your enquiry

We use the information from the Contact and Get a Quote forms to read, understand, and reply to your message, to answer questions about our products, development services, the Vibecoding Academy, or a potential partnership, and to keep a record of our correspondence. Lawful basis: our legitimate interests (Article 6(1)(f)) in responding to and managing business enquiries and in running and growing our studio. Because we are a business-to-business studio, this processing relates to professional rather than household matters.

Taking steps towards a possible engagement

Where your enquiry concerns a possible project or quote, we use your information to scope the work, prepare a proposal or estimate, and discuss terms. Lawful basis: taking steps at your request prior to entering into a contract (Article 6(1)(b)).

Protecting and operating the website

We use technical data and the transient Turnstile check to keep the site available, secure, and free from spam and abuse. Lawful basis: our legitimate interests (Article 6(1)(f)) in maintaining the security and integrity of our website.

Complying with our legal obligations

We may use or retain personal data where we are required to do so to comply with the law, to establish, exercise, or defend legal claims, or to respond to a lawful request from a regulator or authority. Lawful basis: compliance with a legal obligation (Article 6(1)(c)) and, where relevant, our legitimate interests in protecting our rights.

Where we rely on legitimate interests, we have considered whether those interests are overridden by your interests or fundamental rights, and we believe the processing described above is proportionate and within your reasonable expectations. You can object to this processing — see Your data protection rights below.

We do not use Google Analytics, advertising cookies, marketing pixels, or any cross-site or third-party tracking. Cookies and similar storage on this site are limited to strictly-necessary functions, such as Cloudflare security and Turnstile.

We also use a small amount of browser sessionStorage to remember UI state — for example, that you have dismissed a blog pop-up. sessionStorage is not a cookie; it stays on your own device and is cleared automatically when you close the browser tab. Because the storage we use is strictly necessary, PECR does not require us to obtain your consent for it.

For full details of each item we use, why we use it, and how long it lasts, please see our Cookie Policy.

We do not sell your personal data, and we do not share it for anyone else's marketing. We share it only in the limited circumstances set out below.

Our service providers (processors)

We use carefully selected providers who process personal data on our behalf and under our instructions, governed by written terms that meet the requirements of Article 28 of the UK GDPR:

• Cloudflare, Inc. — hosting, Cloudflare Workers, content delivery, security, and Turnstile. Cloudflare processes technical data and the transient IP address used for anti-spam verification.
• Brevo (formerly Sendinblue) — our transactional-email provider, which delivers your form submission to us by email.

Professional advisers

We may share personal data with professional advisers — such as lawyers, accountants, or insurers — where it is necessary for them to provide their services to us.

Legal disclosures

We may disclose personal data where we are required to do so by law, court order, or a request from a regulator or other competent authority, or where disclosure is necessary to establish, exercise, or defend legal claims or to protect the rights, property, or safety of TRAGenX or others.

We may also share personal data in connection with a reorganisation, merger, or transfer of our business, in which case it will continue to be protected in accordance with this policy.

Some of our providers, including Cloudflare and Brevo, may process personal data outside the United Kingdom — for example, in the United States or other countries. Where personal data is transferred outside the UK, we make sure it remains protected to the standards required by the UK GDPR.

We rely on one or more of the following safeguards for such transfers:

• UK adequacy regulations, where the destination country has been recognised by the UK as providing an adequate level of protection
• The UK International Data Transfer Agreement (IDTA)
• The UK Addendum to the EU Standard Contractual Clauses, together with any additional measures needed to protect the data

If you would like more information about the safeguards in place for international transfers, please contact us by email at info@pyramidledger.com.

We keep personal data only for as long as we need it for the purposes described in this policy, and then we delete or anonymise it.

• Enquiry correspondence (Contact and Get a Quote submissions): we keep this for as long as is reasonably necessary to deal with your enquiry and for a limited period afterwards, so that we can handle any follow-up, maintain a record of our dealings, and address related queries. Where an enquiry does not lead to an engagement, we delete it once it is no longer needed.
• Where an enquiry leads to a signed engagement, the related records are retained under that engagement and our normal business and legal-record-keeping requirements.
• Technical and security data processed via Cloudflare: retained only for the short periods needed for security, logging, and operating the site.

When deciding how long to keep personal data, we consider the amount and sensitivity of the data, the purposes for which we hold it, and any legal or regulatory requirements. If you would like us to delete an enquiry sooner, please contact us by email at info@pyramidledger.com.

Under the UK GDPR, you have a number of rights in relation to your personal data. These rights may not all apply in every situation, and some are subject to conditions and exemptions, but they include:

• The right to be informed — to know how your personal data is used, which this policy is intended to explain.
• The right of access — to obtain a copy of the personal data we hold about you.
• The right to rectification — to have inaccurate or incomplete data corrected.
• The right to erasure — to ask us to delete your personal data in certain circumstances.
• The right to restriction — to ask us to limit how we use your data in certain circumstances.
• The right to data portability — to receive certain data in a structured, commonly used, machine-readable format, or to have it transferred to another controller, where the right applies.
• The right to object — to object to processing based on our legitimate interests.
• The right to withdraw consent — where we rely on your consent, you may withdraw it at any time, without affecting the lawfulness of processing before withdrawal.

How to exercise your rights

To exercise any of these rights, please email us at info@pyramidledger.com. We may need to verify your identity before we act on a request. We will respond within one month, although we may extend this by up to two further months for complex or numerous requests, in which case we will let you know. Exercising your rights is normally free of charge.

Your right to complain

If you are unhappy with how we have handled your personal data, we would like the chance to put it right, so please contact us first. You also have the right to complain to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection, at ico.org.uk.

We take appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage.

• Our website is served over encrypted HTTPS connections.
• We use the Cloudflare platform for hosting, content delivery, and security, including protection against common web threats.
• We use Cloudflare Turnstile to reduce spam and automated abuse of our forms.
• We limit access to enquiry data to those who need it to respond to you, and we work only with reputable providers, such as Brevo, that maintain their own security measures.

No method of transmission over the internet or of electronic storage is completely secure, so while we work hard to protect your personal data we cannot guarantee its absolute security. Please avoid sending us sensitive personal information through the forms unless it is necessary.

Our website and services are aimed at businesses and the professionals who work for them. They are not directed to children, and we do not knowingly collect personal data from anyone under the age of 18 through this website.

If you believe that a child has provided us with personal data, please contact us by email at info@pyramidledger.com and we will take steps to delete it.

Our website may contain links to third-party websites, platforms, or resources that we do not control. This Privacy Policy applies only to our website.

We are not responsible for the privacy practices or content of any third-party site, and we encourage you to read the privacy notice of any website you visit through a link from ours.

We may update this Privacy Policy from time to time to reflect changes in our practices, our providers, or the law. When we make changes, we will update the policy on this page so that the version published here is always the current one.

Where the changes are significant, we will take reasonable steps to make them more prominent. We encourage you to review this page periodically so that you stay informed about how we handle personal data.

If you have any questions about this Privacy Policy, about how we handle your personal data, or if you wish to exercise any of your rights, you can contact us by email at info@pyramidledger.com.

As a remote-first studio, email is our contact channel for data-protection matters. If you remain dissatisfied after contacting us, you have the right to complain to the Information Commissioner's Office at ico.org.uk.