Privacy Policy

Last updated: June 2026

Caleta IT Solutions Ltd ("we", "us", "our") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your personal data.

Who We Are

Caleta IT Solutions Ltd is a UK-registered company (Company Number: 11157657) providing IT consulting services including cloud cost optimisation, migration, and data centre support.

Data Controller: Caleta IT Solutions Ltd
Data protection contact: privacy@caleta.io

What Data We Collect

We collect information that you voluntarily provide to us through:

Contact Form

  • Name
  • Email address
  • Company name (optional)
  • Phone number (optional)
  • Service interest
  • Message content

AI Chat Assistant

  • Chat conversation content
  • Email address (if you choose to provide it)
  • Session information

Free Assessment Tool

  • Azure Cost Management export data (if you upload it)
  • Email address for report delivery

Azure cost data is processed to generate your savings report. We retain your identifiable data only as long as needed to provide the service to you, and we delete it whenever you ask. We may keep aggregated or anonymised insights, which no longer identify you or your organisation, to improve the service. We never share your data with third parties.

Automatically Collected

  • IP address (for security and rate limiting)
  • Cookie consent preference

How We Use Your Data

We use your personal data to:

  • Respond to your enquiries and provide requested information
  • Follow up on potential business opportunities
  • Improve our services and website
  • Protect against spam and abuse

We will never sell your data to third parties or use it for marketing purposes without your explicit consent.

Legal Basis for Processing

We process your data based on:

  • Consent: You have given clear consent for us to process your personal data for the purpose of responding to your enquiry.
  • Legitimate interests: Processing is necessary for our legitimate business interests (e.g., security, fraud prevention).

How Long We Keep Your Data

We retain your contact information and conversation history for up to 24 months from your last interaction with us, unless you request deletion sooner.

After this period, your data is securely deleted from our systems.

Your Rights

Under UK GDPR, you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your personal data
  • Restriction: Request restriction of processing
  • Portability: Request transfer of your data
  • Object: Object to processing of your data
  • Complain: Lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk if you're unhappy with how we handle your data

Request Data Deletion

To request deletion of your personal data, or to exercise any of your rights, please contact us at:

Email: privacy@caleta.io

We will respond to your request within 30 days and confirm once your data has been deleted.

Cookies

Our website uses minimal cookies:

  • Essential: Cookie consent preference (stored locally)
  • Functional: Chat session identifier
  • Security: Cloudflare Turnstile (human verification)

We do not use advertising or tracking cookies. You can manage your cookie preferences through your browser settings.

The Cost Review app additionally sets one strictly-necessary session cookie (cr_session) when you sign in. Full detail on what it holds, how long it lasts, and how to clear it is on the Cost Review permissions and data handling page.

Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encrypted data transmission (HTTPS)
  • Secure data storage
  • Access controls and authentication
  • Regular security reviews

Third Parties

We may share limited data with:

  • Cloudflare: For security and human verification (Turnstile)
  • Anthropic: AI chat processing (conversation content only, not personal details)

These providers are GDPR-compliant and process data according to their respective privacy policies.

International Data Transfers

Your data is primarily stored and processed in the UK (Microsoft Azure UK South). Where a sub-processor processes data outside the UK (for example, Cloudflare or Anthropic), we rely on UK adequacy regulations, or the UK International Data Transfer Agreement / Standard Contractual Clauses, to safeguard it.

Caleta Cost Review (SaaS application)

Caleta Cost Review is a software-as-a-service tool that reads cost and configuration data from your Microsoft Azure environment and shows findings to help reduce your Azure spend. This section covers what the application accesses on your behalf, where the data is stored, and how you remain in control of it. It applies in addition to the rest of this policy. For the Azure environment data the application reads on your behalf, Caleta acts as your dataprocessor, processing it on your instructions to provide the service. Caleta is the data controllerfor your account data (sign-in identity and contact details) and for any aggregated or anonymised insights used to improve the service. A data processing agreement (DPA) is available on request.

What the application accesses

  • Azure cost and usage data via the Microsoft Cost Management API
  • Resource inventory and tags via Microsoft Resource Graph
  • Azure Advisor recommendations
  • The tenant ID and subscription IDs you grant access to
  • The email address and display name of the user who signs in

What the application does NOT access

  • The contents of any resource (no VM disks, no database contents, no storage blobs)
  • Identity or directory data (no users, no groups, no sign-in logs)
  • Anything outside the subscriptions you grant the application
  • Any subscription you have not explicitly selected for a scan

How we store it

  • Customer data (cost data, scan results, account information) is stored exclusively in the UK South Azure region in an encrypted database
  • The marketing website (caleta.io) is delivered via a global CDN, which serves only static page content. No customer data passes through it
  • Identifiable customer data is retained only as long as needed to provide the service, and deleted whenever you request it (see Your controls)
  • Aggregated or anonymised insights that no longer identify you may be kept to improve the service

How we secure it

  • TLS 1.2+ in transit, AES-256 at rest
  • Access limited to Caleta personnel performing your review
  • No data shared with third parties beyond the sub-processors listed below
  • No customer data used to train AI models
  • No data sold or used for marketing beyond your own account

Sub-processors

We use the following third parties to deliver the service. They process customer data only as instructed by Caleta and under contractual data protection terms.

  • Microsoft Azure (UK South) – hosting, database storage, AI-assisted analysis via Azure AI Foundry, and read-only Cost Management API access to the subscriptions you authorise.
  • Microsoft 365 – transactional email delivery and customer communication.
  • Cloudflare – DNS and secure tunnel for the API endpoint.

Your controls

  • Revoke the app's access at any time in Microsoft Entra (Enterprise applications), and access stops immediately
  • Request data export or deletion by emailing privacy@caleta.io
  • We respond to deletion requests within 30 days

Legal basis and roles (UK GDPR)

  • Your Azure environment data: processed as your processor, on your instructions, to perform the service (contract / legitimate interest).
  • Account and contact data, and aggregated or anonymised service-improvement insights: processed as controller under legitimate interest.
  • Data controller: Caleta IT Solutions Limited (Company number 11157657), 29 Blackwood Close, West Byfleet, England, KT14 6PP
  • ICO registration: ZC098396
  • A data processing agreement (DPA) is available on request.

For EU residents

Caleta processes personal data under UK GDPR, which is materially equivalent to EU GDPR. EU residents have the same rights of access, rectification, erasure, and portability described above. Contact privacy@caleta.io to exercise these rights.

For California residents

Caleta Cost Review is a B2B service. We do not sell personal data and do not engage in the targeted advertising activities that would trigger California's "Do Not Sell or Share" rights. California residents may contact privacy@caleta.io to exercise CCPA rights including access, deletion, and correction.

Changes to This Policy

We may update this privacy policy from time to time. Significant changes will be communicated via our website. The "Last updated" date at the top of this page indicates when this policy was last revised.

Contact Us

If you have any questions about this privacy policy or how we handle your data, please contact us:

Email: hello@caleta.io

Registered Office:
Caleta IT Solutions Ltd
29 Blackwood Close
West Byfleet, England, KT14 6PP

Complaints

If you are not satisfied with our response to your data protection concerns, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

https://ico.org.uk/make-a-complaint/