Privacy Policy

Last updated: May 2026

Caleta IT Solutions Ltd ("we", "us", "our") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your personal data.

Who We Are

Caleta IT Solutions Ltd is a UK-registered company (Company Number: 11157657) providing IT consulting services including cloud cost optimisation, migration, and data centre support.

Data Controller: Caleta IT Solutions Ltd
Contact: hello@caleta.io

What Data We Collect

We collect information that you voluntarily provide to us through:

Contact Form

  • Name
  • Email address
  • Company name (optional)
  • Phone number (optional)
  • Service interest
  • Message content

AI Chat Assistant

  • Chat conversation content
  • Email address (if you choose to provide it)
  • Session information

Free Assessment Tool

  • Azure Cost Management export data (if you upload it)
  • Email address for report delivery

Azure cost data is processed only to generate your savings report. It is deleted within 7 days of report delivery and is never shared with third parties.

Automatically Collected

  • IP address (for security and rate limiting)
  • Cookie consent preference

How We Use Your Data

We use your personal data to:

  • Respond to your enquiries and provide requested information
  • Follow up on potential business opportunities
  • Improve our services and website
  • Protect against spam and abuse

We will never sell your data to third parties or use it for marketing purposes without your explicit consent.

Legal Basis for Processing

We process your data based on:

  • Consent: You have given clear consent for us to process your personal data for the purpose of responding to your enquiry.
  • Legitimate interests: Processing is necessary for our legitimate business interests (e.g., security, fraud prevention).

How Long We Keep Your Data

We retain your contact information and conversation history for up to 24 months from your last interaction with us, unless you request deletion sooner.

After this period, your data is securely deleted from our systems.

Your Rights

Under UK GDPR, you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your personal data
  • Restriction: Request restriction of processing
  • Portability: Request transfer of your data
  • Object: Object to processing of your data

Request Data Deletion

To request deletion of your personal data, or to exercise any of your rights, please contact us at:

Email: hello@caleta.io

We will respond to your request within 30 days and confirm once your data has been deleted.

Cookies

Our website uses minimal cookies:

  • Essential: Cookie consent preference (stored locally)
  • Functional: Chat session identifier
  • Security: Cloudflare Turnstile (human verification)

We do not use advertising or tracking cookies. You can manage your cookie preferences through your browser settings.

Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encrypted data transmission (HTTPS)
  • Secure data storage
  • Access controls and authentication
  • Regular security reviews

Third Parties

We may share limited data with:

  • Cloudflare: For security and human verification (Turnstile)
  • Anthropic: AI chat processing (conversation content only, not personal details)

These providers are GDPR-compliant and process data according to their respective privacy policies.

Caleta Cost Review (SaaS application)

Caleta Cost Review is a software-as-a-service tool that reads cost and configuration data from your Microsoft Azure environment and shows findings to help reduce your Azure spend. This section covers what the application accesses on your behalf, where the data is stored, and how you remain in control of it. It applies in addition to the rest of this policy. The marketing pages on caleta.io and the SaaS application are operated by the same data controller (Caleta IT Solutions Ltd).

What the application accesses

  • Azure cost and usage data via the Microsoft Cost Management API
  • Resource inventory and tags via Microsoft Resource Graph
  • Azure Advisor recommendations
  • The tenant ID and subscription IDs you grant access to
  • The email address and display name of the user who signs in

What the application does NOT access

  • The contents of any resource (no VM disks, no database contents, no storage blobs)
  • Identity or directory data (no users, no groups, no sign-in logs)
  • Anything outside the subscriptions you grant the application
  • Any subscription you have not explicitly selected for a scan

How we store it

  • Customer data (cost data, scan results, account information) is stored exclusively in the UK South Azure region in an encrypted database
  • The marketing website (caleta.io) is delivered via a global CDN, which serves only static page content. No customer data passes through it
  • Retained for the duration of your active engagement plus 30 days
  • Deleted within 7 days of an offboarding request or account closure

How we secure it

  • TLS 1.2+ in transit, AES-256 at rest
  • Access limited to Caleta personnel performing your review
  • No data shared with third parties beyond the sub-processors listed below
  • No customer data used to train AI models
  • No data sold or used for marketing beyond your own account

Sub-processors

We use the following third parties to deliver the service. They process customer data only as instructed by Caleta and under contractual data protection terms.

  • Microsoft Azure (UK South) – hosting, database storage, AI-assisted analysis via Azure AI Foundry, and read-only Cost Management API access to the subscriptions you authorise.
  • Microsoft 365 – transactional email delivery and customer communication.
  • Cloudflare – DNS and secure tunnel for the API endpoint.

Your controls

  • Revoke the service principal at any time from your Azure portal – access stops immediately
  • Request data export or deletion by emailing privacy@caleta.io
  • We respond to deletion requests within 7 days

Legal basis (UK GDPR)

  • Legitimate interest (B2B service delivery) and contract performance
  • Data controller: Caleta IT Solutions Limited (Company number 11157657), 29 Blackwood Close, West Byfleet, England, KT14 6PP
  • ICO registration: ZC098396

For EU residents

Caleta processes personal data under UK GDPR, which is materially equivalent to EU GDPR. EU residents have the same rights of access, rectification, erasure, and portability described above. Contact privacy@caleta.io to exercise these rights.

For California residents

Caleta Cost Review is a B2B service. We do not sell personal data and do not engage in the targeted advertising activities that would trigger California's "Do Not Sell or Share" rights. California residents may contact privacy@caleta.io to exercise CCPA rights including access, deletion, and correction.

Changes to This Policy

We may update this privacy policy from time to time. Significant changes will be communicated via our website. The "Last updated" date at the top of this page indicates when this policy was last revised.

Contact Us

If you have any questions about this privacy policy or how we handle your data, please contact us:

Email: hello@caleta.io

Registered Office:
Caleta IT Solutions Ltd
29 Blackwood Close
West Byfleet, England, KT14 6PP

Complaints

If you are not satisfied with our response to your data protection concerns, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

https://ico.org.uk/make-a-complaint/