Privacy Policy

1. Who We Are

LBREEZE LIMITED (“we”, “us”, or “our”) is the data controller responsible for your personal data. We are a company registered in England and Wales, company number 15422629, with registered office at 83 Second Avenue, London, England, E12 6EN. We operate the website at www.lbreeze.com and the client portal at dash.lbreeze.com.

Data Protection Officer: Kostadin Stoyanov — privacy@lbreeze.com

For general privacy queries please contact us at hello@lbreeze.com or privacy@lbreeze.com, or by phone on 020 4587 5787.

2. Information We Collect

We collect the following categories of personal information:

• Account information: name, email address, postal address, telephone number, and company name (where applicable)
• Billing information: payment method details (processed and stored securely by Stripe — we do not store full card numbers), billing address, and transaction history
• Usage data: server access logs, IP addresses, browser type, pages visited, and session duration collected automatically when you use our website or services
• Cookies and tracking data: as described in our Cookie Policy
• Support communications: messages, emails, and live chat conversations you send to our support team
• Hosted content: any files, databases, emails, or data you store on our hosting infrastructure as part of your service

3. Legal Basis for Processing

We process your personal data under the following legal bases as defined by the UK GDPR:

• Contract performance (Article 6(1)(b)): processing necessary to provide the services you have subscribed to, manage your account, and process payments
• Legitimate interests (Article 6(1)(f)): fraud prevention, network security, improving our services, and direct marketing to existing customers
• Consent (Article 6(1)(a)): optional analytics cookies, marketing emails to prospective customers, and live chat services
• Legal obligation (Article 6(1)(c)): retaining financial records for tax and accounting purposes, responding to lawful requests from authorities

4. How We Use Your Information

We use your personal data for the following purposes:

• Provisioning and managing your hosting, domain, SSL, and email services
• Processing payments and issuing invoices
• Responding to support requests and providing customer service
• Detecting and preventing fraudulent activity and maintaining platform security
• Sending transactional communications (e.g. invoices, renewal reminders, service notices)
• Sending marketing communications where you have opted in or are an existing customer
• Analysing website usage to improve our products and services (with your consent where required)

We will never sell your personal data to third parties.

5. Data Sharing

We share your data with the following trusted sub-processors, each operating under a Data Processing Agreement:

• Stripe: payment processing — your card details are handled directly by Stripe under Stripe’s PCI DSS Level 1 certification. LBREEZE LIMITED itself is PCI DSS v4.0.1 SAQ D compliant (attested 16 February 2026)
• Google Analytics: website usage analytics — only activated with your cookie consent
• Chatwoot: customer support and live chat platform
• Enhance: next-generation hosting control panel and infrastructure management

We may also disclose your information where required to do so by law, court order, or in connection with any legal proceedings.

6. Data Retention

We retain your personal data only for as long as necessary for the purposes it was collected:

• Account data: retained for the duration of your active account plus 2 years after account closure
• Billing and financial records: retained for 7 years to comply with UK accounting and tax obligations
• Support communications: retained for 3 years from the date of the interaction
• Server access logs: retained for 90 days for security and diagnostic purposes
• Hosted content: deleted within 30 days of account termination (see our Data Processing Agreement)

7. Your Rights Under UK GDPR

As a data subject under the UK GDPR, you have the following rights:

• Right of access: request a copy of the personal data we hold about you
• Right to rectification: ask us to correct inaccurate or incomplete data
• Right to erasure: request deletion of your personal data (“right to be forgotten”), subject to legal retention obligations
• Right to restriction: ask us to pause processing of your data in certain circumstances
• Right to data portability: receive your data in a structured, machine-readable format
• Right to object: object to processing based on legitimate interests or for direct marketing purposes
• Right to withdraw consent: withdraw consent for any processing based on consent at any time
• Right to lodge a complaint: complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk

To exercise any of these rights, contact us at privacy@lbreeze.com (or hello@lbreeze.com). We will respond within one calendar month.

8. Cookies

We use cookies and similar tracking technologies on our website. For full details of which cookies we use, what they do, and how to manage your preferences, please read our Cookie Policy.

9. International Transfers

Our primary infrastructure is based within the UK and the European Union. Where data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place, including:

• Transfers to EU countries are covered by the EU–UK adequacy decision
• Transfers to other countries rely on Standard Contractual Clauses (SCCs) or equivalent mechanisms approved by the ICO

Sub-processors are contractually required to maintain equivalent data protection standards.

10. Security

We implement appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, disclosure, alteration, or destruction. These include encrypted storage, strict access controls, regular security reviews, and staff training.

LBREEZE LIMITED is compliant with PCI DSS v4.0.1 under Self-Assessment Questionnaire D for Merchants, with an Attestation of Compliance dated 16 February 2026. Our broader security controls are also designed to align with the principles of the EU NIS2 Directive (Article 21) and UK Cyber Essentials, including default-deny firewalls on every production node, multi-factor authentication for all administrative access, TLS 1.2+ encryption in transit, encrypted off-site backups, 24/7 infrastructure monitoring, and a centralised SIEM. LBREEZE LIMITED is not currently externally certified to Cyber Essentials Plus or ISO/IEC 27001; those statements describe internal alignment only.

Despite these measures, no internet transmission is completely secure. Suspected security incidents affecting your account should be reported immediately to security@lbreeze.com, or to hello@lbreeze.com for general incidents.

11. Contact & Complaints

For any privacy-related queries or to exercise your data rights, please contact us:

If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO): ico.org.uk