Privacy Policy

Privacy Policy

Privacy Policy

Last updated: 14 October 2025

Who we are: Outverse Limited (“Outverse”, “we”).

Contact: hello@outverse.com

1) What this covers

This policy explains how Outverse, as controller, handles personal data for our website, marketing and account administration. Customer workspace/product data is handled as processor under our Data Processing Addendum (DPA) – a contract that sets out how we process personal data on the Customer’s instructions. The Customer – meaning the organisation or the individual account that controls the workspace – is the controller for that data.


2) Data we collect

  • Account & contact: name, work email, company, role, preferences.

  • Usage & device: IP address, device/OS, browser type, pages viewed, timestamps, cookie IDs.

  • Support & comms: messages you send us, event interactions, marketing preferences.

  • Billing admin: business billing contacts and transaction records (if applicable).

    We do not intentionally collect special-category data via the website.


3) How we use data (legal bases)

  • Provide, secure and operate the site and Services; authenticate users; prevent abuse – contract/legitimate interests.

  • Communicate service information and respond to enquiries – contract/legitimate interests.

  • Improve & analyse performance (with cookies where consented) – legitimate interests/consent.

  • Marketing (product news, events) with opt-out available – consent or legitimate interests.

  • Compliance with legal obligations – legal obligation.

    You can withdraw consent at any time; this will not affect prior processing.


4) When we act as processor

For Customer workspace/product data, we process only on Customer’s documented instructions under the DPA, maintain appropriate security, use subprocessors under contract, support data-subject requests where feasible, and notify without undue delay of personal-data breaches.


5) Sharing

We share personal data with service providers (hosting, email, analytics, support, payments), with your organisation/admins for enterprise accounts, with professional advisers and authorities as required by law, and in connection with a business transfer. We do not sell personal data.


6) International transfers

We may host and process personal data in the UK, EU, US or other regions. When personal data moves across borders, we use lawful transfer mechanisms recognised under applicable data-protection laws.


7) Security

We maintain administrative, technical and physical measures appropriate to the risk – including access controls, encryption in transit, logging, backups and employee training – and we review these controls periodically to enhance resilience.


8) Retention

We keep personal data only as long as needed for the purposes above and to comply with law; then we delete or anonymise it. Backups may persist for a limited period.


9) Your choices & rights

Subject to local law, you may have rights to access, rectify, erase, restrict or object, and to data portability. You can opt out of marketing via email links or by contacting us. UK residents can complain to the ICO.


10) Cookies

We use necessary cookies and, with consent, analytics/marketing cookies. Manage choices in our banner or your browser settings.


11) Children

Our Services are for business users and are not intended for children under 16.


12) Changes

We will post updates here and update the “Last updated” date. Material changes will be signposted reasonably.


Contact: hello@outverse.com