This Privacy Policy explains how Cypher Concierge collects, uses and protects personal data. We aim to comply with the UK GDPR and the Data Protection Act 2018.

What data we collect

• • Contact details (e.g., name, phone number, email if provided).
• • Request details (e.g., dates, locations, preferences, service requirements).
• • Communications (e.g., WhatsApp messages and support conversations).
• • Technical data (e.g., IP address, device identifiers, basic analytics/cookies where used).
• • Payment-related information (processed by our payment providers where applicable; we do not store full card details).

How we use your data

• • To respond to enquiries and provide concierge Services.
• • To manage membership, confirmations, bookings and support.
• • To share necessary information with third-party providers to deliver your request (only what is needed).
• • To improve our service quality and website performance.
• • To protect against fraud, misuse, and security threats.
• • To comply with legal obligations where applicable.

Legal bases for processing

We process personal data where it is necessary to perform a contract (or steps prior to entering a contract), where we have legitimate interests (such as operating and improving our services safely), where you have given consent (where required), or where we must comply with a legal obligation.

Sharing your data

We may share your data with trusted third-party providers and partners solely to fulfil your request (e.g., travel operators, venues, wellness providers, security firms), and with service providers that support our operations (e.g., website hosting, analytics, payment processors). We do not sell your personal data.

International transfers

If we share data with providers outside the UK, we will take reasonable steps to ensure appropriate safeguards are in place, such as contractual protections, where required.

Data retention

We retain personal data only for as long as necessary to provide Services, maintain records, resolve disputes, and meet legal or regulatory requirements. Retention periods may vary depending on the nature of the request and applicable obligations.

Data retention

• • Access: request a copy of your personal data.
• • Correction: request correction of inaccurate data.
• • Deletion: request deletion of data where applicable.
• • Restriction/Objection: request restriction or object to certain processing.
• • Portability: request transfer of certain data to another provider (where applicable).
• • Withdraw consent: where processing is based on consent.

To exercise your rights, contact us via WhatsApp (details above) or email if provided on the website.

Security

We use reasonable administrative and technical measures to protect personal data from loss, misuse and unauthorised access. No method of transmission or storage is completely secure; however, we take privacy and discretion seriously.

Cookies and analytics

We may use cookies or similar technologies to improve website performance and understand usage. Where required, we will request consent for non-essential cookies.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The “Last updated” date will be revised accordingly.