FeaturesHow it worksDevelopersPricing
Sign inBook demo
Privacy

Privacy Policy

Last updated: April 2026

At Immutis, we take your privacy seriously. This policy explains how we collect, use, and protect your data.

What we collect

Immutis captures and stores evidence files (photos, videos, documents) along with associated metadata (timestamps, location, device information). We also collect basic account information like email and company name.

How we use your data

Your files and metadata are used solely to provide the Immutis service - capturing, sealing, storing, and verifying evidence. We never sell your data to third parties.

Data security

All evidence is encrypted at rest and in transit. Files are cryptographically sealed at the moment of capture, making them tamper-evident. We implement industry-standard security measures to protect your data.

Your rights (GDPR & UK)

As a UK-based company, we comply with the UK GDPR and Data Protection Act 2018. You have the following rights:

  • Access - Request a copy of your personal data
  • Rectification - Correct inaccurate personal data
  • Erasure - Request deletion of your personal data ("right to be forgotten")
  • Portability - Request your data in a structured, machine-readable format
  • Restriction - Request limitation of processing
  • Objection - Object to processing based on legitimate interests
  • Withdraw consent - Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at privacy@immutis.com. We will respond within 30 days.

International data transfers

Your data is primarily stored and processed in the United Kingdom and European Economic Area (EEA). If data is transferred outside the UK/EEA, we ensure adequate protection through:

  • UK adequacy decisions
  • Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO)
  • Binding Corporate Rules for intra-group transfers

Third-party processors

We use trusted third-party services to provide the Immutis service:

  • Supabase (UK/EU) - Database, authentication, and file storage
  • Render (US) - Backend API hosting
  • Polygon (Global) - Blockchain anchoring for evidence verification
  • Mapbox (US) - Map and location services

All processors are contractually bound to protect your data in accordance with this policy.

Data retention

We retain different types of data for different periods:

  • Evidence files - Per your subscription tier (30 days Starter, 1 year Pro, 7 years Enterprise)
  • Account data - Duration of your subscription plus 2 years for legal/compliance
  • Audit logs - 7 years for compliance and evidentiary purposes
  • Marketing data - Until consent is withdrawn

After retention periods expire, data is securely deleted or anonymised.

Data breaches

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware. We will also notify affected users without undue delay.

Complaints

If you have concerns about how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

ico.org.uk

We hope to resolve any concerns internally. Please contact us first at privacy@immutis.com.

Cookies & analytics

We use essential cookies for authentication and service functionality. We may use anonymised analytics to understand website usage. We do not use advertising cookies or share data with advertising networks.

Contact

Questions about this policy? Reach us at privacy@immutis.com.