Privacy policy

Last updated: 22 April 2026

Heads up: this is starter copy intended as a reasonable baseline. Review it with a qualified solicitor or attorney for your jurisdiction (UK, US state, EU member state) before publishing as final policy.

This policy explains how Lyrava ("we", "us", "our") collects, uses, stores, and shares personal data when you visit https://lyrava.com (the "Site") or contact us via the form, email, or a scheduling link. We're committed to handling your information transparently and only for the purposes set out below.

1. Who we are

Lyrava is a trading name. Our registered company name and number, and our registered office address, will be added here once finalised. For any privacy questions, contact us at [email protected].

2. The data we collect

We collect the following categories of personal data:

  • Information you give us directly: name, work email, company, country, the service you're enquiring about, and the contents of any message you send via the contact form or email.
  • Technical information collected automatically: IP address (used only for security and analytics aggregation, then anonymised), browser type and version, device type, the pages you view, and how you arrived at the Site (referrer URL).
  • Cookies and similar technologies: see Section 7 below and our cookie policy for details.

3. How we use your data

We use the data above for the following purposes:

  • To respond to your enquiry and provide the service you've asked about.
  • To send you contractual or service-related communications (e.g. proposals, scoping notes).
  • To improve the Site, measure aggregate traffic, and understand which content is useful.
  • To meet legal, regulatory, and tax obligations.
  • To prevent fraud, abuse, and unauthorised access.

We will not add you to a marketing list, sell your data, share it with advertising networks, or pass it to anyone for their own marketing without your explicit opt-in.

4. Lawful basis (UK / EU GDPR)

For visitors in the UK and EU, we rely on the following lawful bases:

  • Performance of a contract — when responding to your enquiry, scoping work, and delivering services you've engaged us for.
  • Legitimate interests — for site analytics, security, and operational improvements, balanced against your rights and freedoms.
  • Consent — for any non-essential cookies and for any optional marketing communications you choose to receive.
  • Legal obligation — for tax records, compliance, and responding to lawful requests.

5. Sharing your data

We share personal data only with the service providers we need to operate the business, including (representative list — finalise based on your actual stack):

  • Web hosting and email delivery providers
  • Customer relationship management (CRM) and scheduling tools
  • Analytics providers (Google Analytics, Microsoft Clarity — when enabled)
  • Cloud productivity tools (Google Workspace, Notion)
  • Payment and accounting providers, where applicable

All third parties act as data processors under contract and are bound to use your data only for the purposes we instruct.

6. International transfers

Some of our service providers are based outside the UK and EU (typically in the United States). Where we transfer personal data internationally, we rely on appropriate safeguards: UK Addendum to the EU Standard Contractual Clauses, EU Standard Contractual Clauses, or adequacy decisions where they exist.

7. Cookies

We use a minimal set of essential and analytics cookies. By default, no analytics or tracking cookies fire until you accept them via the cookie banner. Full details and a list of cookies are in our cookie policy.

8. How long we keep your data

Enquiry data is kept for up to 24 months after our last interaction. Contractual records are kept for 7 years after the engagement ends, in line with UK accounting and tax requirements. Analytics data is anonymised after 14 months.

9. Your rights

Depending on your jurisdiction, you may have rights to: access your data, correct inaccurate data, delete your data, restrict or object to processing, request portability, and (for EU/UK residents) lodge a complaint with a supervisory authority.

  • UK: the Information Commissioner's Office (ico.org.uk).
  • EU: your national data protection authority.
  • California (CCPA/CPRA), Virginia, Colorado, Connecticut, and other US states with privacy laws: rights to access, delete, correct, and opt out of "sale" or "sharing" of personal data. We don't sell or share data for cross-context behavioural advertising.

To exercise any of these rights, email [email protected]. We'll respond within 30 days (UK/EU) or 45 days (California).

10. Security

We use industry-standard technical and organisational measures to protect personal data: encrypted transit (TLS), access controls, principle of least privilege, and vendor due diligence. No system is perfectly secure; we'll notify you and the relevant authorities if a breach is likely to result in a risk to your rights.

11. Changes to this policy

We may update this policy from time to time. Material changes will be flagged on the Site and the "last updated" date above will reflect the most recent revision.

12. Contact

Questions about this policy or your data? Email [email protected].