Privacy Notice

Raksa is a compliance infrastructure platform designed for modern teams. We provide tools for data mapping, privacy assessments, regulatory intelligence, cookie consent management, and data discovery — unified in one platform.

When we say “Raksa”, “we”, “us”, or “our” in this notice, we are referring to Raksa.one Limited, the data controller responsible for your personal data. Raksa.one Limited is a company registered in England and Wales (company number 17173148), with its registered office at 66 Paul Street, London, England, EC2A 4NA.

We collect the following categories of personal data:

We process your personal data for the following purposes:

• Provide our service — To create and manage your account, deliver platform functionality, and provide customer support.
• Improve the platform — To understand how our tools are used, identify issues, and develop new features that serve your compliance needs.
• Communicate with you — To send service-related notifications, respond to your enquiries, and (where you have opted in) share product updates.
• Security & fraud prevention — To protect our platform and users from unauthorised access, abuse, and security threats.
• Legal compliance — To meet our own regulatory obligations, including record-keeping and responding to lawful requests.

Under the General Data Protection Regulation (GDPR), we rely on the following lawful bases for processing your personal data:

We do not sell your personal data. We share it only in the following limited circumstances:

• Sub-processors — Trusted third-party services that help us operate the platform — such as cloud hosting, email delivery, and analytics providers. Each is bound by data processing agreements.
• Legal obligations — Where required by law, regulation, or valid legal process — for example, in response to a court order or regulatory request.
• Business transfers — In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction, subject to the same protections.
• With your consent — Where you have explicitly authorised us to share data with a third party.

Your data may be processed outside the European Economic Area (EEA) or the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where the destination country provides an adequate level of protection
• Other recognised transfer mechanisms under applicable data protection law

Under data protection law, you have the following rights regarding your personal data. The quickest way to exercise them is through our Trust Center, where you can submit and track a request. You can also email us at privacy@raksa.one.

We will respond to your request within 30 days.

If you are unhappy with how we handle your personal data, you have the right to complain to us directly. You can raise a complaint through our Trust Center — which provides a dedicated complaint form — or by emailing privacy@raksa.one. We will acknowledge your complaint within 30 days of receiving it, make reasonable enquiries into it, keep you informed of our progress, and tell you the outcome without undue delay. This reflects our duties as a data controller under UK data protection law (the Data (Use and Access) Act 2025, which inserts section 164A into the Data Protection Act 2018, in force from 19 June 2026).

Complaining to us does not affect your right to lodge a complaint with a data protection supervisory authority — in the UK, the Information Commissioner’s Office (ICO).

We retain your personal data only for as long as necessary to fulfil the purposes described in this notice, or as required by law. Specifically:

• Account data — Retained for the duration of your account and deleted within 90 days of account closure.
• Usage data — Retained in aggregated, anonymised form for analytics purposes. Identifiable usage data is deleted within 12 months.
• Communication records — Retained for up to 3 years for support and compliance purposes.
• Legal hold data — Retained for as long as required by applicable legal obligations.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS) and at rest
• Role-based access controls and least-privilege principles
• Regular security assessments and penetration testing
• Incident response procedures and breach notification processes
• Staff training on data protection and information security

We may update this privacy notice from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the “Last updated” date at the top of this page and, where appropriate, by email or in-platform notification.

We encourage you to review this notice periodically to stay informed about how we are protecting your data.

If you have any questions about this privacy notice or how we handle your personal data, please get in touch:

We aim to respond to all privacy-related enquiries within 5 business days.