S5 Ltd / Trust
Trust centre
S5 protects your data with privacy designed in from day one. Every product we operate is covered by the practices on this page.
How we protect your data
UK & EU hosting first
Databases and application servers run in EU data centres, with Cloudflare providing CDN and edge security. Data stays in the UK/EEA wherever practical.
Encryption everywhere
All traffic is encrypted in transit (TLS) and data is encrypted at rest. Payment card details are handled entirely by Stripe - we never see or store them.
Minimal data by design
Our products collect only what they need to work. We do not sell personal data, and we do not use third-party advertising trackers on our sites.
Self-hosted analytics
Site analytics run on our own self-hosted, cookie-free infrastructure rather than being shared with third-party ad platforms.
Transfers with safeguards
Where data leaves the UK/EEA (for example to Cloudflare or Stripe in the US), we rely on the UK International Data Transfer Addendum to the EU Standard Contractual Clauses.
Breach response
Personal data breach notifications from sub-processors route directly to our data protection contact and are assessed against UK GDPR notification duties.
Documents
Privacy policies
Every S5 product publishes its own privacy policy on its own domain, built from a single company-wide template that complies with the UK GDPR and the Data Protection Act 2018.
Data processing agreement (DPA)
B2B customers of S5 products can request our standard DPA, including the sub-processor list, by emailing [email protected].
Sub-processor list
Our core processors are Cloudflare (hosting/CDN, US), Hetzner (servers, EU), Stripe (payments, UK/US), Anthropic (AI features, US) and our own transactional email service (EU).
Data protection contact
S5 Ltd is the data controller for personal data collected through its products. For data subject access requests, erasure or rectification requests, or any privacy query:
- Email: [email protected]
- Post: Data Protection Contact, S5 Ltd, 20 Wenlock Road, London, N1 7GU, United Kingdom
We respond to data subject requests within one month, as required by the UK GDPR. You also have the right to complain to the Information Commissioner's Office at ico.org.uk.