Privacy Policy

Effective date: 1 June 2026
Last updated: 1 June 2026

This Privacy Policy explains how After Premise Ltd (“After Premise”, “we”, “us”, “our”) collects, uses, shares and protects personal data when you visit afterpremise.com, request a demo, or otherwise interact with us. We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (PECR).

1. Who we are

After Premise Ltd is the data controller for the personal data we collect through this website.

  • Registered company: After Premise Ltd, 9 St. Johns Place, Newport, England, PO30 1LH, United Kingdom
  • Companies House number: 09043118
  • Privacy contact: team@afterpremise.com

We have not appointed a statutory Data Protection Officer because we are not required to do so under UK GDPR Article 37. Privacy enquiries should be sent to the contact above.

2. The personal data we collect

a. Information you give us directly

  • Demo request and contact form: your name, work email address, company name, and any message you provide. This form is provided through our embedded Caspio form on the Contact Us page.
  • Email correspondence: any information you include when emailing us at team@afterpremise.com.
  • Partner application: any information you provide if you apply to the APDocs partner programme via the Becoming an APDocs Partner page.

b. Information collected automatically

  • Cookies and similar technologies: see section 5 below for the full list.
  • Analytics data (only if you have accepted analytics cookies): pages visited, time on site, approximate location based on IP address (anonymised before storage), browser type and operating system, referring website.
  • Server logs: our hosting provider may log standard request information including IP address, user agent, timestamp and requested URL for security, fraud-prevention and service-integrity purposes.

3. How we use your data and our lawful basis

UK GDPR requires us to identify a lawful basis for each processing activity. The relevant bases for our processing are:

  • To respond to your enquiry or demo request — lawful basis: performance of a contract or steps prior to entering a contract (Art. 6(1)(b)).
  • To follow up with you about products and services you have asked about — lawful basis: legitimate interests (Art. 6(1)(f)) — running and growing our business in a way you would reasonably expect. You can object to this at any time.
  • To send you marketing emails about new features or services we offer — lawful basis: consent (Art. 6(1)(a)) for new contacts, or legitimate interests under the PECR “soft opt-in” for existing customers of similar products, in each case with a clear opt-out in every message.
  • To analyse and improve how the website performs — lawful basis: consent (Art. 6(1)(a)) — analytics cookies fire only after you have accepted them via our cookie banner.
  • To keep our website and your data secure — lawful basis: legitimate interests (Art. 6(1)(f)) and legal obligation (Art. 6(1)(c)) where applicable.
  • To comply with legal, regulatory or accounting obligations — lawful basis: legal obligation (Art. 6(1)(c)).

4. Who we share your data with

We do not sell, rent or trade your personal data. We share it only with the categories of recipients listed below, all of whom act as our data processors and are bound by written agreements that require them to protect your data and use it only on our instructions:

  • Caspio Inc. (United States) — provides the embedded Contact form and Direct registration (demo request) widget on the Contact Us page. Data you submit via the form is processed by Caspio under our account.
  • Google Ireland Limited / Google LLC (Ireland and United States) — provides Google Analytics 4 for website usage measurement. We have configured IP anonymisation and only fire analytics cookies after explicit consent.
  • LinkedIn Ireland Unlimited Company (Ireland and United States) — when you click on our LinkedIn link or icon you leave our site and visit LinkedIn under their own privacy policy.
  • Amazon Web Services EMEA SARL (Luxembourg / United Kingdom regions) — provides our website hosting via Amazon S3 and content delivery via Amazon CloudFront. Server access logs (IP address, user agent, request timestamp, requested URL) are processed by AWS for security and service-integrity purposes.
  • Wasabi Technologies Ireland Limited (Ireland) — provides the underlying object storage we use to operate the APDocs service for our customers. Website visitors’ personal data is not stored in this system.
  • Professional advisers (UK) — accountants, lawyers and similar, only where required for a specific purpose and under a duty of confidentiality.
  • Law enforcement, regulators and government bodies — only where we are legally required to disclose your data.

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.

5. Cookies and similar technologies

This site uses cookies and similar local-storage techniques. We classify them as:

  • Strictly necessary — required for the site to function and not subject to consent. We use one entry of this type:
    • ap-consent (browser localStorage, set on this domain) — remembers whether you accepted or rejected analytics. Cleared if you clear site data.
  • Analytics (optional) — set only after you click Accept in our cookie banner:
    • _ga, _ga_<ID> — set by Google Analytics 4 to distinguish visitors. Default expiry: up to 2 years.

You can change your choice at any time by clearing your browser’s storage for this site (in most browsers: Developer Tools → Application → Storage → Clear site data), then reloading. The banner will reappear.

6. International transfers

Some of the third-party processors above are based outside the United Kingdom (in the European Economic Area and the United States). Where we transfer personal data outside the UK:

  • Transfers to the European Economic Area rely on the UK government’s adequacy regulations.
  • Transfers to the United States rely on the UK Extension to the EU-US Data Privacy Framework, the International Data Transfer Agreement (IDTA), or the UK Addendum to the EU Standard Contractual Clauses as appropriate for each processor.

7. How long we keep your data

  • Demo and contact form data — kept for up to 24 months from your last interaction with us, then deleted, unless you have become a customer (in which case retention follows the contract).
  • Email correspondence — kept for as long as needed to handle your enquiry, then archived for up to 24 months for record-keeping and follow-up.
  • Analytics data — Google Analytics 4 is configured to retain user-level and event-level data for 14 months, after which it is automatically deleted.
  • Server access logs — typically 90 days, then deleted by our hosting provider.
  • Customer records and accounting data — kept for the period required by UK tax and company law (currently six years).

You can ask us to delete your data earlier — see section 8 below.

8. Your rights

Under UK GDPR you have the following rights in respect of your personal data:

  • Right of access — request a copy of the personal data we hold about you (Article 15).
  • Right to rectification — ask us to correct inaccurate or incomplete data (Article 16).
  • Right to erasure — ask us to delete your data where we no longer have a lawful basis to keep it (Article 17).
  • Right to restrict processing — ask us to pause processing in defined circumstances (Article 18).
  • Right to data portability — receive your data in a structured, commonly used format, or have it sent to another controller, for data we process on the basis of consent or contract (Article 20).
  • Right to object — object to processing based on legitimate interests, including for direct marketing (Article 21). You can opt out of marketing emails at any time using the unsubscribe link in any message.
  • Right to withdraw consent — where we process data on the basis of consent (such as analytics cookies), you can withdraw it at any time without affecting prior processing (Article 7(3)).
  • Rights related to automated decision-making — we do not make decisions that have legal or similarly significant effects on you using automated processing (Article 22).

To exercise any of these rights, email team@afterpremise.com. We will respond within one calendar month. We may ask you to verify your identity before fulfilling a request.

9. Complaints

If you are unhappy with how we have handled your personal data, please contact us first and we will do our best to resolve it. You also have the right to lodge a complaint with the UK supervisory authority:

  • Information Commissioner’s Office (ICO)
  • Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
  • Helpline: 0303 123 1113
  • Website: ico.org.uk

10. Children’s data

This website and the services described on it are not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Links to other websites

Our website may include links to third-party websites (such as Caspio Marketplace, LinkedIn, the ICO, and others). We are not responsible for the privacy practices of those sites. Please review their own privacy policies before sharing personal data with them.

12. Changes to this policy

We may update this policy from time to time. When we make material changes we will update the “Last updated” date at the top of this page and, where appropriate, notify you by email or via a notice on the site.

13. Contact us

For any question about this policy or how we handle your personal data, email team@afterpremise.com.