Privacy policy

This policy explains what personal information we collect, why we collect it, how we use it, how long we keep it, who we share it with, and your rights under UK data protection law. We have written it in plain English. If anything is unclear, please contact us at hello@lightkeepers.co.uk.

1. About Lightkeepers and this policy

Lightkeepers is a digital safety and scam-awareness service based in Surrey, England. We help older adults and their families improve awareness of scams, digital safety risks, and trusted sources of support.

Lightkeepers is currently operated as a sole trader by David Symons. We are in the process of registering as a Community Interest Company in England and Wales. Once registration is complete, this page will be updated with our registered company name, registered number, and registered office address.

For the purposes of UK data protection law, the data controller for the personal information described in this policy is David Symons, trading as Lightkeepers. You can contact the data controller at hello@lightkeepers.co.uk.

This policy applies to personal information collected through the Lightkeepers website (lightkeepers.co.uk), our newsletter Letters from the Lighthouse, and any contact you have with us, including enquiries about our paid One-to-One Support service. Our Terms and Conditions govern your wider use of the website.

2. What information we collect

We collect different types of information depending on how you interact with us.

When you subscribe to our newsletter, Letters from the Lighthouse, we collect your first name and email address.

When you use our contact form, we collect your first name, last name, email address, and the contents of your message. You may also choose to provide a phone number, a role or job title, and a company or organisation name.

When you enquire about our One-to-One Support service, we collect your name, email address, phone number, and any details you choose to share about your situation.

If you engage with our One-to-One Support service, we collect additional information during the discovery conversation. This may include details about your devices, accounts, online habits, family circumstances, and any specific concerns you wish to discuss. With your explicit consent, the discovery conversation may be audio-recorded so that we can produce your Lighthouse Report accurately. You can decline recording without affecting the service. If you decline recording, we may take written notes instead.

We do not currently use website analytics or tracking tools, and we do not collect information about how you use the website.

Our newsletter platform, Brevo, collects basic engagement information about our emails, such as whether a message has been delivered, opened, or whether links have been clicked. We use this information to understand whether our newsletters are useful and to manage our mailing list.

3. Information about other people

Sometimes you may contact us on behalf of another person, for example a family member enquiring about a parent. If you provide information about another person, please only do so where you have a proper reason and, where appropriate, that person's knowledge or permission.

Where someone contacts us on behalf of another person, we will, where appropriate and practicable, explain this policy to the person concerned when we first make contact with them, or within a reasonable period afterwards.

4. Sensitive information

Some enquiries and discovery conversations may involve sensitive circumstances. You may choose to share information with us about health, vulnerability, mental capacity, bereavement, family difficulties, or the impact of a scam. Under UK data protection law, this is known as special category data.

We do not ask for sensitive information unless it is necessary for the service you have requested. Where you do share it with us, we handle it carefully and only use it for the purpose of responding to your enquiry or providing the service requested. Where we process special category information, we do so only where necessary and where we have an additional lawful condition under UK data protection law, usually your explicit consent.

5. Please do not send us security information

Please do not send us passwords, banking login details, card PINs, security codes, one-time passcodes, or copies of identity documents unless we have specifically asked for them and explained why they are needed.

If you send us a screenshot or message that contains this kind of information, we will delete it from our records and ask you to share only the parts relevant to your enquiry.

6. Why we collect it and our lawful basis

UK data protection law requires us to have a lawful basis for processing your personal information. Our lawful bases are as follows.

Newsletter subscription. We rely on your consent (UK GDPR Article 6(1)(a)). You give consent by completing the signup form and confirming your subscription through the double opt-in email. You may withdraw your consent at any time by unsubscribing through the link in any newsletter.

Responding to enquiries and contact form submissions. We rely on legitimate interests (UK GDPR Article 6(1)(f)). It is in our legitimate interest, and yours, that we respond to questions and enquiries you send us. We have considered the rights and interests of the people who contact us, and we believe this processing is necessary and proportionate.

Delivering the One-to-One Support service. We rely on contract (UK GDPR Article 6(1)(b)). Where you have engaged us to provide a paid service, we process your personal information to deliver that service under our separate Terms of Engagement.

Recording the discovery conversation. We rely on your explicit consent (UK GDPR Article 6(1)(a) and Article 9(2)(a)). You are asked for consent at the start of the conversation and can decline without affecting the service.

Keeping business and tax records. We rely on legal obligation (UK GDPR Article 6(1)(c)). UK tax law requires us to retain certain financial records for a defined period.

7. How long we keep your information

We keep your information only for as long as we need it for the purposes set out above.

Newsletter subscribers: we keep your details until you unsubscribe or ask us to remove you. If you do not engage with the newsletter for 24 months, we may also remove your details to keep our list accurate.

Contact form submissions and general enquiries: we keep your details for 12 months from the date of last contact, then delete them.

One-to-One Support discovery conversation recordings and notes: we keep these for up to four weeks after the conversation, then delete them. By that point, your Lighthouse Report is complete and the underlying recording is no longer required.

Lighthouse Reports: we keep your finalised Lighthouse Report until you ask us to delete it, or for three years after your engagement with us ends, whichever comes first. We keep Lighthouse Reports for this period so that we can answer follow-up questions, support continuity of service, and keep a reasonable record of the advice and support provided.

Ongoing client contact details: we keep these for the duration of your engagement and for 12 months afterwards, then delete them, except where we are required to retain financial records for longer under tax law.

Financial and tax records: while Lightkeepers is operated as a sole trader, we retain financial records for at least five years after the 31 January submission deadline for the relevant tax year. Once Lightkeepers is registered as a company, we expect to retain company accounting records for at least six years from the end of the financial year to which they relate, or longer where required by law.

8. How we store and protect your information

We take the security of your information seriously and use reasonable technical and organisational measures to protect it.

We store your information using reputable third-party services that are GDPR-compliant. Our newsletter is managed through Brevo, which stores subscriber data within the European Union. Our website is hosted by Webflow.

Where we hold information directly, including discovery conversation notes and Lighthouse Reports, we store it on password-protected devices and in encrypted cloud storage.

9. Who we share your information with

We do not sell your personal information. We only share it where necessary to operate Lightkeepers, provide our services, comply with the law, or protect someone from serious harm.

We share your information with the trusted service providers who help us operate, including Brevo (newsletter platform, EU-based) and Webflow (website hosting and forms).

These providers act as data processors on our behalf. They are contractually required to keep your information secure and to use it only for the purposes for which we engage them.

We may change service providers from time to time, but we will only use providers that offer appropriate data protection safeguards.

We may also share your information where disclosure is necessary, proportionate, and lawful to protect someone from serious harm, prevent crime, or support safeguarding.

10. International data transfers

Webflow is based in the United States. Where personal information is transferred outside the UK, we rely on appropriate safeguards under UK data protection law, which may include adequacy arrangements, the UK extension to the EU-US Data Privacy Framework, the UK International Data Transfer Agreement, or the UK Addendum to the EU Standard Contractual Clauses, depending on the provider and transfer route in place at the time.

Brevo stores subscriber data within the European Union, which has equivalent data protection safeguards to the UK.

11. Your rights under UK data protection law

You have the following rights in relation to your personal information.

The right to be informed about how we use your information (this policy).

The right of access: to ask us for a copy of the personal information we hold about you.

The right to rectification: to ask us to correct information that is inaccurate or incomplete.

The right to erasure: to ask us to delete your information in certain circumstances.

The right to restrict processing: to ask us to limit how we use your information in certain circumstances.

The right to data portability: to receive a copy of your information in a portable format.

The right to object to processing: to object to how we use your information for certain purposes.

The right not to be subject to automated decision-making, including profiling. We do not make any decisions about you using automated means.

These rights are not absolute and may not apply in every case. If we cannot comply with a request, we will explain why.

To exercise any of these rights, please contact us at hello@lightkeepers.co.uk. We will respond within one month.

If you are unhappy with how we have handled your information, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

‍

12. How to make a complaint

If you are unhappy with how we have handled your personal information, please tell us first so we have a chance to put things right.

You can make a complaint by emailing us at hello@lightkeepers.co.uk. Please include enough detail for us to understand your concern, including what happened, when, and what outcome you are looking for.

We will acknowledge your complaint within 30 days and aim to provide a full response as soon as we can.

If you remain unhappy with our response, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

‍

13. Cookies

We use a small number of cookies to make the website work properly. These are essential cookies and are always active because the website cannot function without them.

We do not currently use analytics, advertising, or tracking cookies on our website. If we add any non-essential cookies in the future, we will update this policy and ask for your consent through a cookie banner before setting them.

Our newsletter platform, Brevo, may use tracking pixels and similar technologies within our emails to record delivery, opens, and link clicks, as described in section 2.

14. Children's data

The Lightkeepers service is directed at adults, particularly older adults and their families. It is not directed at children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe we may have collected information from a child, please contact us so we can remove it.

15. Data breaches

We take data security seriously. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours, as required by UK GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

We will also keep an internal record of personal data breaches and our decision-making, whether or not they are reported to the ICO.

16. Changes to this policy

We may update this policy from time to time. We will update the date at the bottom of this page when we do. Where changes significantly affect how we use your information, we will let you know directly.

17. Contact us

If you have any questions about this policy or how we handle your information, please contact us at thekeeper@lightkeepers.co.uk.

There should always be someone you can ask.

Last updated: June 2026

‍