Privacy Policy.

Data Controller: Qapaciti Ltd
Location: Glasgow, United Kingdom
Contact: [email protected]

Qapaciti Ltd is a publishing services company. We help authors write, edit, publish, and market their books. This policy applies to our website at qapaciti.com and all services we provide.

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We collect the following categories of personal data:

Information you give us

• Name and email address — when you complete our enquiry form or request a call. We use this to respond to your enquiry and, where you consent, to keep you informed about our services.
• Book description or project details — when you describe your project in our enquiry form. This helps us understand your needs before we speak.
• Payment information — when you purchase a service. Payment is processed by Stripe Inc. We do not store your card details. Stripe stores and processes your payment data under their own privacy policy.
• Scheduling information — when you book a call via Calendly (Calendly LLC). Calendly may collect your name, email, and timezone. Their privacy policy governs this data.

Information collected automatically

• Usage and analytics data — we use DataFa.st to measure website traffic (pages visited, referral sources, session duration). This data is aggregated and used to understand how people find and use our site.
• Advertising data — we use the Meta Pixel (Facebook Pixel) to measure the effectiveness of our advertising on Facebook and Instagram. The Pixel may collect data about your visit (pages viewed, actions taken) and share it with Meta Platforms Ireland Limited under their Data Policy. You can opt out via your Facebook ad settings or a cookie consent tool.
• Cookies — see Section 7 below.

We use your personal data for the following purposes:

• To respond to enquiries — when you submit an enquiry form, we use your name and email to contact you. Legal basis: legitimate interests (running our business).
• To deliver services — when you become a client, we use your contact and project information to provide the agreed services. Legal basis: performance of a contract.
• To process payments — we pass your payment data to Stripe for secure processing. Legal basis: performance of a contract.
• To measure and improve our marketing — we use the Meta Pixel and DataFa.st to understand how visitors find us and how our ads perform. Legal basis: legitimate interests (improving our marketing).
• To send occasional updates — if you have enquired about our services or subscribed to our newsletter, we may send you relevant updates. Legal basis: legitimate interests. You can unsubscribe at any time.

We do not sell your personal data. We share it only with third-party service providers who help us operate our business:

• Stripe Inc. — payment processing. Stripe is a certified PCI Service Provider. Data may be transferred to the United States under Standard Contractual Clauses.
• Meta Platforms Ireland Limited — advertising measurement via the Meta Pixel. Meta may process data in the United States under their Data Transfer mechanisms.
• DataFa.st — website analytics.
• Calendly LLC — call scheduling. Calendly may process data in the United States under Standard Contractual Clauses.

We may also disclose your data if required by law or to protect the rights, property, or safety of Qapaciti Ltd or others.

• Enquiry data (name, email, project description) — retained for up to 2 years after your last contact with us, unless you ask us to delete it sooner.
• Client records — retained for 6 years after the end of the engagement for legal and accounting purposes.
• Payment records — retained by Stripe in accordance with their data retention policy and applicable financial regulations.
• Analytics data — aggregated and not personally identifiable. Retained in accordance with DataFa.st's policy.

Under UK GDPR, you have the following rights:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate or incomplete data.
• Erasure — ask us to delete your data (the "right to be forgotten"), subject to legal obligations.
• Restriction — ask us to restrict how we use your data in certain circumstances.
• Portability — request your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interests or for direct marketing purposes.
• Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days. If you are unhappy with how we handle your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Our website uses the following types of cookies:

• Strictly necessary cookies — required for the site to function (e.g. session state). These cannot be disabled.
• Analytics cookies — used by DataFa.st to measure traffic and usage. These help us understand what content is useful.
• Advertising cookies — used by the Meta Pixel to track conversions from our Facebook and Instagram ads. These cookies may track you across websites.

You can control cookies through your browser settings. Disabling advertising cookies may reduce the relevance of ads you see on Meta platforms but will not affect your ability to use this website.

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. Payment data is handled exclusively by Stripe, who maintain PCI DSS compliance.

While we take security seriously, no method of transmission over the internet is 100% secure. If you have concerns about a specific piece of data, please contact us.

Some of our service providers (Stripe, Calendly, Meta) are based in the United States. Where we transfer data outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK ICO.

Our services are not directed at children under 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

We may update this policy from time to time. When we do, we will update the "last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our website after changes constitutes acceptance of the updated policy.

For any questions about this policy or how we handle your data:

Qapaciti Ltd
Glasgow, United Kingdom
[email protected]