This Privacy Policy explains how MissionCTRL Ltd ("MissionCTRL", "we", "us" or "our") collects, uses, shares and protects personal data when you visit our websites, contact us, subscribe to our communications, book a meeting, or otherwise engage with us. TrustOS is a product of MissionCTRL Ltd. This policy applies to trustos.missionctrl.agency and to missionctrl.agency (together, "the sites").
We are committed to handling your personal data in line with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (PECR).
1.Who we are
MissionCTRL Ltd is the data controller responsible for your personal data.
- Company name: MissionCTRL Ltd
- Company number: 17018199 (registered in England & Wales)
- Registered office: 1 Empire Mews, London, England, SW16 2BF
- Contact for privacy matters: hello@missionctrl.agency
2.The personal data we collect
We collect and process the following categories of personal data:
Information you give us
- Enquiry and form data — when you complete a contact, demo or TrustOS Navigator request form, we collect details such as your name, email address, company, role, and the content of your message.
- Newsletter sign-ups — your name and email address when you subscribe to our updates.
- Meeting bookings — your name, email address and scheduling details when you book a call with us.
- Correspondence — any information you share when you email us or communicate with us directly.
Information we collect automatically
- Analytics data — we use Plausible Analytics, a privacy-focused, cookieless analytics service. It collects aggregated, anonymised usage data (such as pages viewed, referral source, country, device type and browser). It does not use cookies, does not store IP addresses, and does not track you across other websites.
Information we obtain from other sources
- Business contact data — for our business-to-business marketing and outreach, we may collect professional contact details (such as name, job title, business email and employer) from publicly available sources and reputable third-party business-data providers.
We do not knowingly collect special category data (such as data about health, race or religion) and ask that you do not send it to us through the sites.
3.How and why we use your data
We only use your personal data where we have a lawful basis to do so under UK GDPR. The table below sets out our main purposes and the corresponding lawful basis.
| Purpose | Data used | Lawful basis |
|---|---|---|
| Responding to your enquiries and providing the services or information you request | Enquiry / form data, correspondence | Legitimate interests; steps prior to entering a contract |
| Sending you our newsletter and marketing updates | Name, email | Consent (you can withdraw at any time) |
| Arranging and managing meetings | Booking and scheduling data | Legitimate interests; steps prior to a contract |
| Business-to-business outreach to relevant organisations | Professional contact data | Legitimate interests (with an opt-out in every message) |
| Understanding how the sites are used and improving them | Aggregated, cookieless analytics | Legitimate interests |
| Maintaining security and preventing misuse | Technical and usage data | Legitimate interests; legal obligation |
| Complying with our legal and regulatory obligations | Relevant records | Legal obligation |
Where we rely on legitimate interests, we have balanced those interests against your rights and freedoms. You can object to this processing at any time (see Section 8).
4.Cookies and similar technologies
Our analytics provider, Plausible, is cookieless and does not set tracking cookies or collect personal data, so the sites do not require a cookie consent banner for analytics.
Some embedded third-party tools — such as forms, calendar booking, or video — may set their own cookies when you interact with them. Where any non-essential cookie that requires consent is used, we will ask for your consent first. For full detail on cookies, see our Cookie Policy.
5.Who we share your data with
We do not sell your personal data. We share it only with trusted service providers ("processors") who help us run our business, and only as needed to deliver the purposes above. These include:
- HubSpot — customer relationship management and form handling.
- Brevo — email newsletter and communications.
- Apollo — business-to-business prospecting and outreach.
- Plausible Analytics — cookieless website analytics.
- Netlify — website hosting and delivery.
- Calendar / scheduling and email providers — to arrange and manage meetings and correspondence.
We may also disclose personal data where required to comply with the law, enforce our agreements, or protect our rights, property or safety, and to professional advisers or in connection with a business reorganisation or sale.
6.International transfers
Some of our providers are based outside the UK, including in the United States. Where personal data is transferred outside the UK, we ensure an appropriate safeguard is in place — such as a UK adequacy decision, the UK International Data Transfer Agreement, or the UK Addendum to the EU Standard Contractual Clauses — so that your data continues to receive an equivalent level of protection.
7.How long we keep your data
We keep personal data only for as long as necessary for the purposes set out in this policy, after which it is securely deleted or anonymised. In general:
- Enquiries and prospect data — kept while there is a live interest or relationship, and reviewed periodically.
- Newsletter subscriptions — kept until you unsubscribe.
- Client and financial records — kept for the period required by law (typically at least six years for accounting and tax purposes).
8.Your rights
Under UK data protection law you have the right to:
- be informed about how your data is used (this policy);
- request access to the personal data we hold about you;
- request correction of inaccurate or incomplete data;
- request erasure of your data ("right to be forgotten") in certain circumstances;
- request that we restrict processing of your data;
- object to processing based on legitimate interests, and to direct marketing at any time;
- request portability of the data you provided to us; and
- withdraw consent at any time, where we rely on consent.
To exercise any of these rights, contact us at hello@missionctrl.agency. We will respond within one month. Exercising your rights is free of charge in most cases.
9.How we protect your data
We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse or alteration. We restrict access to those who need it, and we work only with providers who maintain robust security standards. No method of transmission over the internet is completely secure, however, and we cannot guarantee absolute security.
10.Children
Our sites and services are intended for businesses and professionals and are not directed at children. We do not knowingly collect personal data from anyone under the age of 18.
11.Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices or the law. The latest version will always be published on this page, with the "Last updated" date revised accordingly. Significant changes will be communicated where appropriate.
12.Contact us
For any questions about this policy or how we handle your personal data, please contact:
- MissionCTRL Ltd — Company No. 17018199
- Email: hello@missionctrl.agency