Privacy

What this site does with your data — in full.

This page covers this website (somariskstudio.com), which is the home of SOMA Risk Studio, the product. It is not a licence or a description of what happens inside the Risk Studio application itself — see Security & data handling for that. Last updated 6 July 2026.

01 · Who we are

The data controller.

This site is operated by SOMA Project Controls Ltd, the consultancy behind SOMA Risk Studio. SOMA Project Controls Ltd is the controller for any personal data this site collects.

  • Registered officeSOMA Project Controls Ltd, C/O Fortis Accountancy Services Ltd, Middlesbrough, TS3 8TF, United Kingdom.
  • D‑U‑N‑S®232556078.
  • Contacthello@somaprojectcontrols.com for anything on this page, including exercising any of the rights in section 05.
02 · What we process, and why

Four things touch personal data on this site. Here is every one of them.

We don't run advertising pixels, session-replay tools, or third‑party trackers. If it isn't listed below, this site doesn't do it.

(a) The contact form

What: name, organisation, work email, what you're exploring, and your message — whatever you type into the contact form.

Purpose: replying to your enquiry.

Legal basis: our legitimate interest in responding to enquiries about our own product — you've contacted us expecting a reply, and we don't use the details for anything else.

Retention: for as long as the enquiry needs, and for up to 24 months afterwards (so we can pick a thread back up if you get back in touch) — then deleted.

Processor: when the form's backend is active, the message is sent via Resend (a transactional email delivery service) to our inbox. Until then, the form falls back to opening your own email client, so the message goes directly to us with no processor in between.

(b) Booking a walkthrough

What: name, email, and the slot you pick — only when the online scheduler on /book/ is switched on.

Purpose: arranging a call.

Legal basis: our legitimate interest in scheduling a meeting you've asked for.

Processor: when enabled, the scheduler is provided by Cal.com, a third‑party booking service — your booking details are processed under Cal.com's own privacy policy. Until the scheduler is switched on, /book/ only offers the email path in (a), with no third party involved.

(c) Analytics

What: aggregate page-view counts and performance metrics.

How: when switched on, this site uses Cloudflare Web Analytics — a cookieless measurement service. It sets no cookies, collects no personal data, and does no cross‑site tracking. It cannot identify you or link your visit to any other site you use.

Why no cookie banner: because nothing here stores information on your device or accesses information already stored there, it falls outside the UK PECR consent requirement — there is nothing to consent to.

(d) Server logs

What: standard web-server logs (IP address, requested page, timestamp, user agent) — generated automatically by Cloudflare Pages, our hosting provider, for every site on the internet that serves pages over HTTP.

Purpose: keeping the site running securely — abuse prevention, fault diagnosis.

Retention: governed by Cloudflare's own log-retention policy, not something we configure per visitor.

03 · Cookies

This site does not set cookies.

We don't use cookies for analytics, advertising, or preference storage. If that changes, this page and the site will carry a proper cookie banner before it happens — not after.

04 · Who we share data with

Only the processors named above, and only for the purpose named above.

We don't sell personal data, and we don't share it with anyone for their own marketing purposes. The only third parties that ever see anything you submit through this site are the processors described in section 02 — Resend (contact form, when active) and Cal.com (booking, when active) — each acting strictly on our instructions for the purpose stated.

05 · Your rights

What you can ask us to do, under UK GDPR.

Email hello@somaprojectcontrols.com to exercise any of these. We'll respond within one calendar month.

  • Access — ask what personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete it (subject to any legal reason we may need to keep it).
  • Restriction — ask us to limit how we use it while a query is resolved.
  • Objection — object to our processing where it's based on legitimate interest.
  • Portability — ask for a copy of what you gave us in a portable format.

If you're unhappy with how we've handled your data, you also have the right to complain to the UK's data protection regulator, the Information Commissioner's Office (ICO), at ico.org.uk. We'd rather you told us first so we can put it right.

06 · Changes to this policy

We'll update the date at the top when this changes.

This is a plain-English policy, kept honest about what the site actually does rather than what a template says it might. As the site adds or removes a processor (for example, switching the booking scheduler or analytics on), we update this page in step — not after the fact.

Questions about this policy?

Email us directly — the person who replies is the person who runs the site.