STL Solutions Ltd (“we”, “us”, “STL Solutions”) takes your privacy seriously. This Privacy Policy explains what personal data we collect when you use our website (stlsolutions.co.uk), our online CLEUD intake platform, and our consultancy services, and how we use, store, share, and protect it.
1. Who we are
STL Solutions Ltd is a company registered in Scotland. Our registered office is Clockwise, Savoy Tower, 77 Renfrew Street, Glasgow, G2 3BZ. You can contact us at info@stlsolutions.co.uk for any privacy-related queries.
For the purposes of UK GDPR and the Data Protection Act 2018, STL Solutions Ltd is the data controller of the personal data described in this policy.
2. What data we collect
2.1 Information you give us
- Contact & booking forms: name, email, phone number, property location, property details, licensing/planning status, and your free-text description of your situation.
- CLEUD intake: applicant name, contact details, property address and characteristics, ownership information, use history, evidence files (booking records, statements, photos, council correspondence), and any signed declarations.
- Payment information:when you pre-authorise a paid consultation or pay our engagement fee, you enter your card details directly on Stripe's secure payment page. We never see or store your full card number - we only retain a payment identifier from Stripe.
- Communications: the content of emails, messages, and calls you exchange with our advisors.
2.2 Information we collect automatically
- Cookies and similar: a small number of strictly-necessary cookies - for example, the session cookie that lets you resume a CLEUD application, and the admin login cookie.
- Server logs: standard request data (IP address, user-agent, timestamps) kept for security and debugging.
2.3 Information from third parties
- Council and planning records:when relevant to your case, we look up publicly-available information from council planning portals, the Land Register, the Scottish licensing register, and HM Revenue & Customs guidance.
- Stripe: we receive payment status updates and a non-sensitive payment reference.
- Google Workspace: we use Google Calendar to create your consultation events and a Google Meet link.
3. Why we use your data (legal basis)
- To deliver our services (legal basis: contract): processing your CLEUD application, providing consultancy advice, managing bookings, and communicating with you about your case.
- To take payment (legal basis: contract): processing pre-authorisations and capturing fees via Stripe.
- To comply with our legal obligations (legal basis: legal obligation): tax records, accounting, anti-money-laundering checks where applicable.
- To run and improve our website (legal basis: legitimate interests): security, debugging, basic analytics, and ensuring forms work.
- To send service updates and case communications (legal basis: contract / legitimate interests): including the confirmation and resume emails for your CLEUD application or booking.
We do not currently send marketing emails. If we do so in future we will rely on your consent and provide a clear opt-out.
4. Who we share data with
We share personal data only with carefully-chosen processors who help us deliver the service:
- Supabase (database and file storage) - EU/UK region.
- Stripe (payments) - processes card data under their own privacy policy and PCI-DSS compliance.
- Google Workspace(email delivery, calendar, Meet) - we use Google's services to send transactional emails (from
no-reply@stlsolutions.co.uk) and to host consultation video calls. - Anthropic(AI-assisted case assessment) - for CLEUD applications, anonymised summaries of your case may be sent to Anthropic's API to support our advisor's preparation. We do not send raw evidence files.
- Vultr (hosting infrastructure) - UK / EU data centres.
We may share information with local councils, planning portals, the Scottish DPEA, HMRC, or your appointed solicitor as needed to progress your case. We do not sell personal data to anyone.
5. How long we keep data
- CLEUD applications and case files: retained for the duration of our engagement plus 7 years (statutory limitation period for professional negligence claims and HMRC record requirements).
- Booking and consultation records: retained for 6 years.
- Marketing-form enquiries that don't convert: retained for 24 months, then deleted.
- Payment records: retained for 7 years (HMRC requirement).
- Server logs: retained for 90 days.
6. Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you.
- Have inaccurate data corrected.
- Request that we erase your data (subject to our legal obligations to retain it).
- Restrict or object to certain processing.
- Receive a copy of your data in a portable format.
- Withdraw any consent you've given (where consent is the legal basis).
To exercise any of these rights, email info@stlsolutions.co.uk. We will respond within one month.
You also have the right to complain to the UK's Information Commissioner's Office (ICO) at ico.org.uk.
7. International transfers
Our infrastructure (Supabase, Vultr) keeps data within the UK or EU. Stripe, Google, and Anthropic may process limited data outside the UK - in each case we rely on the UK GDPR's adequacy mechanisms (e.g. Standard Contractual Clauses or UK adequacy decisions) and the respective providers' security commitments.
8. Security
We protect your data with encryption in transit (HTTPS / TLS), encrypted storage at our database and file-storage layers, access controls for our team, and audit logging on sensitive operations. We do not store full payment card numbers - those are handled exclusively by Stripe.
9. Cookies
We use a minimal set of strictly-necessary cookies. We do not use third-party tracking or advertising cookies. The cookies in use are:
cleud_application_id- lets you resume your CLEUD application. Lifetime: 30 days. Cleared if you start a new application or sign out.admin_session- for team members who log in to our internal admin area. Not set on public visits.
10. Changes to this policy
We may update this policy from time to time. Material changes will be flagged on this page and (for active clients) by email. The “Last updated” date at the top reflects the most recent revision.
11. Contact us
Questions or concerns? Email info@stlsolutions.co.uk or write to us at the registered address above.