Back to Home

Privacy Policy

Who We Are

Efiros Ltd (company number [NUMBER], registered office at [ADDRESS]) provides engineering analytics software. This policy explains how we handle your data.

What Data We Collect

Account Information

  • Name, email address, company name
  • Job title and authentication credentials

Platform Usage

  • Login activity and feature usage
  • IP addresses and browser information

Engineering Metadata

When you connect version control tools (GitHub or GitLab), we collect:

  • Commit timestamps and author identifiers
  • Pull request events (opened, reviewed, merged, closed)
  • Branch and merge activity
  • Code review participation
  • Build and deployment events (where available)

What We DON'T Store

Source code: We access third-party systems via APIs to process engineering metadata. We do not intentionally read, analyse, or store source code or commit message content as part of our standard services. Any content-level processing, if required, is subject to a separate agreement.

We never collect:

  • Source code content or commit message text
  • Special category data (health, religion, race, etc.)

How We Use Your Data

To provide the service:

  • Deliver analytics and insights
  • Generate metrics like the Efiros Score
  • Identify workflow patterns and bottlenecks

For security:

  • Authenticate users and prevent fraud
  • Maintain platform integrity

For improvement:

  • Develop new features
  • Create anonymized industry benchmarks (aggregated across a sufficient number of organisations to reasonably prevent identification)

We do NOT:

  • Use automated decision-making with legal or similarly significant effects on individuals.
  • Provide tools for individual surveillance
  • Make HR decisions automatically

Legal Basis (UK GDPR)

We process data based on:

  • Contract - to provide our services
  • Legitimate interests - to improve the platform and ensure security
  • Consent - for marketing communications (where required)

Who We Share Data With

Service providers:

  • AWS (UK/EU hosting - London and Frankfurt regions)
  • Payment processors (Stripe)
  • Analytics tools (Google Analytics with IP anonymization)

Your organization:

  • If you access Efiros through your employer, they control the account
  • Your organization's administrators can view team-level analytics and metrics
  • Efiros provides team insights, not individual surveillance tools
  • Your employer's privacy policies also apply

We do not sell your data.

International Transfers

Data is stored primarily in the UK and EU (AWS London and Frankfurt regions).

Where we transfer data outside these regions, where applicable, we use:

  • Standard Contractual Clauses (UK IDTA or EU SCCs)
  • Encryption and access controls

Data Retention

  • Account data: Deleted or irreversibly anonymised in line with our retention policy and legal obligations. Backup data is removed in accordance with standard backup rotation cycles.
  • Usage data: Retained during customer relationship, then deleted
  • Aggregated benchmarks: Retained indefinitely (anonymized, non-personal)

When a customer relationship ends, we provide 30 days to export data, then delete it within 30 days.

Security

We protect data using:

  • Encryption in transit (TLS 1.2 or higher) and at rest (AES-256)
  • Multi-factor authentication for administrative access
  • Regular security assessments
  • Role-based access controls

We are working towards SOC 2 Type II certification.

Your Rights

Under UK GDPR, you can:

  • Access your personal data
  • Correct inaccurate information
  • Delete your data (in certain circumstances)
  • Object to processing based on legitimate interests
  • Opt out of marketing communications

To exercise your rights: Email privacy@efiros.com
Response time: Within 1 month

To complain: Contact the UK Information Commissioner's Office (ICO) at ico.org.uk

Cookies

We use cookies for:

  • Essential: Authentication and security
  • Analytics: Platform usage (anonymized)
  • Where required by law, we obtain consent for non-essential cookies and provide opt-out mechanisms.

Manage cookies through our Cookie Settings or your browser settings. See our Cookie Policy for full details.

Contact Us

Privacy inquiries: privacy@efiros.com
Security incidents: security@efiros.com
General support: support@efiros.com

Postal address:
Efiros Ltd

United Kingdom

Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements.

For material changes:

  • We'll notify you via email to your registered address
  • You'll have at least 30 days to review changes before they take effect
  • We'll post a notice on our website

For minor changes: