Privacy Policy

1. Data controller

The data controller for personal information collected through this site and the Learn platform is HybridOps.

ICO Registration: ZB000000  ·  Contact: privacy@hybridops.tech

HybridOps is subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Where services are offered to individuals in the European Economic Area, the EU GDPR also applies.

2. What we collect and why

Public site and contact forms

When you submit an enquiry, book a call, or use the contact form, we collect your name, email address, company or institution name (if provided), and the content of your message. We use this to respond to your enquiry and to follow up on related conversations you have started with us.

HybridOps Learn — account registration

When you create a Learn account, we collect your email address, a display name (if provided), and authentication credentials managed through our identity service (Keycloak, operated on-prem). We use this to provide access to Academy tracks, HybridOps Copilot, and private documentation.

Academy payments

Subscription and one-off payments are processed by Stripe. We do not store payment card details on HybridOps systems. Stripe returns a customer identifier and subscription status, which we use to determine your entitlements. Stripe's own privacy policy governs how your payment data is handled: stripe.com/gb/privacy.

Academy LMS (Moodle)

If you access guided Academy course content through the LMS, your progress, submissions, and interaction data are stored within that system. This data is used to support your learning path and, where applicable, to provide completion records.

Operational and security data

We collect standard server and request logs (IP address, user-agent, request path, timestamp) for security monitoring, abuse prevention, and service operation. This data is not used for advertising or profiling.

3. Legal basis for processing

We rely on the following legal bases under UK/EU GDPR Article 6:

• Contract performance — Processing required to deliver Academy access, manage your account, and fulfil a subscription or guided delivery you have purchased.
• Legitimate interests — Responding to enquiries you have initiated, operating and securing the platform, and maintaining service integrity. We have assessed that these interests are not overridden by your rights and freedoms.
• Consent — Where you have explicitly subscribed to newsletters or optional communications. You may withdraw consent at any time.
• Legal obligation — Where processing is required to comply with applicable law.

4. How long we keep your data

• Enquiry and contact records — Retained for as long as reasonably necessary to manage the related conversation and for up to 2 years after the last substantive contact, unless a longer period is required by law or by an active commercial relationship.
• Account and entitlement data — Retained while your account is active and for up to 12 months after account closure or subscription expiry, to support re-enrolment, dispute resolution, and legal compliance.
• Payment records — Stripe retains payment records in line with its own retention policy and applicable financial regulations.
• Operational logs — Retained for up to 90 days for security and debugging purposes, then deleted or anonymised.

5. Third-party processors

We use the following third-party services to operate the platform. Each acts as a data processor under a data processing agreement or under their published data protection terms.

• Cloudflare — Hosts the public site and Learn platform via Cloudflare Pages. Network-level request data passes through Cloudflare's infrastructure. See cloudflare.com/privacypolicy.
• Stripe — Processes all subscription and one-off payments. Card data is handled exclusively by Stripe and does not transit HybridOps systems.
• Google Cloud Platform (GCP) — Used for infrastructure components including secret management and DR lanes. Data may be stored in GCP regions in the EU or UK.
• Keycloak (on-prem) — Identity and authentication for Learn accounts, operated on HybridOps-controlled infrastructure.
• Moodle LMS (on-prem) — Delivers Academy course content and stores learning progress on HybridOps-controlled infrastructure.

6. International transfers

Some of our processors operate infrastructure outside the UK and EEA. Where personal data is transferred internationally, we ensure appropriate safeguards are in place:

• Cloudflare and Stripe are certified under applicable transfer frameworks and publish Standard Contractual Clauses for EU/UK data transfers.
• GCP infrastructure used for HybridOps workloads is configured to prefer EU/UK regions where available.

7. Cookies

The public site does not use tracking or advertising cookies. The Learn platform uses strictly necessary session cookies to maintain your authenticated state. These cookies are not used for tracking, advertising, or profiling. No consent banner is required for strictly necessary cookies under UK PECR.

Cloudflare may set cookies for security and performance purposes as part of its edge network operation.

8. Your rights

Under UK GDPR and the Data Protection Act 2018, you have the right to:

• Access — Request a copy of the personal data we hold about you.
• Rectification — Ask us to correct inaccurate or incomplete data.
• Erasure — Request deletion of your data where we no longer have a lawful basis to retain it.
• Restriction — Ask us to limit processing in certain circumstances.
• Portability — Receive data you provided to us in a structured, machine-readable format (where processing is based on consent or contract).
• Objection — Object to processing based on legitimate interests.
• Withdraw consent — Where processing is based on consent, withdraw it at any time without affecting prior lawful processing.

To exercise any of these rights, contact us at privacy@hybridops.tech or use the contact form. We will respond within one calendar month.

You also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner's Office (ICO): ico.org.uk.

9. Changes to this policy

We may update this policy as the platform and applicable requirements evolve. The date at the top of this page reflects the most recent revision. Continued use of the platform after a material change constitutes acceptance of the updated terms, where permitted by law.