Privacy Policy

Last updated: 30-MAR-2026

This Privacy Policy explains how Pokkit Ltd (“Pokkit”, “we”, “us”, “our”) collects, uses, stores, shares and protects personal data when you:

  • Visit our website at Pokkit.tech
  • Contact us
  • Use Pokkit through WhatsApp or any other messaging or support channel
  • Request a demo or trial
  • Buy or use our services
  • Interact with us as a reseller, partner or prospect
  • Subscribe to updates or marketing communications


We are committed to handling personal data in accordance with the UK GDPR, the Data Protection Act 2018, and, where relevant, the Privacy and Electronic Communications Regulations 2003 (PECR).

If you have any questions about this Privacy Policy or how we handle personal data, please contact:

Data Controller: Pokkit Ltd
Registered address: Hub8 MX, Chester Walk, Cheltenham, GL50 3JY
Email: hello@Pokkit.tech
DPO / privacy contact: Not appointed

1. Who we are

Pokkit is a cyber support service designed to help individuals, sole traders, micro businesses and small organisations with practical cyber guidance, triage and support. Depending on how the service is provided, we may act as a controller of personal data, and in some situations we may act as a processor on behalf of a reseller, channel partner, managed service provider, or customer.

This Privacy Policy applies where we act as a controller unless we say otherwise.

2. The personal data we collect

We may collect and use the following categories of personal data.

A. Identity and contact data

  • Name
  • Business name
  • Job title
  • Email address
  • Telephone number
  • WhatsApp number
  • Postal address
  • Account login details, where applicable

B. Enquiry and customer data

  • Information you provide when you contact us
  • Demo, onboarding, support and service-related records
  • Organisation details
  • Subscription and billing information
  • Records of your purchases or contract with us
  • Reseller or partner account details

C. Messaging and support data

  • WhatsApp messages and chat content
  • Support ticket content
  • Issue descriptions
  • Attachments, screenshots or files you choose to send
  • Support history and resolution notes

D. Technical and usage data

  • IP address
  • Browser type and version
  • Device information
  • Operating system
  • Website activity
  • Pages viewed
  • Date/time stamps
  • Referral source
  • Cookies and similar technology data

E. Marketing and communications data

  • Your communication preferences
  • Whether you opened or clicked an email
  • Event registrations
  • Campaign engagement information

F. AI interaction data

  • Prompts, queries and responses submitted through Pokkit
  • Service-generated summaries
  • Categorisation of support issues
  • Confidence indicators, routing decisions, or suggested next steps generated by our systems

G. Sensitive or higher-risk information

We ask users not to share passwords, one-time codes, payment card details, bank details, government ID numbers, or special category personal data unless strictly necessary and specifically requested through a secure process.

In some cases, users may choose to share information that reveals personal circumstances, health information, or other sensitive details. If that happens, we will handle it with additional care and only where we have a lawful basis and, where required, an additional condition for processing.

The ICO states that you must identify a lawful basis for processing personal data, and if you process special category data you must also meet an additional condition under the law. High-risk processing is more likely to require a DPIA.

3. How we collect personal data

We collect personal data:

  • Directly from you
  • When you fill in forms on our website
  • When you contact us by email, phone, WhatsApp, chatbot or other channels
  • When you use our services
  • From cookies and similar technologies on our website
  • From reseller or channel partners
  • From third-party service providers who support our operations
  • From publicly available business sources such as company websites or LinkedIn, where lawful

4. How we use personal data

We use personal data to:

  • Provide and operate Pokkit
  • Respond to enquiries and provide customer support
  • Onboard customers, users, resellers and partners
  • Manage subscriptions, billing and contracts
  • Provide AI-assisted cyber guidance and service functionality
  • Review, improve and secure our services
  • Detect misuse, fraud, threats, abuse or technical issues
  • Maintain records and comply with legal obligations
  • Communicate with customers, prospects and partners
  • Send service messages and, where lawful, marketing communications
  • Analyse service performance and usage trends
  • Train staff, improve workflows, and quality assure our service outputs
  • Manage partner, reseller and supplier relationships

5. Our lawful bases for processing

The UK GDPR requires a lawful basis for each processing activity. The ICO’s guidance confirms that at least one lawful basis must apply whenever you process personal data.

Depending on the context, we rely on one or more of the following lawful bases:

A. Contract

We process personal data where it is necessary to:

  • Provide the services you have requested
  • Take steps before entering into a contract
  • Administer your account
  • Deliver customer support
  • Manage partner or reseller agreements

B. Legitimate interests

We may process personal data where it is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms.

Our legitimate interests may include:

  • Running and improving Pokkit
  • Securing our systems and services
  • Handling support requests
  • Preventing fraud, abuse and misuse
  • Maintaining records of interactions
  • Developing and improving our product
  • Managing business relationships
  • Limited B2B marketing where permitted by law


Where we rely on legitimate interests, we seek to ensure the processing is proportionate, has minimal privacy impact, and is not unexpected. The ICO says legitimate interests can be used only where that balance is appropriate, and that those interests should be clearly explained in the privacy notice.

C. Consent

We rely on consent where required, including for:

  • Non-essential cookies and similar technologies
  • Certain direct marketing communications
  • Any processing where consent is the appropriate lawful basis


You can withdraw consent at any time, but this will not affect the lawfulness of processing before withdrawal.

D. Legal obligation

We may process personal data where necessary to comply with legal or regulatory obligations.

E. Vital interests

In exceptional cases, we may process personal data where necessary to protect someone’s vital interests.

6. AI-assisted support and automated processing

Pokkit may use AI-assisted systems to:

  • Analyse support queries
  • Generate draft responses
  • Classify issue types
  • Suggest next steps
  • Prioritise or route cases
  • Identify where a human review or escalation may be appropriate


We use AI to support service delivery, efficiency, consistency and triage. We do not intend for Pokkit to make solely automated decisions that produce legal or similarly significant effects on individuals without appropriate safeguards.

ICO guidance explains that individuals have additional protections if an organisation carries out solely automated decision-making with legal or similarly significant effects, including transparency requirements and safeguards such as the right to human intervention in relevant cases.

Where appropriate, we may:

  • Involve a human reviewer
  • Allow escalation to a person
  • Review outputs for quality and safety
  • Limit the types of decisions made automatically


AI outputs may be inaccurate, incomplete, or inappropriate in some cases. Pokkit should be used as a support and guidance service and not as the sole basis for high-risk, legal, regulated, employment, insurance, medical, or financial decisions.

7. WhatsApp and messaging privacy

If you use Pokkit through WhatsApp or a similar messaging channel, your messages may be processed by us and by the messaging provider in accordance with that provider’s own terms and privacy practices.

Please note:

  • Messages sent through third-party platforms may also be stored on your device
  • Your own backup settings may affect how chat history is stored in your personal cloud environment
  • You should avoid sharing passwords, one-time codes, payment card data, full bank details, or highly sensitive personal or business information in chat unless specifically instructed through a secure method


Where appropriate, we may use measures such as limited retention, summarisation, or case closure workflows to reduce unnecessary exposure of chat content.

8. Cookies and similar technologies

We may use cookies and similar technologies on our website for:

  • Essential website functionality
  • Security
  • Analytics
  • Performance monitoring
  • Remembering preferences
  • Marketing, where permitted


Under PECR, consent is generally required for non-essential cookies and similar technologies. The ICO states that PECR applies to cookies and similar technologies, and consent requests should be specific and granular.

Where required, we will ask for your consent before placing non-essential cookies on your device.

You can manage cookie preferences through our cookie banner or your browser settings.

You should also maintain a separate Cookie Policy and consent mechanism if you use analytics, ad tech, or other non-essential trackers.

9. Marketing communications

We may send service-related communications where necessary to administer the service.

We may also send marketing communications about our products, services, events, updates or partner offers where:

  • You have consented, or
  • We are otherwise permitted to do so under applicable law


You can opt out of marketing at any time by using the unsubscribe link in our emails or by contacting us.

Marketing by email, text and similar channels is also subject to PECR rules.

10. Who we share personal data with

We may share personal data with:

  • Hosting and cloud providers
  • CRM and customer support providers
  • Analytics providers
  • Email and communication service providers
  • Payment processors
  • Developers, technical support providers and subcontractors
  • Professional advisers, such as lawyers, accountants and insurers
  • Channel partners, resellers or MSPs, where relevant to service delivery
  • Regulators, law enforcement or courts where required by law
  • A buyer, investor or successor organisation in connection with a merger, acquisition, restructuring or sale of assets, subject to appropriate protections


We require service providers acting on our behalf to handle personal data under appropriate contractual and security controls.

11. International transfers

Some of our providers or partners may process personal data outside the UK.

Where we transfer personal data internationally, we will take steps to ensure it is protected in accordance with UK data protection law. Depending on the destination, this may include:

  • Adequacy regulations
  • The UK International Data Transfer Agreement (IDTA)
  • The UK Addendum to the EU Standard Contractual Clauses
  • Other lawful safeguards or exceptions


ICO guidance notes that where a transfer is covered by adequacy, information can flow without additional transfer safeguards.

You can contact us for more information about the safeguards we use.

12. Data security

We take appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access.

These measures may include:

  • Access controls
  • Role-based permissions
  • Encryption in transit and, where appropriate, at rest
  • Secure hosting environments
  • Logging and monitoring
  • Staff confidentiality obligations
  • Incident response processes
  • Supplier due diligence
  • Data minimisation and retention controls


However, no method of transmission over the internet or electronic storage is completely secure.

13. Data minimisation and acceptable use

We aim to collect only the personal data we need for the relevant purpose.

Users should not submit:

  • Passwords
  • One-time passcodes
  • Full payment card data
  • Full bank account details
  • Highly sensitive identity documents
  • Unnecessary health information
  • Personal data about other people unless they are authorised to do so and it is necessary


If you need to provide higher-risk information, we may direct you to a more appropriate and secure channel.

The UK GDPR’s core principles include lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity/confidentiality, and accountability.

14. Data retention

We keep personal data only for as long as reasonably necessary for the purposes set out in this Privacy Policy, including to:

  • Provide services
  • Manage customer and partner relationships
  • Resolve disputes
  • Maintain records
  • Comply with legal, accounting, tax and regulatory obligations
  • Investigate misuse, complaints, or incidents


Retention periods may vary by category of data. For example:

  • Website enquiry data: [e.g. 12–24 months]
  • Customer account and contract data: [e.g. duration of contract + 6 years]
  • Support records and ticket history: [e.g. 12–36 months]
  • Marketing suppression records: [e.g. as long as needed to respect opt-out requests]
  • Analytics/cookie data: [insert periods]


We may anonymise data so it can no longer identify you, in which case we may use it for longer.

15. Your rights

Under UK data protection law, you may have the right to:

  • Be informed about how your personal data is used
  • Request access to your personal data
  • Request correction of inaccurate data
  • Request erasure in certain circumstances
  • Request restriction of processing in certain circumstances
  • Object to processing in certain circumstances
  • Request portability of data, where applicable
  • Withdraw consent where we rely on consent
  • Challenge certain automated decision-making or request human review where applicable


The ICO’s “right to be informed” guidance explains that transparency is one of the core UK GDPR requirements, and Articles 13 and 14 set out the minimum privacy information individuals should receive.

To exercise your rights, contact us at hello@pokkit.tech.

We may need to verify your identity before responding.

You also have the right to complain to the Information Commissioner’s Office (ICO):

ICO website: ico.org.uk

16. Children

Pokkit is not intended for children under [16] unless explicitly stated otherwise.

We do not knowingly collect personal data from children without appropriate authority or another lawful basis. If you believe a child has provided personal data to us inappropriately, please contact us so we can investigate.

17. Third-party websites and services

Our website or service may link to third-party websites, platforms or services. This Privacy Policy does not apply to those third parties. You should read their privacy notices before providing personal data to them.

18. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

When we do, we will update the “Last updated” date above. If the changes are material, we may take additional steps to notify you.

19. Contact us

If you have questions about this Privacy Policy or how we handle personal data, contact:

Pokkit Ltd
Email: hello@pokkit.tech
Address: Hub8 MX, Chester Walk, Cheltenham, GL50 3JY
Privacy contact: Pokkit Founder Team

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by