Privacy policy

Last updated: 12 June 2026

Who we are

Cadrify Ltd
Registered in England & Wales, Company number 17244539
ICO registration reference: ZC158949
Registered address: 7 Malvern Road, Hornchurch, Essex, RM11 1BG
Privacy contact: privacy@cadrify.org

Purpose of this notice

This Privacy Policy explains how Cadrify Ltd (“Cadrify”, “we”, “us”, “our”) collects, uses, and protects personal data in connection with the Cadrify platform and website (cadrify.org and any of its subdomains). It also explains the rights you have under the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.

We may update this policy from time to time. The current version is always available at cadrify.org/privacy.

Our two distinct roles

Cadrify operates under two different legal roles depending on whose data is being processed.

1. Data processor, on behalf of customer organisations

When a political party, campaign, or organisation (“Customer”) subscribes to Cadrify and uploads or collects data through the platform, such as electoral register data, door-knock responses, voter contact records, and supporter details, the Customer is the data controller. Cadrify processes that data only on the Customer’s instructions, under a written Data Processing Agreement. Cadrify has no independent right to use, share, or retain that data beyond what is needed to deliver the service.

Cadrify may engage trusted subprocessors to provide infrastructure, email delivery, and related services. We maintain written agreements with all subprocessors as required by applicable data protection law. Where we engage a subprocessor to handle Customer data, we remain responsible for ensuring it provides equivalent protections.

If you are an elector, voter, or supporter whose data has been entered into Cadrify by a political organisation, please contact that organisation directly to exercise your data rights. You may also contact us at privacy@cadrify.org and we will refer your request to the relevant Customer.

2. Data controller, for platform operations

Cadrify is the data controller for the personal data it collects directly from users and Customers for the purpose of operating the platform. This Privacy Policy primarily describes that processing.

What information we collect, use, and why

Website visitors

When you visit cadrify.org we may automatically collect standard server log data, including IP address, browser type, referring URL, and page requested. We use this information to maintain the security and performance of the website. Our lawful basis is legitimate interests (securing and operating the website). If you contact us by email, we will use your contact details to respond; our lawful basis is legitimate interests (responding to enquiries).

Platform user accounts

When you register as a user of the Cadrify platform we collect:

We use this information to operate your account, authenticate you, manage your permissions, and communicate with you about the service.

Security and session data

To protect accounts and detect abuse we also collect and store:

Customer account and billing information

When an organisation subscribes to Cadrify we collect the name and email address of the account holder for contract and billing purposes. Where card payment is used, card details are handled directly by our payment provider and are never stored by Cadrify.

Technical and usage data

When you use the platform or visit our website we may automatically collect:

We use this information to maintain platform security, troubleshoot issues, and improve performance. We do not use third-party analytics within the platform. Our public website uses a cookieless, privacy-friendly analytics service that sets no cookies and does not profile visitors.

Lawful bases and data protection rights

Under UK data protection law we must have a “lawful basis” for processing your personal information. Our lawful bases are set out below.

Processing activity Lawful basis
Website server logs and security monitoring Legitimate interests
Responding to contact or support enquiries Legitimate interests
Creating and managing your user account Contract
Billing and subscription management Contract
Platform security, fraud prevention, login audit trail Legitimate interests
Sending service and security notifications Contract / Legitimate interests
Marketing and promotional communications Consent

Your rights

Under UK data protection law you have the following rights in relation to the personal data we hold about you as controller:

To exercise any of these rights please contact us at privacy@cadrify.org. We will respond within one month.

Electoral register data and special-category data

The Cadrify platform is designed to handle electoral register data on behalf of Customer organisations. This data is subject to the Representation of the People Act 1983 (as amended) and is restricted to lawful purposes. Access to the full electoral register is permitted only for the purposes set out in law; Customers are responsible for ensuring they hold the correct lawful basis and permissions before uploading this data.

Door-knock data collected through the platform (including voting intentions, party preferences, and support levels) may constitute special-category data relating to political opinions under Article 9 of the UK GDPR. Customers, as data controllers, are responsible for identifying and documenting their own lawful basis and Article 9 condition for processing this data, including, where applicable, Article 9(2)(d) for political parties, trade unions, and certain not-for-profit bodies with a political, philosophical, religious, or trade-union aim. Cadrify processes it only under their instructions.

Where we store your data

The Cadrify platform is hosted by Render. Our primary database is located in Frankfurt, Germany (within the European Economic Area). The EEA is recognised under UK data protection law as providing an adequate level of protection for personal data.

International transfers

Where personal data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place. Depending on the recipient and the nature of the transfer, the safeguard used will be one of:

Further details about the safeguards in place for any specific transfer can be requested by contacting privacy@cadrify.org.

Who we share information with

We do not sell personal data. We share it only with the processors listed below, each of whom is bound by a data processing agreement:

Provider Purpose Data location Transfer basis
Render Platform hosting and database Frankfurt, Germany (EEA) UK adequacy regulations (EEA)
Resend Transactional email delivery (password resets, invitations, notifications) Dublin, Ireland (EEA) UK adequacy regulations (EEA)

We may also disclose personal data if required to do so by law, by a court order, or by a regulatory authority, or where necessary to protect the rights, property, or safety of Cadrify, its Customers, or others.

Optional integrations you can connect

Cadrify offers optional integrations with external CRM and organising systems: Action Network, NationBuilder, Salesforce, and Movement. These are off by default. An integration works only if your organisation chooses to enable it and connects it using your organisation’s own account and credentials with that provider. Cadrify does not share your data with any of these services unless you set up the integration yourself.

When you enable an integration, Cadrify syncs supporter and volunteer contact records (such as name, email address, postcode, phone number where applicable, and tags or subscription status) between Cadrify and the connected system, on your instruction. Electoral register records and door-knock data are never sent to these services. Because you connect the provider with your own account, that provider acts under your own relationship with it, and your use of it is governed by that provider’s own terms. Some providers are based outside the UK or EEA. The providers, and links to each one’s privacy and data-processing terms, are listed in Annex 4 of our Data Processing Agreement.

Third-party geocoding services

The platform uses external geocoding APIs to convert postcodes and addresses into map coordinates. We minimise the data sent to these services. Where possible, only postcodes are transmitted rather than full addresses or individually named data. The following services may be used in the course of this processing:

Geocoding results are cached locally; the same data is not re-sent to external services once cached.

How long we keep information

Category Retention period
Platform user accounts For the duration of the subscription and 30 days post-termination
Billing and payment records 7 years from the relevant transaction (statutory financial records requirement)
Login audit trail and security logs 12 months
Session tokens 24 hours (or earlier on logout)
Password reset and invite tokens Deleted on first use or on expiry (hours to days)
Customer-uploaded data (as processor) As instructed by the Customer, or 30 days after account closure

Cookies

Cadrify uses a small number of strictly necessary cookies to keep you logged in and to maintain your session. We do not use advertising, tracking, or third-party analytics cookies. For full details see our Cookies policy.

Security measures

We apply appropriate technical and organisational measures to protect personal data, including:

Intended users

The Cadrify platform is intended for political organisations, campaigns, and authorised adult users. We do not knowingly collect personal data directly from children. If you believe a child has provided us with personal data, please contact privacy@cadrify.org and we will delete it promptly.

How to complain

If you have a concern about how we handle your personal data, please contact us first at privacy@cadrify.org so we can try to resolve it.

If you remain unhappy you have the right to complain to the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113
ico.org.uk/make-a-complaint

Security

For information about the technical and organisational security measures Cadrify has in place, see the Security overview and the Security Whitepaper.

Contact us

For any questions about this policy or to exercise your data rights:

Email: privacy@cadrify.org
Post: Cadrify Ltd, 7 Malvern Road, Hornchurch, Essex, RM11 1BG