1. Introduction
Skyie Global Technologies Ltd, trading as Maiekr ("we", "us", or "our"), operates the Maiekr platform at maiekr.co.uk. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our website, applications, and related services (collectively, the "Service").
By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.
2. Data Controller
Skyie Global Technologies Ltd, trading as Maiekr, registered at Kings Hill, West Malling, Kent, England (Company No. [COMPANY_NUMBER]), is the data controller responsible for your personal data. ICO Registration Number: [ICO_REG_NUMBER]. For any privacy-related queries, contact us at privacy@maiekr.com.
3. Information We Collect
3.1 Information you provide
- Account data: Name, email address, and password when you register.
- Organisation data: Workspace name and team member email addresses when you create or join an organisation.
- Content data: Presentations, slides, speaker notes, and any text or image URLs you add to presentations.
- Payment data: If you subscribe to a paid plan, payment information is collected and processed by our payment processor (Stripe). We do not store full payment card details.
- Communications: Messages you send through our contact form or email.
3.2 Information collected automatically
- Device and session data: IP address, browser type, operating system, and device information for session management and security.
- Usage data: Pages visited, features used, timestamps, and referral URLs.
- Cookies: Essential authentication cookies for maintaining your session. See our Cookie Policy for details.
3.3 Information from third parties
- OAuth providers: If you sign in via Google or GitHub, we receive your name, email, and profile identifier from the provider. We do not access your contacts, repositories, or other provider data.
4. How We Use Your Information
We process your personal data only for the following purposes:
- Providing the Service: Account management, presentation creation, AI-powered content generation, and team collaboration.
- Security: Detecting and preventing fraud, abuse, and unauthorised access, including rate limiting and account lockout mechanisms.
- Communications: Sending transactional emails (verification, password reset, team invitations, security notifications).
- Improvement: Analysing usage patterns to improve features and performance.
- Legal compliance: Meeting our legal obligations and responding to lawful requests.
5. Legal Basis for Processing (GDPR)
Under the General Data Protection Regulation (GDPR), we rely on the following lawful bases:
- Contract: Processing necessary to provide the Service you have signed up for (account management, content storage, collaboration features).
- Legitimate interest: Security measures, fraud prevention, and service improvement where our interests do not override your rights.
- Consent: Where required, such as for non-essential cookies or optional communications. You may withdraw consent at any time.
- Legal obligation: Compliance with applicable laws and regulations.
6. Third-Party Services
We use the following third-party services to operate Maiekr. Each processes data only as necessary for its function:
| Service | Purpose | Data shared |
|---|---|---|
| Google Gemini API | AI content generation | Presentation prompts and slide text |
| Resend | Transactional email | Email address, name |
| Google OAuth | Authentication | Email, name, profile ID |
| GitHub OAuth | Authentication | Email, name, profile ID |
| Stripe | Payment processing | Email, name, payment details (processed by Stripe) |
| Sentry | Error monitoring and performance | IP address, browser info, error context |
We do not sell, rent, or trade your personal data with third parties for marketing purposes.
7. Data Retention
- Account data: Retained while your account is active. Deleted within 30 days of account deletion.
- Content data: Retained while your account is active. Permanently deleted within 30 days of account deletion.
- Session data: Sessions expire after 30 days and are automatically removed.
- Security logs: Audit events are retained for 90 days for security purposes.
- Password reset tokens: Expire after 1 hour and are removed automatically.
8. Data Security
We implement industry-standard security measures to protect your data:
- All data transmitted via HTTPS with TLS encryption.
- Passwords are hashed using bcrypt with a cost factor of 12.
- Multi-factor authentication (TOTP) available for all accounts.
- Session tokens are cryptographically signed and validated on every request.
- Rate limiting and account lockout mechanisms to prevent brute-force attacks.
- Security headers (HSTS, CSP, X-Frame-Options) enforced on all responses.
- API keys are stored as irreversible SHA-256 hashes.
While no system is perfectly secure, we are committed to protecting your data and continuously improving our security posture.
9. Your Rights
Under GDPR and applicable data protection laws, you have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Correct inaccurate or incomplete data via your account settings.
- Erasure: Delete your account and associated data via Settings > Account > Delete Account.
- Portability: Request your data in a structured, machine-readable format.
- Restriction: Request that we limit processing of your data in certain circumstances.
- Objection: Object to processing based on legitimate interests.
- Withdraw consent: Where processing is based on consent, you may withdraw at any time.
To exercise these rights, contact us at privacy@maiekr.com. We will respond within 30 days.
10. International Data Transfers
Your data may be processed by third-party services located outside the United Kingdom or European Economic Area. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions, to protect your data in compliance with applicable data protection laws.
11. Children's Privacy
The Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@maiekr.com and we will promptly delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the effective date at the top of this page. For material changes, we will notify you by email or through a prominent notice on the Service. Your continued use of the Service after changes constitutes acceptance of the updated policy.
13. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:
For enterprise customers, we offer a Data Processing Agreement (DPA). View our DPA.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk. Our ICO registration number is [ICO_REG_NUMBER].