Request Demo

Privacy Notice

Last updated: January 2026

This privacy notice explains how Redaktr processes personal data, the circumstances in which we do so, and the rights available to individuals whose data we handle.

Redaktr is a document redaction and disclosure platform used by organisations to prepare responses to Data Subject Access Requests (DSARs), Freedom of Information (FOI) requests, and other disclosure obligations.

1. Who we are

Redaktr is operated by IOLIS Ltd (trading as Redaktr).

For the purposes of data protection law:

  • Redaktr is a data processor in respect of customer-loaded content.
  • Redaktr is a data controller in respect of limited account and contact information relating to its own users.

If you have any questions about this notice or how data is handled, you can contact us at:

Email: privacy@redaktr.co.uk

2. The personal data we process

2.1 Customer-loaded data (processor role)

When organisations use Redaktr, they upload documents and information that may contain personal data. This data is uploaded, controlled, and determined entirely by the customer.

Redaktr:

  • does not determine the purposes for which that data is processed,
  • processes that data only on documented instructions from the customer,
  • does not use customer-loaded data for any purpose of its own.

The categories of personal data processed in this context depend entirely on what the customer uploads and may include special category data.

2.2 User account data (controller role)

For users who access the Redaktr platform directly, we process the following personal data:

  • Name
  • Email address

This data is used solely to:

  • create and manage user accounts,
  • authenticate users,
  • communicate with users about service-related matters.

We do not collect marketing profiles or additional personal information.

3. Lawful basis for processing

3.1 Contract

Where Redaktr acts as a data processor, processing is carried out to perform a contract with our customer, in accordance with Article 28 UK GDPR.

Where Redaktr acts as a data controller in respect of user account data, processing is necessary for the performance of a contract between Redaktr and the user.

4. How we use personal data

Personal data is used only for the purposes set out above. In particular:

  • customer-loaded data is processed solely to provide the Redaktr service,
  • user account data is used only to enable secure access and platform operation,
  • personal data is never sold or shared for marketing purposes.

5. Data sharing

Redaktr does not disclose personal data to third parties except where:

  • required to provide the service (for example, secure infrastructure providers),
  • required by law or regulatory obligation,
  • instructed by the customer acting as data controller.

6. International transfers

Where data is processed outside the UK, this is done only where appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses.

7. Data security

Redaktr implements appropriate technical and organisational measures to protect personal data, including:

  • access controls and authentication,
  • audit logging,
  • segregation of customer data,
  • secure storage and transmission.

Security measures are proportionate to the nature and sensitivity of the data processed.

8. Data retention

Customer-loaded data

Customer-loaded data is retained only for the duration specified by the customer and in accordance with contractual arrangements. Customers are responsible for determining retention periods and deletion instructions.

User account data

User account data (name and email address) is retained for as long as the user account remains active and for a limited period thereafter for administrative and security purposes.

9. Individual rights

Where Redaktr acts as a data processor, individuals should direct any rights requests (including access, rectification, or erasure) to the organisation that uploaded the data.

Where Redaktr acts as a data controller in respect of user account data, individuals have the right to:

  • access their personal data,
  • request correction of inaccurate data,
  • request erasure where applicable,
  • object to or restrict processing where legally permitted.

Requests can be made using the contact details above.

10. Complaints

If you have concerns about how personal data is handled, you have the right to lodge a complaint with the UK Information Commissioner’s Office.

We encourage individuals to contact us first so that we can address any concerns promptly.

11. Changes to this notice

This privacy notice may be updated from time to time to reflect changes in legal requirements or our processing activities. The most current version will always be available on our website.