Home / Privacy Policy

Privacy policy.

How we collect, use, retain and protect personal information. This policy applies to softwarecontractnegotiation.com, our newsletter and white-paper downloads, and all client engagements.

Last updated · 14 May 2026

Plain-English summary

We collect contact details when you fill in a form on this site, when you download a white paper, when you subscribe to our newsletter, and during client engagements. We use that information to respond to your enquiry, to provide the advisory services you have engaged us for, and to send the resources you have asked for. We do not sell personal information, we do not share it with software vendors, and we do not run third-party advertising on this site.

Data controller

The data controller for the personal information collected on softwarecontractnegotiation.com is SoftwareContractNegotiation Ltd (registered in New York, USA, with branch offices in London and Stockholm). You can reach our privacy team at privacy@softwarecontractnegotiation.com.

Information we collect

From this website

  • Contact form data — name, work email, company, phone (optional), the message you write, the vendor you select.
  • White-paper gate data — name, work email, company, job title and the paper requested.
  • Newsletter signup — work email only.
  • Server logs — IP address, browser type, referrer, pages visited. Used for security and aggregate analytics only.

During client engagements

  • Contract documents, pricing data and licence inventories you share with us.
  • Names and titles of the client personnel involved in the engagement.
  • Engagement notes, meeting summaries and deliverables prepared by us.

How we use information

  • To respond to your contact enquiry within one business day.
  • To deliver the white papers, playbooks or newsletter you have requested.
  • To carry out the advisory services we have agreed under an engagement letter.
  • To send occasional research or event invitations relevant to your role, with an unsubscribe link in every email.
  • To improve this website using aggregate analytics that cannot identify an individual.
  • Contract — processing necessary to provide the advisory services you have engaged us for.
  • Legitimate interests — responding to a business enquiry, sending requested resources, improving this site.
  • Consent — newsletter subscriptions and any marketing emails, withdrawn by clicking unsubscribe.
  • Legal obligation — tax, accounting and statutory record-keeping.

Sharing with third parties

We never sell personal information. We never share your details with software vendors. We share information only with the following categories of processor:

  • Formspree — receives form submissions on our behalf so we can reply by email.
  • Email provider — sends the newsletter and engagement correspondence.
  • Cloud hosting and document storage — engagement materials are stored encrypted at rest in EU and US data centres.
  • Professional advisers — lawyers, accountants and auditors where strictly necessary and under confidentiality.

Retention periods

  • Contact enquiries: 24 months from last interaction, then deleted.
  • Newsletter subscribers: until you unsubscribe, then 30 days for audit trail.
  • Client engagement files: 7 years from engagement close, for statutory and professional indemnity reasons.
  • Server logs: 90 days.

Your rights

Under GDPR, UK GDPR and CCPA you have the right to access, correct, delete, port and object to processing of your personal information, and to withdraw consent. To exercise any of these rights, email privacy@softwarecontractnegotiation.com and we will respond within 30 days. EU and UK residents may also lodge a complaint with their supervisory authority.

Cookies

We use a small number of strictly necessary cookies (session and security) and one privacy-friendly analytics cookie that does not track you across sites. We do not run advertising cookies and we do not embed third-party tracking pixels.

Security

All traffic to this site is encrypted in transit (TLS 1.3). Engagement documents are stored encrypted at rest, access-controlled, and reviewed annually under our ISO 27001-aligned information security programme. We notify affected individuals within 72 hours of becoming aware of a personal-data breach that is likely to result in risk to their rights and freedoms.

International transfers

Personal information may be processed in the United States and the European Union. Where personal data of EU or UK residents is transferred outside the EEA or UK, we rely on Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, supplemented by appropriate technical and organisational measures.

Children

This site is intended for professionals working in IT, procurement, finance and legal functions. It is not directed at children and we do not knowingly collect information from anyone under 18.

Changes to this policy

If we make material changes to this policy we will update the "last updated" date at the top of the page and, where appropriate, notify newsletter subscribers and active client contacts by email.

Contact

Questions about this policy or your personal information: privacy@softwarecontractnegotiation.com. For all other enquiries please use the contact form.