Home / Privacy
Privacy notice.
What we collect when you use this website, why we collect it, how long we keep it, and the rights you hold under UK data-protection law.
On this page
1. Who we are
This website, catenix.com, is operated by Catenix. You can reach us at privacy@catenix.com.
For the personal data described in this notice, Catenix is the data controller — we decide why and how it is processed. You can reach our data-protection contact at privacy@catenix.com.
2. What this notice covers
This notice explains how we handle personal data collected through this public marketing website — chiefly the data you give us when you ask for a demo or otherwise get in touch.
It does not cover the Catenix connectivity platform itself. When a clinic, laboratory or healthcare provider uses Catenix to move diagnostic results, that provider is the controller for any patient data, and Catenix acts as their processor under a separate written agreement. Patient and clinical data is never collected through this website.
3. What we collect and why
We keep data collection deliberately minimal. We only ask for what we need to respond to you.
| What | Why | Lawful basis |
|---|---|---|
| Contact details you submit — name, work email, organisation, role, and anything you write in the message field of the demo / contact form. | To reply to your enquiry, arrange a walkthrough, and follow up about Catenix. | Consent and our legitimate interest in responding to enquiries. |
| Email correspondence — messages you send to contact@catenix.com or another Catenix address, and our replies. | To handle your request and keep a record of the conversation. | Legitimate interest in conducting our business. |
| Technical & hosting logs — IP address, browser type and pages requested, generated automatically by our hosting provider. | To keep the site available, secure and free of abuse. | Legitimate interest in security and reliability. |
We do not run advertising trackers, profiling, or behavioural analytics on this site, and we do not buy or sell personal data.
4. Our contact form and FormSubmit
Please note: when you submit the demo / contact form, the data you enter is sent to a third-party form-handling service, FormSubmit (formsubmit.co), which forwards it to us by email. Your details pass through FormSubmit's systems before they reach our inbox.
We use FormSubmit purely as an email-delivery relay for form submissions; we do not maintain a separate marketing database. FormSubmit acts as a processor on our behalf for the act of relaying that message. We do not store form data in FormSubmit beyond what is needed to deliver it to us, and we have disabled their optional CAPTCHA and template features where possible to keep the data flow simple.
FormSubmit is operated outside the UK, so submitting the form involves an international transfer of your data — see section 7. If you would rather not use the form, you can email us directly at contact@catenix.com and your data will not pass through FormSubmit at all. For details of how FormSubmit handles data, see their own privacy information at formsubmit.co.
Website analytics — PostHog (EU)
To understand how the website is used and improve it, we use PostHog, a product-analytics service, on its EU-hosted infrastructure. We configure it to be privacy-first: it runs cookieless (it sets no cookies and writes nothing to your device), keeps no cross-session identifier, has session recording disabled, and honours your browser's Do-Not-Track signal. It receives anonymised interaction events (such as page views and clicks) together with your IP address, which is used to produce aggregate, de-identified statistics and is not used to build a profile of you. PostHog acts as our processor under a data-processing agreement, and runs only when analytics is enabled on the site — when it is not enabled, no events are sent at all. Our lawful basis is legitimate interests (section 5) — operating and improving a website that stays low-impact for visitors. Because the data is held in the EU, this involves no transfer outside the UK/EEA adequacy area. See PostHog's privacy information at posthog.com/privacy.
5. Lawful bases for processing
Under UK GDPR we rely on the following bases, as shown in the table above:
- Consent — for sending us an enquiry through the form; you may withdraw it at any time by asking us to delete your data.
- Legitimate interests — for responding to enquiries, running and securing the website, and the ordinary administration of our business. We have balanced these interests against your rights and consider them proportionate and low-impact.
6. Who we share data with — service providers
We share personal data only with service providers who help us run this website and respond to you, and only as far as needed:
- FormSubmit (formsubmit.co) — relays contact-form submissions to us by email (see section 4).
- PostHog (EU) — privacy-first, cookieless website analytics, hosted in the European Union and active only when analytics is enabled on the site (see section 4).
- Our website host — Microsoft Azure (Azure Static Web Apps, EU/UK regions), which serves the site and keeps short-lived technical logs.
- Our email provider — Microsoft 365, where enquiries land and are stored as correspondence.
- Regional-availability lookup — when a page loads, a small script asks a geolocation service (ipwho.is, with ipapi.co as fallback) which country you are browsing from, so we can confirm the site is available in your region. The service receives your IP address and returns only a country code; we store no identifier and keep no record of the lookup. This is an essential, consent-free technical call — see our Cookie Policy.
We may also disclose data where the law requires it. We do not sell personal data or share it for third-party marketing.
7. International transfers
Some of our providers process data outside the UK. Where that happens — notably with FormSubmit and the regional-availability lookup — we rely on appropriate safeguards recognised under UK data-protection law (such as the UK International Data Transfer Agreement / Addendum or an adequacy decision) so your data keeps an equivalent level of protection. You can ask us for more detail on these safeguards.
8. How long we keep it
We keep enquiry and correspondence data only as long as needed for the purpose it was collected:
- Demo / contact enquiries that don't progress — deleted within 12 months.
- Enquiries that become a customer relationship — kept for the life of that relationship and then in line with our normal commercial-record retention.
- Hosting / technical logs — retained for a short period by our host (typically days to weeks) and then rotated out.
9. Your rights
Under UK GDPR you have the right to: be informed about how we use your data; request a copy of it (access); have inaccurate data corrected; have your data erased; restrict or object to processing; and data portability. Where we rely on consent, you can withdraw it at any time.
To exercise any of these rights, email privacy@catenix.com. We will respond within one month. You also have the right to complain to the UK regulator, the Information Commissioner's Office (ICO), at ico.org.uk or on 0303 123 1113 — though we'd appreciate the chance to put things right first.
10. Cookies
This site uses only the minimal cookies needed to function and stay secure; it does not use advertising or cross-site tracking cookies, and our analytics (PostHog) runs cookieless. For the full picture, see our Cookie Policy.
11. Security
We host the site on Microsoft Azure, serve it over HTTPS, and apply security headers and access controls. While no transmission over the internet can be guaranteed perfectly secure, we take reasonable technical and organisational measures to protect personal data. To report a security concern, contact security@catenix.com.
12. Changes to this notice & contact
We may update this notice as our practices or the law change; the "last updated" date above will always reflect the current version. For any privacy question, or to exercise your rights, contact:
Catenix
privacy@catenix.com