Lydmera
FeaturesPricingHow it works

Privacy Policy

Last updated: 27 May 2026·Last reviewed: 27 May 2026

1. Who we are

Lydmera Limited is a private limited company incorporated in Guernsey under company number 78292. For data protection purposes, Lydmera Limited is the data controller of personal data processed through the Lydmera platform.

Our registered office is The Port, Rue Hechet, GY7 9YZ, Guernsey.

For privacy enquiries or to exercise your rights under data protection law, email privacy@lydmera.com.

Postal correspondence: please email first. Postal handling at our registered office may take additional time. The registered office address is published on our Legal page where required by law.

2. What data we collect

Account data

Your name, email address, company affiliation, role, and (if you subscribe to a paid plan) your billing address. We collect this when you create an account or update your profile.

Usage data

Information about how you use the Service: features accessed, calculations performed, frequency and duration of use, IP address, browser type, device information, and time-stamped event logs. We use this for security monitoring, debugging, and aggregate analytics.

Customer content

Project data you upload or enter: pool specifications, location data for climate lookups, briefs, sketches, drawings, and any supplementary documents you share with the Service.

When uploaded content includes documents that need parsing (briefs, sketches, drawings, specifications), the content may be transmitted to our AI subprocessor — see Section 5 for details.

Payment data

Payment card details are processed by our payment subprocessor and are never stored on our systems. We retain limited billing metadata (plan, invoice references, transaction timestamps) for tax and accounting purposes.

Communications

Records of your correspondence with us through support channels, contact-form submissions, and marketing preferences if you opt in to product updates.

3. How we use it

  • To deliver and operate the Service
  • To process payments through our payment subprocessor
  • To respond to customer support enquiries
  • To improve the Service through aggregated, anonymised analytics
  • To comply with legal, tax, and regulatory obligations
  • To send service-related communications (account notices, security alerts, billing receipts)
  • To send marketing communications about new features or relevant industry information — only with your explicit consent, with easy unsubscribe in every message

4. Legal basis for processing

Under the UK GDPR, EU GDPR, and the Data Protection (Bailiwick of Guernsey) Law, 2017, we process personal data on these bases:

Contract performance (UK GDPR Article 6(1)(b)) — providing the Service, processing payments, customer support, account management, and calculation processing including AI subprocessor data transmission.

Legitimate interests (UK GDPR Article 6(1)(f)) — security monitoring, fraud prevention, aggregated analytics, product improvement, and direct B2B marketing to existing customers (subject to opt-out).

Consent (UK GDPR Article 6(1)(a)) — marketing emails to prospects, non-essential cookies, optional features that require opt-in.

Legal obligation (UK GDPR Article 6(1)(c)) — tax and accounting records, regulatory compliance, response to lawful requests.

5. AI processing of uploaded content

When you upload briefs, sketches, drawings, or specifications to the Service, the content may be transmitted to Anthropic, PBC (our AI subprocessor, based in the United States) for extraction of structured engineering data — for example, parsing a project specification PDF into form fields, or extracting pool dimensions from a hand-drawn sketch.

Anthropic processes this content under our commercial Data Processing Agreement, which:

  • Prohibits use of Customer Content for AI model training
  • Restricts use of content to returning processed data to Lydmera Limited
  • Requires SOC 2 Type II compliance
  • Implements Standard Contractual Clauses for international data transfers

For confidential projects (covered by NDA, defence contracts, or similar restrictions), please email privacy@lydmera.com before uploading sensitive material. We can discuss alternative workflows that do not involve AI processing of your content.

6. Categories of third-party recipients

We share personal data with third-party processors who help us deliver the Service:

  • AI and machine-learning providers (for content parsing and extraction features)
  • Hosting and edge-delivery providers
  • Database, authentication, and file-storage providers
  • Climate-data providers (for the weather lookup feature)
  • Payment processors
  • Product analytics providers
  • Email service providers (transactional and marketing)

A named list of current subprocessors, with their locations and the safeguards applied to data transfers, is available on request — email privacy@lydmera.com and we will provide the current list within 5 business days. If subprocessors change in a way that materially affects how your data is processed, we will notify subscribed customers in advance by email.

7. International data transfers

Lydmera Limited is established in Guernsey. Guernsey has been formally recognised as providing adequate data protection by:

  • The European Commission (adequacy decision, in force since 2003)
  • The UK Government (adequacy regulation, in force from January 2021)

This means personal data can flow between Guernsey, the United Kingdom, and the European Union without additional transfer safeguards.

Some of our subprocessors are located outside Guernsey, the UK, and the EU — primarily in the United States. Where personal data is transferred to such jurisdictions, we rely on appropriate safeguards:

  • Standard Contractual Clauses (SCCs) approved by the EU and UK
  • Adequacy decisions where applicable (e.g., the EU-US Data Privacy Framework for participating US providers)
  • Provider certifications such as SOC 2 Type II, ISO 27001, or equivalent

For specific subprocessor locations and safeguards, request our subprocessor list as described in Section 6.

8. Data retention

  • Account data — retained while your account is active, plus up to 7 years for tax, accounting, and legal records
  • Customer content — deleted on request, or automatically 30 days after account cancellation (backups retained up to 90 days for disaster recovery, then permanently deleted)
  • Operational logs — 90 days, then deleted or anonymised
  • Marketing data — retained until you withdraw consent
  • Contact-form submissions — 24 months, then deleted unless escalated to a support case

9. Your rights

Under UK GDPR, EU GDPR, and the Data Protection (Bailiwick of Guernsey) Law, 2017, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Request deletion of your data ("right to be forgotten")
  • Restrict processing in certain circumstances
  • Receive your data in a portable format (data portability)
  • Object to processing based on legitimate interests
  • Withdraw consent at any time (for consent-based processing)
  • Lodge a complaint with a supervisory authority

To exercise any of these rights, email privacy@lydmera.com. We respond within one month of a verified request. We may need to verify your identity before responding.

Supervisory authorities:

  • Office of the Data Protection Authority (ODPA), Guernsey — odpa.gg
  • UK Information Commissioner's Office (ICO) — ico.org.uk
  • Your national EU data protection authority — list available at edpb.europa.eu

We encourage you to contact us first so we can address concerns directly, but you have the right to lodge a complaint without doing so.

10. Security

We protect your data using technical and organisational measures including encryption in transit (TLS 1.2 or higher), encryption at rest, role-based access controls applying the principle of least privilege, multi-factor authentication for administrative access, regular security reviews, and continuous monitoring.

For full details, see our Security Overview.

If you suspect a security incident affecting your data, email security@lydmera.com immediately.

11. Automated processing

The Service performs automated engineering calculations based on inputs you provide. These calculations are not "automated decisions" about you in the sense of UK GDPR Article 22 — they are tools that assist you in your professional engineering work, and the outputs require your independent professional verification before application (see our Engineering Disclaimer).

We do not use automated decision-making or profiling to make decisions about your access to the Service, your subscription, or any other matter that produces legal effects concerning you.

12. Cookies

Information about the cookies we use and how to manage your preferences is in our Cookie Policy.

13. Children

The Service is intended for engineering professionals and is not directed at children under 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, email privacy@lydmera.com and we will delete it.

14. Changes to this policy

We may update this Privacy Policy from time to time. We will treat the following as material changes requiring 30 days' advance notice:

  • Adding new categories of personal data we collect
  • Adding new purposes for which we use personal data
  • Adding new subprocessors that change the location or nature of data processing
  • Changes to data retention periods
  • Changes to your rights or how to exercise them

Non-material changes (such as clarifications, typo fixes, or expansions that do not change the substance) take effect when posted. The "Last updated" date at the top of this page indicates when the policy was most recently revised. Historical versions are available on request.

15. Contact

For privacy enquiries or to exercise any of your rights, email privacy@lydmera.com.

Lydmera

Product

FeaturesPricing

Company

Contact

Legal

Privacy PolicyTermsAll legal documents →
© 2026 Lydmera Limited · LYDMERA™