Sign inPortal
← Back to home

Privacy Policy

Last updated: 28 June 2026

This Privacy Policy describes how Obsidian Dynamics Limited (trading as Obsidian, "we", "us", or "our") collects, uses, stores, and protects information when you visit https://www.weareobsidian.co.uk, use the Obsidian Node asset portal, operations console, APIs, or deploy edge gateways that connect to our cloud platform.

Obsidian Node is a business-to-business (B2B) field operations platform for BLE asset tracking, gateway-assisted locate, and environmental telemetry. This website does not sell consumer products, process card payments, or operate a retail checkout.

1. Data controller

The data controller is Obsidian Dynamics Limited.
Registered office: Lytchett House, 13 Freeland Park, Wareham Road, Poole, Dorset BH16 6FA, United Kingdom.
ICO registration: ZC141175 (registered 06 May 2026).
Company number: 16663833 (Companies House).

2. Who this policy applies to

This policy applies to visitors to our public website, authorised users of the asset portal and operations console, administrators who issue access keys, and personnel at customer organisations who interact with the platform on behalf of their employer or client.

If you use the platform on behalf of an organisation, that organisation may also have its own policies and contractual terms governing how your activity is handled.

3. Information we collect

Depending on how you interact with us, we may collect:

  • Account and access data — organisation access keys, session identifiers, role assignments (viewer, ops, admin), and authentication logs.
  • Asset and site data — asset labels, descriptions, photos, QR identifiers, BLE MAC addresses, site and zone assignments, geofences, and audit or export records you create in the portal.
  • Gateway and edge telemetry — BLE sighting events (MAC, RSSI, timestamps), gateway heartbeat and health payloads, optional GPS position, firmware version, and command acknowledgements.
  • Environmental sensor data — temperature and relative humidity from SHT30 (or compatible) sensors attached to gateways via I2C, and legacy compliance modules where deployed (e.g. LAeq noise, seismic PPV).
  • Communications — emails and support correspondence when you contact jamie@obsidiandynamics.co.uk.
  • Technical and usage data — IP address, browser type, device characteristics, request logs, error reports, and coarse usage patterns needed to operate and secure the service.

BLE MAC addresses and asset metadata are primarily operational data about equipment and sites. They may indirectly relate to individuals (for example, if an asset is assigned to a named person). We treat such data with the same care as personal data where a link to an identifiable individual exists.

4. How we use information

  • Provide, operate, and improve the Obsidian Node platform
  • Authenticate users and enforce role-based access
  • Display maps, locate sessions, charts, alerts, and exports
  • Manage gateway fleet lifecycle, OTA updates, and remote commands
  • Apply configured data retention and incident workflows
  • Respond to support requests and deployment enquiries
  • Monitor security, prevent abuse, and maintain audit trails
  • Meet legal, regulatory, and contractual obligations

We do not use portal telemetry to build advertising profiles. We do not sell personal data.

5. Legal bases (UK GDPR)

We process personal data on the following bases, as applicable:

  • Contract — to deliver the platform and support to your organisation under deployment or subscription arrangements.
  • Legitimate interests — to secure our systems, improve reliability, and operate a B2B SaaS platform (balanced against your rights).
  • Consent — where required for optional cookies or marketing communications you opt into.
  • Legal obligation — where we must retain or disclose data to comply with law.

6. Sharing and processors

We may share data with trusted service providers who process data on our instructions, including:

  • Cloud hosting and infrastructure providers
  • Email and notification delivery services (if configured)
  • Cellular connectivity partners when gateways use independent backhaul (e.g. Soracom) — payloads transit their networks to reach our ingest endpoints

We require processors to protect data appropriately. We may also disclose information if required by law, court order, or to protect rights, safety, or security.

7. International transfers

Data may be processed in the United Kingdom and, where hosting or support providers are located elsewhere, in countries with appropriate safeguards (such as UK International Data Transfer Agreements or equivalent mechanisms) where required by law.

8. Retention

Retention periods depend on data type and your organisation's configuration:

  • BLE sightings, environmental samples, and compliance time-series may be reduced by automated retention jobs according to platform settings.
  • Account and access logs are kept for security and audit purposes for a limited period.
  • Support emails are retained as needed to handle enquiries and disputes.

When data is no longer required, we delete or anonymise it in line with our retention policies and documentation.

9. Security

We implement technical and organisational measures appropriate to a B2B operations platform, including access controls, encrypted transport (HTTPS), segregated credentials for ingest and admin APIs, and principle of least privilege. No method of transmission or storage is completely secure; you must protect access keys issued to your organisation.

10. Cookies and similar technologies

We use essential cookies to maintain authenticated portal and admin sessions. These are necessary for the service to function and cannot be switched off without affecting sign-in.

We may use limited analytics to understand website and portal usage. You can control non-essential cookies through your browser settings. Blocking essential cookies may prevent you from signing in.

11. Your rights

Under UK data protection law you may have the right to request access, rectification, erasure, restriction of processing, data portability, and to object to certain processing. You may also withdraw consent where processing is consent-based.

To exercise rights, contact jamie@obsidiandynamics.co.uk. You may lodge a complaint with the UK Information Commissioner's Office at ico.org.uk.

12. Children

Obsidian Node is not directed at children under 18. We do not knowingly collect personal data from children. If you believe a child has provided data, contact us and we will take appropriate steps.

13. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will change when we do. Material changes may also be communicated through the portal or by email where appropriate.

14. Contact

Privacy and data protection enquiries:
jamie@obsidiandynamics.co.uk
Obsidian Dynamics Limited, Lytchett House, 13 Freeland Park, Wareham Road, Poole, Dorset BH16 6FA, United Kingdom