Privacy Policy
How we collect, use, and protect your personal data
Last updated: February 2026
1. Who We Are
ClientLight is a trading name of Morliia Ltd, a company registered in England and Wales. We are the data controller responsible for your personal data.
Company: Morliia Ltd
Email: hello@morliia.com
ICO Registration: ZC083220
2. Data We Collect
We collect and process the following categories of personal data:
Account Information
- Email address (required for account creation)
- Name (if provided)
- Password (stored securely hashed)
Usage Data
- Company checks performed (company names and numbers searched)
- Check history and timestamps
- Subscription status and tier
Payment Information
- Payment card details are processed directly by Stripe and never stored on our servers
- We store Stripe customer IDs and subscription references only
- Billing history and invoice records
Technical Data
- IP address
- Browser type and version
- Device information
- Cookies and similar technologies (see our Cookie Policy)
3. Legal Basis for Processing
We process your personal data under the following lawful bases:
Contract Performance
To provide you with our company check service, manage your account, and process payments.
Legitimate Interests
To improve our service, prevent fraud, and ensure security. We balance our interests against your rights and freedoms.
Legal Obligation
To comply with applicable laws, including tax and accounting requirements.
Consent
For optional marketing communications (you can withdraw consent at any time).
4. Third-Party Data Processors
We share your data with the following service providers who process data on our behalf:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database hosting and authentication | EU/US |
| Stripe | Payment processing | US (with EU safeguards) |
| Vercel | Website hosting and analytics | Global CDN |
| Advertising conversion tracking | US (with EU safeguards) |
Data Sources We Query
To provide company reports, we query the following public data sources. No personal data about you is shared with these services:
- Companies House (company registration data)
- The Gazette (insolvency notices)
- HMRC (VAT registration verification)
- Land Registry (property ownership)
- Sanctions screening service
- Registry Trust (CCJ lookups)
- FCA Register (financial services authorisation)
- Contracts Finder (government contracts)
- Charity Commission (charity status)
- XBRL Accounts (financial data parsing)
- Director Insolvency Service (director bankruptcy records)
We may access publicly available company websites to verify online presence, SSL certificates, and business information displayed on the site. We identify ourselves via our User-Agent string, respect robots.txt directives, and rate-limit all requests.
5. Data Retention
We retain your data for the following periods:
| Data Type | Retention Period |
|---|---|
| User account data | Until you request deletion |
| Check history | 7 years (business records requirement) |
| Payment records | 7 years (tax/accounting requirement) |
| Cached company data | 4-24 hours (refreshed regularly) |
| Server logs | 90 days |
6. Your Rights
Under UK GDPR, you have the following rights:
- Right of access: Request a copy of your personal data
- Right to rectification: Request correction of inaccurate data
- Right to erasure: Request deletion of your data (subject to legal retention requirements)
- Right to restrict processing: Request limitation of how we use your data
- Right to data portability: Receive your data in a machine-readable format
- Right to object: Object to processing based on legitimate interests
- Right to withdraw consent: Where processing is based on consent
To exercise any of these rights, please contact us at hello@morliia.com. We will respond within 30 days.
7. International Data Transfers
Some of our service providers (Supabase, Stripe) may process data outside the UK/EEA. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office.
8. Data Security
We implement appropriate technical and organisational measures to protect your data, including:
- Encryption in transit (TLS/HTTPS) and at rest
- Secure password hashing
- Access controls and authentication
- Regular security reviews
9. Cookies
We use cookies to enable essential functionality such as authentication. For full details, please see our Cookie Policy.
10. Children's Privacy
Our service is intended for business use and is not directed at individuals under 18 years of age. We do not knowingly collect personal data from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice on our website. The "Last updated" date at the top of this policy indicates when it was last revised.
12. Complaints
If you have concerns about how we handle your data, please contact us first at hello@morliia.com. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Website: ico.org.uk
Phone: 0303 123 1113
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
13. Contact Us
For any questions about this Privacy Policy or our data practices, please contact:
Morliia Ltd (trading as ClientLight)
Email: hello@morliia.com