Legal

Terms & Privacy.

The legal terms that govern your use of this website, and how Span Consulting Ltd handles personal data.

Section one

Website terms.

1

Who we are

This website (the “Site”) is operated by Span Consulting Ltd (“Span Consulting”, “we”, “us”, “our”), a company registered in England and Wales with company number 10217083. Our registered office is Sanders Gate Churchfields, Stonesfield, Witney, England, OX29 8PP. If you have any questions about these terms, please contact us at: privacy@spanb2b.io.

2

Acceptance of these terms

By accessing or using the Site, you agree to be bound by these Website Terms of Use. If you do not agree with them, please do not use the Site.

We may update these terms from time to time. Any changes will be posted on this page with an updated “Last updated” date. Your continued use of the Site after changes are posted means you accept the revised terms.

3

Use of the Site

You may use the Site only for lawful purposes and in a way that does not infringe the rights of, restrict or inhibit anyone else’s use and enjoyment of the Site. You agree not to:

  • Misuse the Site or introduce viruses, trojans, worms, logic bombs or other malicious or technologically harmful material.
  • Attempt to gain unauthorised access to the Site, the server on which it is stored, or any server, computer or database connected to the Site.
  • Use the Site in any way that breaches applicable local, national or international law or regulation.

We may suspend, withdraw or restrict the availability of all or any part of the Site for business or operational reasons at any time.

4

Intellectual property rights

Unless otherwise stated, we (or our licensors) own all intellectual property rights in the Site and in the material published on it, including text, images, graphics, logos, and layouts. You may:

  • View, download and print pages from the Site for your own internal business use;
  • Share links to our content, provided you do so in a fair and lawful manner.

You must not:

  • Modify copies of any materials you have printed or downloaded;
  • Use any illustrations, photographs, video or audio separately from accompanying text;
  • Use any part of the content on our Site for commercial purposes without obtaining a licence from us or our licensors.
5

No reliance on information

The content on our Site is provided for general information only. It is not intended to constitute advice on which you should rely. You must obtain professional or specialist advice before taking, or refraining from, any action based on the content on our Site. Although we make reasonable efforts to update the information on our Site, we make no representations, warranties or guarantees, whether express or implied, that the content on our Site is accurate, complete or up to date.

6

Third-party links

The Site may contain links to other websites and resources provided by third parties. These links are provided for your information only. We have no control over, and are not responsible for, the content or privacy practices of those sites.

7

Our responsibility for loss or damage suffered by you

Nothing in these terms excludes or limits our liability for death or personal injury caused by our negligence, for fraud or fraudulent misrepresentation, or any other liability that cannot be excluded or limited by law.

To the fullest extent permitted by law:

  • We exclude all implied conditions, warranties, representations or other terms that may apply to the Site or any content on it.
  • We will not be liable to you for any loss or damage, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, arising under or in connection with:
    • use of, or inability to use, the Site; or
    • use of or reliance on any content displayed on the Site.

In particular, we will not be liable for any loss of profits, sales, business or revenue; business interruption; loss of anticipated savings; loss of business opportunity, goodwill or reputation; or any indirect or consequential loss or damage.

8

Governing law and jurisdiction

These Website Terms of Use, and any dispute or claim arising out of or in connection with them, are governed by the laws of England and Wales. The courts of England and Wales will have exclusive jurisdiction.

Section two

Privacy policy.

Effective date: 1 December 2025

1

Who we are and how to contact us

Span Consulting Ltd (“Span Consulting”, “we”, “us”, “our”) is a company registered in England and Wales with company number 10217083. Our registered office is: Sanders Gate Churchfields, Stonesfield, Witney, England, OX29 8PP. We are the data controller for the personal data described in this policy (unless stated otherwise).

How to contact us about privacy. Email: privacy@spanb2b.io

This policy explains how we collect and use personal data when you:

  • visit our websites and pages we control (the “Site”),
  • interact with our content, emails, or ads,
  • download resources, register for webinars or events,
  • communicate with us or become a sales prospect or customer,
  • apply for a role via our careers pages.

It does not cover personal data we process strictly on behalf of our clients as a processor; in those cases we follow the client’s instructions and their privacy notices apply.

2

The personal data we collect

a) Data you provide directly

  • Contact details: name, business email, phone, job title, company, country or region.
  • Account & event data: login details (if applicable), registrations, preferences, dietary or access needs.
  • Content interactions: forms, demo requests, survey responses, support queries.
  • Recruitment: CV or resumé, cover letter, work history, right-to-work information.

b) Data collected automatically

  • Usage and technical data: IP address, device identifiers, browser type and version, pages viewed, timestamps, referral URLs, approximate location (derived from IP), and similar.
  • Cookies and similar tech: cookies, pixels, tags, local storage used for essential site functions, analytics, and (if enabled) advertising or retargeting. See Section 4.

c) Data from third parties

  • B2B data providers and public sources: professional or business contact information from sources such as LinkedIn, company websites, event organisers or licensed lead-generation providers.
  • Partners & analytics: information about engagement with our campaigns (e.g. email opens, ad impressions, form fills) and event attendance records.

We do not intentionally collect special category data (e.g. health data) via the Site, nor do we seek data from children.

3

Why we use your data and our lawful bases (UK/EU)

PurposeExamplesLawful basis
Operate the Site & deliver contentSecurity, load balancing, remembering cookie choicesLegitimate interests (running a secure, functional website) or consent where required
Respond to enquiries & provide downloads/demosFulfilling your requestsContract or legitimate interests
Marketing & ABM (B2B)Sending relevant updates; tailoring content by role or industry; LinkedIn audiencesLegitimate interests (B2B direct marketing) and/or consent where required (e.g. email opt-in in some countries)
Analytics & improvementUnderstanding Site performance and content effectivenessLegitimate interests; consent where required
Events & webinarsRegistrations, attendance managementContract; legitimate interests
RecruitmentEvaluate applications; communicate about rolesLegitimate interests; legal obligation
Legal & complianceRecord-keeping, exercise or defend legal claims, fraud preventionLegal obligation; legitimate interests

Where we rely on consent (e.g. non-essential cookies or certain email marketing), you can withdraw it at any time (see Section 9 and “Withdrawal of consent” below).

4

Website hosting, cookies, analytics and ads

a) Website hosting and infrastructure

Our Site is delivered through Cloudflare’s global edge network (Cloudflare, Inc., United States), which handles request routing, TLS termination, caching and basic security protections such as DDoS mitigation. Cloudflare may process limited connection metadata (for example, IP address and request headers) for the purposes of delivering the Site and protecting it from abuse.

Application data, including records created when you submit a form or set cookie preferences, is stored in a managed Postgres database operated by Supabase (Supabase, Inc., United States) via the Lovable Cloud platform. Data is transmitted over HTTPS and held on access-controlled servers.

b) Cookie consent log

When you make a choice in our cookie banner, we record an auditable consent record so we can demonstrate compliance with PECR and UK/EU GDPR. Each record contains your choices (analytics on/off, marketing on/off), the policy version, a timestamp, a truncated user-agent string and a salted SHA-256 hash of your IP address (the raw IP is never stored). This processing is necessary for our legitimate interest in maintaining a lawful audit trail of consent.

c) Analytics and advertising tags

We do not currently load Google Analytics, the LinkedIn Insight Tag, Google Ads tags or any other third-party analytics or advertising scripts on this Site. If we introduce them in future, we will update this policy, surface the new categories in our cookie banner and only load them after you have given consent where required by law.

d) Your cookie choices

  • Our cookie banner allows you to accept or reject non-essential cookies by category, and to change your decision at any time via the “Cookie preferences” link in the footer.
  • You can also adjust your browser settings to block or delete cookies.
  • In some regions, we recognise Global Privacy Control (GPC) signals and treat them as an opt-out of certain tracking or “sharing” for targeted advertising under applicable laws.

If you need help managing cookies, you can email us at privacy@spanb2b.io.

5

Withdrawal of consent

If you do not want us to process your data on the basis of consent (including for analytics, advertising or marketing), you can:

We aim to respond within 30 days. If your request is complex or will take longer to resolve, we will let you know and provide an expected response date.

6

How we share personal data

We may share personal data with:

  • Service providers (processors): hosting and infrastructure (Cloudflare for edge delivery; Supabase via Lovable Cloud for database storage), email or SMS platforms, webinar or event tools, customer support, CRM or marketing platforms, and lead-verification services.
  • Business partners: resellers, referral partners, and event co-hosts when you interact with joint content or events.
  • Professional advisors & compliance: auditors, insurers, lawyers; government or law-enforcement where required.
  • Corporate transactions: if we merge, sell or reorganise our business, data may transfer to new owners.

We require processors to safeguard data and to use it only according to our instructions. We do not sell personal information for money. In some jurisdictions, our use of advertising cookies may be considered “sharing” for cross-context behavioural advertising (see Section 11).

7

International data transfers

We may transfer personal data outside the UK/EEA (for example, to service providers such as Cloudflare or Supabase, both based in the United States). Where we do so, we use appropriate safeguards, such as:

  • UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses;
  • EU Standard Contractual Clauses (SCCs); and
  • additional technical and organisational measures where appropriate.

You can request more information about relevant transfer mechanisms by contacting us (noting that some details may be redacted for confidentiality).

8

Data retention

We keep personal data only as long as needed for the purposes set out in this policy, including to meet legal, accounting, or reporting requirements. Where data is held in our website database, an automated nightly job enforces these limits and either redacts or deletes records once they pass the retention window.

Website database (enforced automatically)

  • Chat contact requests (name, work email, company, message, transcript): transcript is redacted after 6 months; the full record is deleted after 24 months.
  • Blocked or flagged chat submissions: name, email, company, message and transcript are redacted after 6 months; the audit record itself is deleted after 12 months.
  • Anonymous chat questions (no contact details): deleted after 12 months.
  • Cookie consent log (choices, policy version, hashed IP, user-agent): deleted after 24 months.
  • Page error logs (path, error message, user-agent): deleted after 90 days.

Other contexts

  • Marketing or lead data held in our CRM: around 12 to 24 months from last meaningful interaction, or until you opt out.
  • Event records: up to 12 months after the event.
  • Recruitment data: around 6 to 12 months after a hiring decision unless you consent to a longer talent-pool period.
  • Edge or security logs at our hosting provider: up to 12 months, unless needed longer for security or legal reasons.

Where law requires longer retention (for example, accounting or tax records), we keep the minimum data needed to comply. We then delete or irreversibly anonymise the data.

9

Security

We use administrative, technical and physical safeguards appropriate to the nature of the data (for example, encryption in transit, access controls, least-privilege access and monitoring).

No system is 100% secure. If we become aware of a data breach involving your personal data, we will act in line with applicable laws, which may include notifying you and/or regulators where required.

10

Your rights (UK / EU / EEA & similar jurisdictions)

Subject to conditions and applicable law, you may have the right to:

To exercise these rights, submit a privacy request or email privacy@spanb2b.io. We may request additional information to verify your identity.

You also have the right to complain to your local supervisory authority:

  • UK: Information Commissioner’s Office (ICO) | see ico.org.uk
  • EEA: contact your local Data Protection Authority.

We do not use solely automated decision-making that produces legal or similarly significant effects.

11

U.S. State privacy disclosures (including California)

If you are a resident of certain U.S. states with consumer privacy laws (such as California, Colorado, Connecticut, Virginia, Utah), this section supplements the policy above.

a) Categories of personal information we collect (last 12 months)

  • Identifiers & contact info: name, email, phone, IP address, device IDs.
  • Commercial or interaction info: downloads, demo requests, event registrations, content views.
  • Internet or technical activity: browsing history on our Site, interactions with emails or ads.
  • Professional information: job title, employer, industry.
  • Inferences: interest segments or audience groupings for B2B marketing.

b) Purposes, sources and disclosures

  • Purposes: as described in Sections 3 to 4 (operate Site, respond to requests, analytics, B2B marketing, security, legal compliance).
  • Sources: you, your devices, cookies or pixels, business contact providers, partners and publicly available sources.
  • Disclosure for business purposes: we disclose personal information to service providers and contractors (e.g. hosting, analytics, marketing operations) and to partners when you engage with joint content or events.

c) Sale or Share

We do not sell personal information for money. We may “share” personal information (as defined under California law) with advertising or analytics partners for cross-context behavioural advertising (e.g. via cookies or tags).

You can opt out of “sale” or “sharing” by:

  • disabling Advertising or Marketing cookies via our cookie banner (where available);
  • enabling a Global Privacy Control (GPC) signal in your browser (we honour it where required); or
  • emailing privacy@spanb2b.io with “Do Not Sell/Share” in the subject line.

We do not use or disclose sensitive personal information for purposes that require a “limit use” link under California law.

d) Your U.S. rights

Subject to exceptions, you may request to:

We will not discriminate against you for exercising your rights. To submit a request, use our privacy request form or email privacy@spanb2b.io. If we deny your request, some states allow you to appeal by replying to our decision email with “Appeal” in the subject line.

e) Authorised agents

Where permitted, you may use an authorised agent to submit requests on your behalf. We may require proof of authorisation and may still need to verify your identity directly.

12

Children

Our Site is not intended for children under 13 (or under 16 in some regions). We do not knowingly collect children’s personal data. If you believe a child has provided data to us, contact privacy@spanb2b.io and we will take appropriate steps.

13

Third-party links

Our Site may contain links to third-party websites or services. Their privacy practices and terms are their own; please review their policies before providing them with personal data.

14

Changes to this policy

We may update this Website Privacy Policy from time to time. We will post the new version on this page and update the “Effective date” above. If changes are material, we will take additional steps required by law (for example, providing a prominent notice on the Site).