Legal

Privacy Notice

Last updated: April 2026

Moyopal Limited (trading as CedeOS) is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about individuals who visit our website, enquire about our services, or subscribe to our communications.

This notice does not form part of any contract to provide services. We may update it at any time. Please check back periodically.

CedeOS is a data controller. This means we are responsible for deciding how we hold and use personal information about you and are required under data protection legislation to notify you of the information contained in this notice.

Data protection principles

We comply with applicable data protection law. Personal information we hold about you must be:

• Used lawfully, fairly, and in a transparent way.
• Collected only for valid purposes that we have clearly explained to you.
• Relevant to the purposes we have told you about and limited only to those purposes.
• Accurate and kept up to date.
• Kept only as long as necessary for the purposes we have told you about.
• Kept securely.

The kind of information we may hold

Personal data means any information about an individual from which that person can be identified. Depending on how you interact with us, we may collect:

• Name and job title
• Email address and telephone number
• Company name and industry
• IP address and browser information
• Pages visited and time spent on our website
• Communications you send us
• Subscription and email preference history

We do not collect payment card data, government-issued IDs, or sensitive personal data.

How we collect your information

We collect personal information in the following ways:

• When you complete a contact, demo, or whitepaper request form on this website.
• When you subscribe to our industry newsletter.
• When you correspond with us by email or telephone.
• Automatically through analytics tools when you visit our website (with your consent).
• Through publicly available professional sources such as LinkedIn, where relevant to a business enquiry.

How we may use your information

We will only use your personal information when the law allows us to. We use it to:

• Respond to your enquiry or request.
• Send the whitepaper or resource you have requested.
• Send occasional industry updates and product news to subscribers (you may unsubscribe at any time).
• Understand how visitors use this website so we can improve it.
• Detect and prevent fraud or misuse.

We may process your information on the following legal bases: consent (analytics, session recordings, marketing emails); legitimate interests (responding to enquiries, improving our website, fraud prevention); and contractual necessity (delivering a requested resource). Where we rely on legitimate interests, we have assessed that our interests do not override your rights.

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.

Automated decision-making

We do not make any solely automated decisions (including profiling) that produce legal or similarly significant effects on you.

Disclosure of your information

We may share your personal data with:

• Technology service providers — AWS (cloud hosting, email, file storage), Supabase (database), Google Analytics, PostHog — solely to operate and improve this website.
• Professional advisors — legal, accounting, or auditing firms, where necessary.
• Regulators and authorities — where required by law, including tax authorities or law enforcement.
• Business successors — if we sell or merge our business, the acquiring entity may use your data as described in this notice.

All third-party providers are required to process your data only on our instructions and in accordance with applicable law. We do not permit them to use your data for their own purposes.

Analytics and cookies

With your consent, we use Google Analytics (GA4) (Measurement ID: G-FW890NQ0XD) and PostHog to understand website usage. These tools may set cookies and collect anonymised session data. You can withdraw consent at any time by clearing your cookies and declining when the cookie banner reappears.

PostHog also records anonymised session replays (mouse movements, clicks, scroll) on this marketing website only. Session recording is never active in the CedeOS product environment.

We do not use advertising or retargeting cookies.

International transfers

Some of our service providers (including Google and PostHog) process data in the United States. Where data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved under UK GDPR. AWS may also process data in the EU (Stockholm) and Africa (Cape Town).

Data security

We have implemented appropriate technical and organisational measures to protect your personal information against accidental loss, unauthorised access, disclosure, alteration, or destruction. These include TLS encryption in transit, encrypted storage at rest, and role-based access controls.

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours where required by law, and affected individuals without undue delay where the breach is likely to result in a high risk to their rights.

How long we keep your information

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law:

• Contact and demo request data: up to 2 years from last contact.
• Whitepaper download records: up to 2 years.
• Newsletter subscriber data: until you unsubscribe, then up to 6 months.
• Analytics data: up to 14 months (Google Analytics default).
• Session recordings: up to 12 months.

Where we no longer need to identify you, we may anonymise your information and use it without further notice.

Your rights

Under UK GDPR and applicable frameworks, you have the right to:

• Access — request a copy of the personal information we hold about you.
• Correct — ask us to rectify any inaccurate or incomplete data.
• Delete — request erasure where there is no good reason for us to continue processing.
• Restrict — ask us to suspend processing, for example while accuracy is verified.
• Portability — receive your data in a structured, machine-readable format.
• Object — object to processing based on legitimate interests. We will cease unless we can demonstrate compelling grounds that override your interests. You may also object to processing for direct marketing at any time.
• Withdraw consent — where processing relies on consent, you may withdraw at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email CIO@cedeos.co. We will respond within 30 days. We may need to verify your identity before acting on a request. There is no fee for a reasonable access request.

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) — the UK supervisory authority for data protection. If you are in South Africa, you may contact the Information Regulator.

Data protection contact

Our CIO oversees compliance with data protection laws and this privacy notice. For any questions about how we handle your personal information, contact us at CIO@cedeos.co.

Contact and correspondence address

Moyopal Limited (trading as CedeOS)

Company Number: 16288400 — Registered in England and Wales

Our registered office address will be published here once our registration formalities are complete. In the meantime, all correspondence should be directed to CIO@cedeos.co.

Changes to this notice

We may update this notice at any time. When we make material changes, we will update the date at the top of this page. Where a change affects processing that relies on consent, we will seek fresh consent before implementing it.