Last updated: November 19, 2025
Introduction
Welcome to Mushroom Computing's Privacy Policy. As a software development company specializing in custom applications, IT consulting, and GDPR-compliant solutions, your privacy is critically important to us. At Mushroom Computing, we have a few fundamental principles:
- We collect minimal personal information—only what is necessary to respond to inquiries and provide our services.
- We store personal information for only as long as we have a legitimate business reason to keep it.
- We maintain strict confidentiality regarding client projects and any data shared during the software development process.
- We implement industry-standard security measures to protect your information.
- We aim for full transparency on how we gather, use, and share your personal information.
This Privacy Policy applies to information that we collect about you when you use our website or engage with us for software development services, IT consulting, or when inquiring about our products such as Obfusca.
Data Controller Information
Mushroom Computing Ltd (Company Registration Number: 9312662) is the data controller responsible for your personal information. Our registered office and contact details are provided in the Contact Us section at the end of this policy.
Information We Collect
We only collect information about you if we have a reason to do so—for example, to respond to your inquiries, to provide software development services, or to deliver IT consulting. As a B2B software development company, our data collection is minimal and purposeful.
Information You Provide to Us
We collect information that you provide to us directly when you engage with our business:
- Contact inquiries: When you submit an inquiry through our contact form, we collect your name, email address, phone number (if provided), company name (if provided), and the message content describing your inquiry or project requirements.
- Client project information: When you engage us for software development or IT consulting services, we may collect business contact information, technical requirements, and project-specific data necessary to deliver our services. All client project data is treated as strictly confidential.
- Communications with us: We retain records of email correspondence, phone conversations (notes only, not recordings), and other communications related to our business relationship.
- Obfusca product inquiries: If you request information about or a demonstration of our Obfusca data obfuscation software, we collect only the information necessary to provide the demo or respond to your inquiry. We do not process your actual production data during demonstrations unless explicitly agreed in writing under a separate data processing agreement.
Information We Collect Automatically
When you visit our website, we collect limited technical information automatically:
- Server logs: Our web server automatically logs standard information including IP address, browser type, operating system, referring page, pages visited, and date/time stamps. This information is used for security monitoring, technical troubleshooting, and understanding general website traffic patterns.
- Cookies: We use only essential cookies required for website functionality and security:
- Session cookie (rate_limit_token): A temporary cookie used for rate limiting on our contact form. This cookie expires when you close your browser and helps prevent abuse by limiting the number of messages that can be sent within a 5-minute period.
- Cloudflare Turnstile: A security cookie used to protect our contact form from automated spam and bot submissions. This third-party cookie is provided by Cloudflare and verifies that form submissions are from real people, not automated scripts.
We do not use: analytics tracking (such as Google Analytics), advertising cookies, social media tracking pixels, or any other third-party tracking technologies on our website.
How We Use Information
We use the information we collect for specific, legitimate business purposes:
- To respond to inquiries: We use your contact information to respond to your questions about our software development services, IT consulting, cloud solutions, or products such as Obfusca.
- To deliver software development services: When you engage us as a client, we use the information you provide to understand project requirements, develop custom software solutions, provide IT consulting, and deliver the services you've contracted us for.
- To maintain client relationships: We keep records of our business communications and project work to maintain continuity in our client relationships and fulfill our contractual obligations.
- To protect security: We use server logs and security measures to protect our website from attacks, prevent spam and abuse of our contact form, and ensure the security of our systems.
- To comply with legal obligations: We retain certain information as required by UK law, including accounting records and contractual documentation.
Data Retention
We retain personal information for the following periods:
- Contact form submissions: 12 months from submission date, unless they lead to a business relationship.
- Client project data: For the duration of the project plus 6 years to comply with UK accounting and tax regulations.
- Server logs: 90 days for security monitoring purposes.
- Business correspondence: 6 years to comply with UK business record-keeping requirements.
After these retention periods, personal information is securely deleted or anonymized.
Sharing Information
We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following limited circumstances:
Third-Party Service Providers
We use the following third-party service providers who may process your data on our behalf:
- Cloudflare (USA): Website security, DDoS protection, and CAPTCHA services. May process IP addresses and browser information. Privacy Policy
- Amazon Web Services/AWS (USA): Cloud hosting infrastructure for client projects and applications. Privacy Policy
- Data8 (UK): Data validation and verification services. Privacy Policy
- PHPMailer: Email library for secure transmission of contact form submissions to our business email.
All service providers are carefully selected and are contractually obligated to protect your data, use it only for specified purposes, and comply with applicable data protection laws including GDPR.
International Data Transfers
Some of our service providers (Cloudflare, AWS) are located in the United States. When we transfer personal data outside the UK/EEA, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office
- Service providers' participation in recognized data protection frameworks
- Additional security measures to protect data during international transfers
Other Sharing Circumstances
- Client-authorized sharing: During software development projects, we may share information with third-party services or platforms that you've authorized us to integrate with (e.g., databases, cloud platforms, APIs), but only as necessary to deliver the contracted services.
- Legal requirements: We may disclose information if required by UK law, court order, or governmental request, or to protect our legal rights and safety.
- Business transfers: In the event of a merger, acquisition, or sale of business assets, client information may be transferred to the acquiring entity, subject to the same privacy protections outlined in this policy.
Client confidentiality: All client project data, source code, business logic, and proprietary information shared during software development engagements are treated as strictly confidential and are protected by non-disclosure agreements.
Security
As a software development company specializing in secure solutions, we take data security seriously and implement industry-standard measures to protect your information:
- Transport encryption: Our website uses HTTPS with SSL/TLS encryption to protect data transmitted between your browser and our servers.
- Security headers: We implement Content Security Policy (CSP), HTTP Strict Transport Security (HSTS), and other security headers to protect against common web vulnerabilities.
- CAPTCHA protection: Our contact form is protected by Cloudflare Turnstile to prevent automated spam and abuse.
- Rate limiting: We implement rate limiting on form submissions to prevent abuse and denial-of-service attempts.
- Server security: Our hosting infrastructure is maintained with regular security updates and monitoring.
- Access controls: Access to personal information is restricted to authorized personnel only and is protected by authentication mechanisms.
While no system can be 100% secure, we continuously monitor and update our security practices to protect against unauthorized access, use, alteration, or destruction of personal information.
Your Rights
If you are located in certain parts of the world, including the UK and countries that fall under the scope of the European General Data Protection Regulation (GDPR), you may have certain rights regarding your personal information, such as:
- The right to access information we hold about you.
- The right to request that we correct or update your personal information when it is inaccurate or incomplete.
- The right to request that we erase your personal information in certain circumstances.
- The right to object to our processing of your personal information.
- The right to request that we restrict processing of your personal information in certain circumstances.
- The right to data portability, which allows you to receive a copy of your personal information in a structured, commonly used, and machine-readable format and to transfer that information to another controller.
To exercise these rights, please visit our contact section or email us directly at [email protected].
Changes to This Privacy Policy
We may update this privacy policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will post any privacy policy changes on this page and update the "Last updated" date at the top of this policy. For material changes that significantly affect your rights, we will provide notice via email to our active clients or through a prominent notice on our website. The current version was last updated on November 19, 2025. We encourage you to review this policy periodically to stay informed about how we protect your information.
Contact Us
If you have questions about this privacy policy, wish to exercise your data protection rights, or have concerns about how we handle your personal information, please contact us:
Mushroom Computing Ltd
Company Registration Number: 9312662
West Bromwich
West Midlands
United Kingdom
Privacy Inquiries:
Email: [email protected]
General Contact:
Phone: +44 (0)800 291 1061
Mobile: +44 (0)7788 249461
Email: [email protected]
If you are not satisfied with our response to your privacy concern, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.