Skip to content
Request a demo →
SUPERBLOCK
Legal

Privacy Policy

SBX Group Ltd · UK GDPR / Data Protection Act 2018

Last updated: 17 July 2026

This Privacy Policy explains how SBX Group Ltd (“SUPERBLOCK”, “we”, “us”) collects, uses, and protects personal data when you use the SUPERBLOCK website at superblock.ai. We are the data controller for the personal data described here. We handle personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For general information

This document is provided for general information and does not constitute legal advice. It applies to the superblock.ai website only; the SUPERBLOCK product platforms have their own terms.

  1. 011. Who we are

    The data controller is SBX Group Ltd, a company registered in England and Wales, based in London. For any privacy question, or to exercise your rights, contact us at umair@superblock.ai. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

  2. 022. The data we collect

    We collect only the data we need to respond to you and to operate the Site. Specifically:

    Information you give us

    • Contact and enquiry data: when you complete a form (for example “Request a Demo”, the contact form, a waitlist, or a services or ventures enquiry), we collect your name, work email, and — where you provide them — your company, country, and the message you send.
    • Newsletter data: if you subscribe to updates, we collect your email address and any name you provide.
    • Whitepaper access: if you request the gated whitepaper, we collect the details you submit and your acknowledgement of the access terms.

    Information we collect automatically

    • Analytics data: we use privacy-first, cookieless website analytics that collect aggregated, non-identifying usage information (such as pages viewed and referrer). This is designed not to track individuals across sites and does not build advertising profiles.
    • Security and abuse-prevention data: when you submit a form, our backend records a hashed (non-reversible) representation of your IP address and your browser user-agent string to prevent spam and abuse.

    We do not ask for and do not want sensitive personal data or financial, identity, or payment details through the Site’s forms. Please do not send them.

  3. 033. How we use your data and our lawful bases

    We use your personal data for the following purposes, relying on the lawful bases shown:

    • To respond to your enquiries and provide the information or demo you request — lawful basis: our legitimate interests in responding to you, and taking steps at your request prior to any potential engagement.
    • To send you the newsletter or marketing updates you have asked for — lawful basis: your consent, which you may withdraw at any time.
    • To operate, secure, and improve the Site and prevent abuse — lawful basis: our legitimate interests in running a secure, functional website.
    • To comply with legal obligations — lawful basis: compliance with a legal obligation.
  4. 044. Who we share it with

    We do not sell your personal data. We share it only with service providers who process data on our behalf under contract, and only as needed to provide the Site and respond to you. These include:

    • our website and customer-relationship (CRM) infrastructure, which stores form submissions and contact records;
    • our email service provider, where we send you a reply or an update you have requested;
    • our privacy-first analytics provider; and
    • professional advisers, and authorities where we are legally required to disclose.
  5. 055. International transfers

    Where personal data is transferred outside the UK, we take steps to ensure it is protected to a standard consistent with UK data-protection law — for example by relying on adequacy regulations or on appropriate safeguards such as the International Data Transfer Agreement or Standard Contractual Clauses.

  6. 066. How long we keep it

    We keep personal data only for as long as necessary for the purposes described above, after which it is deleted or anonymised. As a guide: enquiry and lead records are retained for up to 24 months after our last interaction with you; newsletter data is kept until you unsubscribe; whitepaper access records are kept for the duration of the access grant plus our record-keeping period; and data needed to meet legal, accounting, or regulatory obligations is kept for as long as those obligations require.

  7. 077. Your rights

    Under the UK GDPR you have the right to:

    • access the personal data we hold about you;
    • have inaccurate data corrected;
    • have your data erased in certain circumstances;
    • object to, or ask us to restrict, our processing;
    • data portability; and
    • withdraw consent at any time, where we rely on consent (this does not affect processing already carried out).

    To exercise any of these rights, contact us at umair@superblock.ai. We will respond within the time limits set by law.

  8. 088. Cookies

    The Site is designed to run without advertising or cross-site tracking cookies, and our analytics are cookieless. Where any strictly necessary cookies or local storage are used to make the Site function, they are covered in our Cookie Policy.

  9. 099. Complaints

    If you have a concern about how we handle your personal data, please contact us first so we can try to resolve it. You also have the right to complain to the UK’s data-protection regulator, the Information Commissioner’s Office (ICO), at ico.org.uk.

  10. 1010. Changes to this policy

    We may update this Privacy Policy from time to time. The current version is the one published here, with the “last updated” date shown above. For any question, contact umair@superblock.ai.