Legal

Privacy Policy

Oruma Spec Limited

Company Number 17076427

Church House, Walkhampton, Yelverton, PL20 6JY, United Kingdom

Version 1.0 · Effective 29 June 2026

This policy explains how Oruma Spec Limited (“we”, “us”, or “our”) collects, uses and protects your personal data when you use OrumaSpec.

1. Introduction

1.1 Important information and who we are

Welcome to Oruma Spec Limited's Privacy and Data Protection Policy (“Privacy Policy”).

At Oruma Spec Limited we are committed to protecting and respecting your privacy and Personal Data in compliance with the United Kingdom General Data Protection Regulation (“GDPR”), the Data Protection Act 2018 and all other mandatory laws and regulations of the United Kingdom.

This Privacy Policy explains how we collect, process and keep your data safe. It describes your privacy rights, how the law protects you, and the obligations of our employees and staff when processing data.

The individuals from whom we may gather and use data include:

  • Customers and prospective customers (including individuals at architecture practices who enquire about, register for or use our service); and
  • Any other people that the organisation has a relationship with or may need to contact.

This Privacy Policy applies to all our employees and staff members and all Personal Data processed at any time by us.

1.2 Your Data Controller

Oruma Spec Limited is your Data Controller and is responsible for your Personal Data. We are not obliged by the GDPR to appoint a data protection officer and have not voluntarily appointed one at this time.

Enquiries about your data should be sent by email to support@orumaspec.com or by post to Church House, Walkhampton, Yelverton, PL20 6JY, United Kingdom.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

1.3 Processing data on behalf of a Controller

In discharging our responsibilities as a Data Controller we have employees who deal with your data on our behalf (known as “Processors”). The Data Controller and our Processors are responsible for ensuring that:

  • All processing of Personal Data is governed by one of the legal bases laid out in the GDPR (see section 2.2);
  • Processors authorised to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
  • Appropriate technical and organisational measures are implemented to ensure a level of security appropriate to the risk;
  • Prior authorisation of the Controller is obtained before engaging another Processor;
  • The Controller is assisted in responding to requests for exercising data subject rights;
  • Information necessary to demonstrate GDPR compliance is made available to the Controller and audits are permitted;
  • A record of processing activities carried out on behalf of a Controller is maintained;
  • The supervisory authority is cooperated with on request;
  • Persons with access to Personal Data process it only on instructions from the Controller; and
  • The Controller is notified without undue delay after becoming aware of a Personal Data Breach.

3. How we use your personal data

3.1 Our data uses

We will only use your Personal Data when the law allows us to.

Set out below is a table containing the different types of Personal Data we collect and the lawful basis for processing that data. Please refer to section 2.2 for more information on the lawful basis listed in the table below.

Examples provided in the table below are indicative in nature and the purposes for which we use your data may be broader than described, but we will never process your data without a legal basis for doing so and it is for a related purpose. For further enquiries please contact us.

ActivityType of dataLawful basisPurpose
When you visit our websiteUsage & Technical DataLegitimate InterestTo operate and secure our website, understand how it is used and improve it
When you make an enquiry or contact usContact Data; Support & Correspondence DataLegitimate InterestTo respond to your enquiry and provide the information or support you request
When you join our waitlistContact Data (name and email address)ConsentTo register your interest, keep you updated about our launch and send you the communications you have asked for
When you opt in to marketing communicationsMarketing and Communications DataConsentWe need to process this data so that we know who and where to send marketing information
When an architecture practice creates an account (only if you sign up)Identity & Account Data; Contact DataContractual ObligationsTo create, administer and secure your account and to provide the service to you
When you use the platform, e.g. writing specifications (only if you sign up)Usage & Technical Data; Content DataContractual Obligations; Legitimate InterestTo deliver the service, store your work, provide support and improve the product
When you subscribe to a paid plan (only if you sign up)Payment & Transaction Data (via Stripe)Contractual Obligations; Legal ComplianceTo take payment for your subscription and to keep accounting and tax records as required by law

Activities marked “only if you sign up” apply only where an architecture practice registers for an account or subscribes to a paid plan. If you only browse our website or contact us with an enquiry, we will not collect account, platform-usage or payment data from you.

3.2 Marketing and content updates

You will receive marketing and new content communications from us if you have created an account and chosen to opt into receiving those communications. From time to time we may make suggestions about goods or services that may be of interest to you.

3.3 Change of purpose

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your Personal Data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.

Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

4. Cookies

4.1 What cookies are

Cookies are small text files placed on your device when you visit a website. Similar technologies such as local storage, pixels and tags work in a comparable way. References to “cookies” in this policy include those technologies.

4.2 The cookies we use

  • Strictly necessary cookies: required for the website and platform to function, including sign-in and session security. These cannot be switched off through our cookie controls.
  • Functional cookies: remember choices you make and provide enhanced features. Set only with your consent.
  • Analytics and performance cookies: help us understand how visitors use our website and platform. Set only with your consent; information is aggregated where possible.

4.3 Managing your cookie preferences

When you first visit our website you will be presented with a cookie banner that allows you to accept or reject non-essential cookies. You can change your preferences at any time using the cookie settings on our website, or through your browser settings. Disabling strictly necessary cookies may prevent parts of the website from working properly.

5. Your rights and how you are protected

5.1 Your legal rights

Under certain circumstances, you have the following rights in relation to your personal data:

  • Right to be informed — about our purposes, retention and sharing (as set out in this policy).
  • Right of access — to receive a copy of the personal data we hold about you (see section 5.4).
  • Right to rectification — to request correction of inaccurate or incomplete data.
  • Right to erasure — to ask us to delete personal data in certain circumstances.
  • Right to object — including to direct marketing or processing based on legitimate interests.
  • Right to restrict processing — in certain circumstances, such as while accuracy is verified.
  • Right to data portability — to receive your data in a structured, machine-readable format where applicable.

To make a request under any of these rights, contact us at support@orumaspec.com.

5.2 How we protect your data

Personal Data is accessible only to a limited number of employees with special access rights who are bound by confidentiality obligations. When we use subcontractors to store your data, we do not relinquish control of your Personal Data or expose it to security risks that would not have arisen had the data remained in our possession.

No transmission of data over the internet is guaranteed to be completely secure. While we strive to protect your Personal Data, we cannot ensure or warrant the security of any Personal Data you transmit to us. Any such transmission is at your own risk.

5.3 Opting out of marketing

You can ask us to stop sending you marketing messages at any time by using the unsubscribe link at the bottom of each marketing email. Where you opt out, we will continue to retain other Personal Data from interactions not related to marketing preferences.

5.4 Requesting your data

You will not have to pay a fee to access your Personal Data. We may refuse clearly unfounded requests. We may need to verify your identity before responding, which helps ensure Personal Data is not disclosed to the wrong person.

6. Your data and third parties

6.1 Sharing your data

We may share Personal Data with interested parties in connection with a change of control, acquisition, or licensing of our technology. If Oruma Spec Limited is sold or makes a transfer, your Personal Data may be transferred as part of that transaction, subject to the acquiring entity's privacy policy.

We may also share Personal Data where required for legal reasons or to enforce our terms or this Privacy Policy.

6.2 Our sub-processors

We use trusted third-party service providers (“sub-processors”) who process Personal Data on our behalf. We only share the Personal Data necessary for them to perform their services, and we require each of them to provide appropriate safeguards for your data and to process it only on our instructions.

Sub-processorPurposeLocation of processing
StripePayment processing and Direct Debit collectionUSA / EU
VercelHosting of our website and application front endUSA
RenderHosting of our application back end and databaseUSA / EU
ResendSending transactional and marketing emailsUSA
AttioCustomer relationship management, including managing waitlist sign-ups and enquiriesEU / USA

This list may change as our service develops. Where Personal Data is transferred outside the United Kingdom, we ensure appropriate safeguards are in place (see section 8).

7. How long we retain your data

We retain Personal Data only for as long as reasonably necessary to fulfil the purposes for which it was collected. We may retain data for longer if there is a complaint or we reasonably believe there is a prospect of litigation in respect of our relationship with you.

8. International transfer of data

Your information may be stored and processed in the United Kingdom or in other countries where Oruma Spec Limited or our service providers have facilities, including the sub-processors listed in section 6.2. By using OrumaSpec, you consent to the transfer of information, including Personal Data, outside the United Kingdom where appropriate safeguards are in place.

9. Changes to this policy

We keep this Privacy Policy under review and will place any updates on this page. This version is 1.0, effective 29 June 2026.

By using OrumaSpec, you consent to the collection and use of data as set out in this Privacy Policy. Continued use after changes constitutes acceptance of the updated policy.

10. Interpretation

All uses of “including” mean “including but not limited to”. Email addresses in this policy may be used only for the stated purpose. Unless required by law, we reserve the right not to respond to unrelated correspondence sent to those addresses.

Our staff are not authorised to contract on behalf of Oruma Spec Limited, waive rights or make representations. If anything in an email contradicts this policy, our terms or an official website announcement, the written policy or terms take precedence — except for genuine correspondence from our legal department.

Questions about this policy? Email support@orumaspec.com · Back to home