We work with a small number of trusted partners to help us deliver our services securely and reliably. This page explains who they are, the types of data involved, and why these relationships exist.
We keep this page clear and simple. If you ever need more detail, please get in touch — we’ll give you a straight, honest answer in as much detail as you reasonably need.
Whenever we share personal data with a third party, we follow four steady rules:
We do not sell personal data. We do not use customer data for our own marketing unless you’ve explicitly asked for that.
Our partners fall into a handful of clear groups, based on the services they provide. In each case we have set out the types of data that may be shared and why.
Virtual Tin manage the underlying hardware, networking and firewall environment for our Windows server platforms, including our Remote Desktop Services (RDS) platform and its management servers.
Data involved: technical logs, IP addresses, account names within managed RDS platforms. Purpose: hosting, security, availability and support.
Our Cultrix Cloud hosting platform runs in Custodian’s UK datacentres, providing the physical environment for our Linux hosting platform running CloudLinux, cPanel and related services.
Data involved: customer website data, application data, technical logs. Purpose: secure, resilient hosting.
We use EUKHost for geographically separated DNS nameserver infrastructure.
Data involved: domain names, DNS zone records. Purpose: DNS hosting for customer and internal domains.
Used for Cultrix staff email, calendars, file storage, Teams, and internal collaboration. We also manage separate customer tenants under contract.
Data involved: names, email addresses, contact details, documents and communications. Purpose: business operations and, for customers, managed IT services.
Our licensing partner for Microsoft 365 products.
Data involved: tenant identifiers, licence assignments, billing contact details. Purpose: software licensing and account management.
Used solely for receiving support emails into our ticketing system where customers choose email-based support.
Data involved: sender email address, message content required to create a support ticket. Purpose: providing support and managing service requests.
Cultrix uses a trusted suite of security and monitoring tools, primarily from the Kaseya group of companies.
Data involved: device identifiers, event logs, system information. Purpose: keeping endpoints updated, patched and secure.
Data involved: Microsoft 365 mailbox and SharePoint/OneDrive content. Purpose: off-platform backup and restore.
Data involved: device activity logs, security alerts, behavioural telemetry. Purpose: malware, ransomware and threat detection.
Data involved: activity logs and security signals from Microsoft 365 and other SaaS apps. Purpose: alerting and automated response.
Data involved: high-level alert metadata, event details. Purpose: rapid triage and response to security events.
Data involved: technical telemetry from scans against our Linux hosting infrastructure. Purpose: vulnerability identification and assurance.
Data involved: device and server security scan results. Purpose: vulnerability detection and risk reduction.
Used to store and securely share system credentials needed for us to deliver managed services. Credentials remain encrypted and are only visible to authorised Cultrix staff.
Data involved: encrypted login credentials, usernames, related notes. Purpose: secure access management for systems we maintain for customers.
Provider of our hosted phone system and call routing services.
Data involved: caller ID, call recordings where applicable, service metadata. Purpose: business telephony.
Our trusted partner for overflow and out-of-hours call answering.
Data involved: caller name, contact information, summary of the reason for the call. Purpose: ensuring callers are looked after if we are unavailable.
Used to manage our accounts, issue invoices and reconcile payments.
Data involved: billing contact information, invoice details. Purpose: financial record keeping and invoicing.
Used for taking customer payments by Direct Debit.
Data involved: account holder name and bank account identifiers required for Direct Debit. Purpose: payment collection.
Our business insurance provider.
Data involved: company contact details and policy information. Purpose: insurance coverage for our operations.
Most of our systems operate within the UK or wider European region. Some cloud security services may process telemetry data in other regions depending on how the vendor operates. In each case we ensure that:
More information about where data is stored in each system is set out in our Cultrix systems page.
We review this list as part of our information security and supplier management processes. If our suppliers change, or if we start using a new platform that involves personal data, we will update this page with clear, sensible explanations.
If you have any questions about our use of third parties, or how your personal data is handled, please contact us using the details in our Privacy and cookies policy.