Obvis Limited — Website and Mailing List Privacy Notice
Introduction
We are Obvis Limited, a company registered in England and Wales under company number 03944400 and with our registered address at Melrose House, Pynes Hill, Rydon Lane, Exeter, EX2 5AZ.
Obvis Limited respects your privacy. All information you give us is held with care and security.
This privacy notice explains how we collect, store and use information about you when you access or use our websites and web applications, or when you subscribe to our mailing lists or email courses (together the "Services"). This notice also explains how we use cookies.
This notice covers the following sites and services operated by Obvis Limited:
- https://www.obvis.com — our main company and product information website
- https://help.obvis.com — product documentation and support knowledge base
- https://app.obvis.com — the Archie-M web application
- https://files.obvis.com — file delivery service for Archie-M
- https://www.reveal4d.com — product information website for reveal4d, a structural analysis tool published by Obvis Limited
- https://app.reveal4d.com — the reveal4d web application
- https://files.reveal4d.com — file delivery service for reveal4d
This notice also covers personal data collected when you subscribe to our mailing lists or email courses, when you contact us directly by email or telephone, or when you provide your contact details to us at conferences, training events, or CPD events — whether or not you have visited any of the above sites.
For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Obvis Limited is the data controller — the company responsible for, and in control of, the processing of any personal data you provide to us.
We do not sell, rent or loan any personally identifiable information regarding our customers to any third party. We do not transfer any personally identifiable information to third parties except as described within this privacy notice.
Any questions regarding this privacy notice or our practices relating to personally identifiable information should be directed to privacy@obvis.com.
Why do we collect personal data?
We will use the personal information provided to us in order to:
- respond to enquiries you send us via contact forms, email, or telephone;
- send you our newsletters and updates, where these are requested by you;
- send you our email courses and educational content, where these are requested by you;
- track your engagement with us, including through our websites, articles, and newsletters, so we can improve the content and communications we provide;
- follow up with you after meeting at conferences, training events, or CPD events where you have given us your contact details;
- send you information about our products and services or those of our associated company Bill Harvey Associates Limited, where we have a legal basis to do so; and
- comply with our legal obligations.
We may collect personal information you provide to us through our websites (listed in the Introduction above), through our mailing list and email course sign-up forms, or via telephone, email, or other direct communications with us.
We also collect contact information from face-to-face contact such as attendance at conferences, training, or CPD events. Certain information is collected automatically when you visit our websites, as described later in this privacy notice.
What information do we collect
Web site visitors
Analytics
Most web site owners collect data on how their sites are used. Many approaches to analytics involve collection of personally identifiable information. We use Plausible Analytics, a carefully designed privacy-preserving analytics system. This gives us the high-level insight into use of our Site that we need, but collects no personally identifiable information.
Our analytics:
- does not use cookies,
- does not track you across your devices,
- does not track you across websites.
One secure identifier is generated to allow visitors on a given day to be distinguished, but these are reset once a day.
Because no personally identifiable information is collected and no cookies are used, the collection of this type of analytics is not controlled by cookie consent.
Server and infrastructure logs
When you visit our websites or download files from our services, our hosting infrastructure automatically records a log entry for each request. These logs are generated by our content delivery network (CDN) and, where applicable, our web application firewall (WAF).
Each log entry typically contains:
- your IP address;
- the URL you requested;
- the date and time of the request;
- the HTTP status code returned (e.g. 200, 404);
- your browser's user-agent string (browser type and operating system); and
- the referring URL, if any.
Purpose: We use these logs for security monitoring, detecting and investigating abuse or attacks, diagnosing errors, and understanding the operational performance of our infrastructure. We do not use them for marketing, advertising, or profiling.
Lawful basis: Legitimate interest. We have a legitimate interest in operating our services securely and reliably.
Retention: Logs are retained for 90 days and then automatically deleted.
Who can access them: Infrastructure logs are accessible only to Obvis Ltd. and its technical processor, Bill Harvey Associates Ltd., for the purposes above. They are not shared with other third parties.
Cookies
When you first visit obvis.com, a cookie banner is displayed allowing you to accept or decline non-essential cookies. The banner is provided by Finsweet Cookie Consent, a Webflow-compatible cookie control library.
The banner sets two cookies to store your consent choice (fs-cc and fs-cc-updated) so you are not shown the banner again on future visits. These are essential cookies — they are necessary for the banner to function correctly — and do not require your consent.
If you accept non-essential cookies, our support widget (HelpScout Beacon) is loaded. The widget does not appear to set cookies on obvis.com.
We do not set any analytics or marketing cookies on obvis.com. We do not run adverts on our websites and do not track you between our websites and third party sites.
Note that app.obvis.com is a separate site and does not display a cookie banner. The site sets no cookies.
help.obvis.com is hosted by HelpScout and does not display a cookie banner. The only cookie set on this site is PLAY_SESSION, an essential session cookie set by HelpScout's hosting platform to manage your browsing session. This cookie is necessary for the site to function and is outside Obvis's control. No analytics or tracking cookies are set on this site.
Contact forms
Our website includes training and product enquiry forms embedded in the site pages. When you submit a form, we collect your name, email address, and the content of your message.
Your submission is delivered to our team by email and is also logged in our website platform's forms dashboard. The platform stores your submission for a limited period before it is deleted.
Lawful basis for form submissions (name, email, message): Legitimate interest — responding to your enquiry.\ Processors: Webflow, Inc. (USA) — website platform, stores form submissions; HelpScout (USA) — receives form submissions and handles follow-up correspondence. See "Transfers of your personal information outside of the UK".
Support widget
We embed a support widget on obvis.com provided by HelpScout (Help Scout Inc., USA). This widget provides access to our help documentation and allows you to submit a support enquiry.
The widget is only loaded after you accept non-essential cookies via our cookie banner. If you browse our help articles within the widget and then submit an enquiry (whether a support or sales enquiry), we collect your name, email address, the content of your message, and a record of the articles you viewed within the widget during that session. This information is processed by HelpScout as our data processor and passed to our team to help us respond to your enquiry. The widget does not track your browsing on obvis.com outside the widget itself.
Lawful basis for loading the widget: Consent.\ Lawful basis for enquiry submissions (name, email, message, in-widget article history): Legitimate interest — responding to your enquiry.\ Processor: Help Scout Inc. (USA) — see "Transfers of your personal information outside of the UK".
Mailing list subscribers
If you subscribe to our Archie-M product news list, we collect your email address and, optionally, your name. Our sign-up form is provided by our mailing list platform, Drip (https://www.drip.com), which acts as a data processor on our behalf.
Subscription is by your affirmative opt-in action. Every email we send includes a one-click unsubscribe link. You may also request removal at any time by emailing privacy@obvis.com.
When we send emails, our mailing platform records data about delivery, including whether emails were opened and which links were clicked. Open tracking works by including a small invisible image in the email; when your email client loads the image, this is recorded by our platform along with a timestamp. Link tracking works by routing links through our platform's servers before redirecting you to the destination. These mechanisms allow us to understand the effectiveness of our communications and are standard practice in email marketing.
Sharing of data with third parties
Bill Harvey Associates Ltd.
Obvis Ltd. works closely with Bill Harvey Associates Ltd. (https://www.billharveyassociates.com). Bill Harvey Associates Ltd. acts as a data processor for Obvis Ltd., providing software development, infrastructure management, and support services, and therefore processes personal data on our behalf. This relationship is governed by a written data processing agreement in accordance with Article 28 of the UK GDPR.
Third party processors
To operate our site and provide our services, we make use of third party services. These include data storage and management services, mailing list management software, and cloud web servers. In the terminology of the UK GDPR and Data Protection Act 2018, these services are "data processors".
Our relationship with third party processors, and their processing of your personal data on our behalf, is governed by written data processing agreements in accordance with Article 28 of the UK GDPR. We remain the data controller in these cases.
Some of these services are located outside the UK. The transfer of data outside the UK is described below in the section "Transfers of your personal information outside of the UK".
Social media
Obvis Ltd. maintains a company page on LinkedIn. Where you interact with us on LinkedIn (for example, by following our page, liking or commenting on posts, or sending us a message), Obvis Ltd. and LinkedIn Ireland Unlimited Company may both act as data controllers for your personal data relating to those interactions. Please refer to LinkedIn's privacy policy for details of how LinkedIn processes your data.
Changes of Business Ownership and Control
In the event of a restructuring, merger, reorganisation, or sale of assets, we may transfer your personal data to a third party involved in the transaction (for example, a purchaser) in accordance with applicable data protection legislation. Any such recipient will be required to handle your personal data in accordance with applicable data protection law.
Law enforcement
We may disclose your data if we are legally obliged or entitled to do so (for example, if required to do so by court order) or for the purposes of identifying fraud or other crime.
Other third parties
We do not share your personally identifiable information with any third party other than as described in this section.
Links to third party sites
We may link from our sites or through our services to third parties. We cannot be responsible for the privacy notices and practices of these third parties. We recommend that you check the privacy notice for each site you visit. We do not pass personally identifiable information to third party sites when you follow links from our sites, and we do not advertise other companies' products or services in exchange for payment or data.
Transfers of your personal information outside of the UK
Some of our third party processors are located outside the UK. Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place as required by UK GDPR:
- European Economic Area (EEA) and countries covered by UK adequacy regulations: Transfers to the EEA (EU member states plus Norway, Iceland, and Liechtenstein) and to countries the UK government has recognised as providing an adequate level of data protection are permitted without additional safeguards.
- United States and other third countries: Where we use processors in countries not covered by a UK adequacy regulation, we rely on the UK International Data Transfer Agreement (IDTA) or the UK Addendum to EU Standard Contractual Clauses as the transfer mechanism, ensuring your data receives equivalent protection to that required under UK law.
The following processors involve transfers outside the UK:
| Processor | Location | Transfer basis |
|---|---|---|
| Webflow, Inc. | USA | UK IDTA (Schedule 4 of Webflow DPA, effective 15 Nov 2023 — deemed entered on acceptance) |
| Help Scout Inc. | USA | UK DPF Extension — Active (verified April 2026); EU SCCs Module 2 + UK IDTA (Annex C, ICO addendum B.1.0) as fallback. Auto-incorporated into ToS. |
| Drip (Drip Global, Inc.) | USA | UK DPF Extension — Active (Non-HR Data, verified April 2026); UK Addendum B.1.0 + EU SCCs as fallback. |
| Amazon Web Services (AWS) | USA / global | UK adequacy (AWS EU regions — data stored in EU); UK Addendum + SCCs as fallback for any US-region processing. |
Keeping our records accurate
We aim to keep our information about you as accurate as possible. If you would like to review or change the details you have supplied us with, please contact us as set out below.
How long we keep your data
We retain your personal data only for as long as is necessary for the purposes for which it was collected, or as required by law. In general:
- Server and infrastructure logs (IP addresses, request URLs, timestamps) are retained for 90 days.
- Website contact form submissions (name, email address, message) submitted via site forms are retained for up to one month in our website platform's forms dashboard, then automatically deleted on the 1st of each month. The enquiry as received in our support and sales inbox is retained as sales and enquiry correspondence — see below.
- Sales and general enquiry correspondence received via our support and sales inbox (including enquiries submitted through our website contact forms or help widget) is retained for up to 7 years from the date of last reply, then automatically deleted.
- Mailing list subscriber data is retained until you unsubscribe; suppression records are kept indefinitely to honour opt-out requests.
Legal basis of our processing
The UK GDPR requires that we have a clear legal basis for processing your personal data. To be open and transparent with you, here are the legal bases for our processing:
| Purpose | Lawful basis |
|---|---|
| To operate our websites and services securely and reliably; to detect and investigate security incidents and abuse (server and infrastructure logs). | Legitimate interest |
| To understand how our websites are used at an aggregate level in order to improve them (Plausible Analytics). | Legitimate interest |
| To communicate general news and information relating to Obvis Ltd. products and services, educational material, and other material likely to be of interest to subscribers (Archie-M mailing list). | Consent |
| To load our support and sales enquiry widget (HelpScout Beacon on obvis.com), which is only activated after you accept non-essential cookies. | Consent |
| To provide access to product documentation (help.obvis.com — HelpScout Docs). | Legitimate interest |
| To respond to support and sales enquiries submitted via our website help widget (HelpScout Beacon — name, email address, message content). | Legitimate interest |
| To respond to enquiries submitted via our website contact forms (name, email address, message content); to store those submissions temporarily in our website platform pending deletion. | Legitimate interest |
| To follow up with individuals we have met at conferences, training events, or CPD events, where those individuals have provided their contact details for that purpose. | Legitimate interest |
Automated Decision Making and Profiling
We do not use your personal data for the purposes of automated decision-making or profiling as those terms are defined under UK GDPR.
Sensitive information
We ask that you do not send us, and that you do not disclose, any sensitive personal data about yourself or anyone else (for example, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, or criminal background) when contacting us.
Children's Privacy
Our software products and services are intended for use by businesses and professionals. Our marketing and sales activities are not aimed at children.
Our public websites and mailing list are accessible to anyone, including children. It is possible that a child might subscribe to our mailing list — for example, if they wish to pursue a career in civil engineering and find the material we share interesting and educational. We have no way of knowing whether a particular visitor or subscriber is under 18, and we do not ask for date of birth.
If you are a concerned parent or legal guardian and wish to discuss the use of our services by a child, please contact us at privacy@obvis.com.
Your rights
Under UK GDPR you have rights in relation to your personal data, including the right to:
- access a copy of the personal data we hold about you;
- rectify inaccurate personal data;
- erase your personal data in certain circumstances;
- restrict processing of your personal data in certain circumstances;
- object to processing based on legitimate interest;
- data portability in certain circumstances; and
- complain to the Information Commissioner's Office (ico.org.uk) if you believe we are not handling your personal data in accordance with the law.
To exercise any of these rights, or for any other enquiry about our data practices, please contact us at privacy@obvis.com or write to Obvis Ltd., Melrose House, Pynes Hill, Rydon Lane, Exeter, EX2 5AZ. We will respond within one calendar month.
Changes to this notice
We may change this notice from time to time. When we do so we will post the changes on this page so that you are always aware of the information we collect, how we use it, and under what circumstances we would disclose it. Please check this page to ensure you are aware of the most recent version.
This notice was last updated on 2026-04-30.
This version published: 2026-04-30 (source commit e81c5a0148ee5ae682fe3bd3040b3648cdf50db2)