O
Operate Legal
§ Privacy

Privacy policy.

In plain English. What data we collect, why, how long we keep it, who we share it with, and what you can do about it.

Last updated: April 2026

Who we are

Operate Legal is operated by Techsperience (techsperience.co.uk), a UK legal-tech support company. Techsperience is the data controller for personal data collected through this website.

For privacy questions, email hello@operate.legal. We aim to respond within 5 working days.

What we collect, and why

The honest list. We don’t collect anything we don’t need.

Account data

When you create a free account: your email address. If you choose to add them: your firm name, phone number, first and last name, role, firm size. You can update these or remove them in your account at any time.

Lawful basis: contract performance — we need this to give you the account you signed up for.

Firm KPI submissions

If you fill in the Firm Health Check or the Member / Pro dashboards, we store the numbers you entered. These are linked to your account so you can see your own history.

Lawful basis: contract performance — you submitted the data so we could compute your dashboard and benchmarks.

Aggregation:we use anonymised, aggregated KPI data to compute peer benchmarks. The benchmark service never returns another firm’s row; it returns medians and quartiles only, gated behind a minimum cohort size of 8 firms.

Operator applications

If you apply to join the Operators peer group: name, email, firm, role, firm size, and your free-text answer about what you’re trying to improve.

Lawful basis: consent (you submitted the application).

Comments and invites

Comments you submit on library articles — your name and firm appear publicly alongside the comment if approved. Invites you send — the recipient’s email and name, kept so we can track conversion and so you can see your own send history.

Page views (analytics)

When you visit a page, we record: the path (e.g. /library), a hashed version of your IP address (HMAC-SHA256, truncated — not reversible to the original IP), your browser’s User-Agent string, and the referrer if any. If you’re signed in, we also link the row to your user ID.

Lawful basis: legitimate interest in understanding which content is useful, with safeguards (no raw IPs, no cookies set by us for this).

Sessions and devices

When you sign in, we create a session record per device with: User-Agent string (capped at 500 characters), the same hashed IP, and timestamps. You can see and revoke your active sessions in your account.

Email

When we send you email (sign-in link, welcome, newsletter, comment notifications, etc.) we keep an audit record of when it was sent and to which address. Newsletter sends are logged with subject and content for compliance with electronic-marketing rules.

Cookies

We use the smallest set of cookies that lets the site work. Use the link to change your choices at any time.

Strictly necessary (always on)

  • operate-legal-session — keeps you signed in. HttpOnly, Secure, SameSite=Lax. Lasts up to 30 days for persistent sign-in or until the browser closes for session-only sign-in.
  • operate-legal-consent— remembers your cookie preferences so we don’t ask again on every page. Lasts 1 year.

These don’t need consent under UK PECR — they’re required for the site to function and for the consent tool itself to work.

Analytics (opt-in)

When you opt in: Google Analytics 4 (_ga, _ga_*). Used to count visits, see which articles get read, and measure where visitors come from. Loaded with Google’s Consent Mode v2; if you decline, the script still loads but sends only anonymous “ping” signals — no cookies are set, no individual identifiers leave your browser.

Marketing (opt-in)

Currently not in use. The category exists in the consent tool so the choice is recorded if we add anything later — switching it on today doesn’t activate any marketing scripts.

Who we share data with

Short list. We try to keep it short.

  • Our hosting and database providers — Postgres database hosted on UK infrastructure. They process data on our instructions only.
  • Email relay — IP-based SMTP relay we operate ourselves; no third-party email provider sees the messages.
  • Google (Analytics) — only if you opted in. Google receives anonymised pageview data under their standard data-processing terms.

We do not sell personal data. We do not share it with advertisers, data brokers, or anyone outside the providers above.

How long we keep it

  • Account and profile data: until you delete the account, plus 30 days for backup retention. Email hello@operate.legal if you want your account removed.
  • KPI submissions: kept for as long as the account exists. Aggregated peer-benchmark contributions remain in the cohort even if you delete — the contribution is anonymous and not reversible to you.
  • Page views: 24 months, then deleted.
  • Sessions: 30 days after the last login, then deleted.
  • Email logs: 24 months for compliance.
  • Operator applications: kept for the duration of any active conversation; declined applications are deleted after 12 months.

Where we store it

All data is stored on UK-based infrastructure. We do not transfer personal data outside the UK except, when you opt in to analytics, to Google in line with their UK adequacy arrangements.

Your rights

Under the UK GDPR, you have the right to:

  • Access — ask for a copy of the personal data we hold about you.
  • Rectification — ask us to correct anything wrong. You can edit most of this yourself in your account.
  • Erasure — ask us to delete your personal data. We will, except where we have a legal obligation to keep it.
  • Restriction — ask us to stop processing your data while a question is being resolved.
  • Portability — ask for a copy of your data in a common format you can take elsewhere.
  • Object — to processing based on legitimate interest (e.g. our analytics).
  • Withdraw consent— at any time, for anything we’re processing on the basis of consent. The newsletter unsubscribe link is one such mechanism; the cookie banner is another.

To exercise any of these rights, email hello@operate.legal. We’ll respond within one calendar month.

Complaints

If you’re not happy with how we’re handling your data, we’d rather hear from you first — but you have the right to complain to the Information Commissioner’s Office (ICO). Their helpline: 0303 123 1113.

Automated decision-making

We don’t do any. Your KPI dashboard insights are rule-based suggestions, not automated decisions in the GDPR sense — they don’t affect anything outside your own dashboard view.

Children

The site is not intended for under-18s. We don’t knowingly collect data from anyone under 18.

Changes to this policy

We’ll update the “Last updated” date at the top when we change anything material. If the changes affect what cookies we set or how we use your data, we’ll re-prompt for consent.

Contact

Techsperience
Email: hello@operate.legal
Web: techsperience.co.uk

← Back to the site