Is Private.Ki GDPR‑UK compliant?

Yes. Although our service is not based in the United Kingdom, Private.Ki is compliant with the UK GDPR (United Kingdom General Data Protection Regulation) and the UK Data Protection Act 2018.

In practice, UK GDPR is nearly identical to the EU’s GDPR, with the main difference being it is enforced by the UK’s Information Commissioner’s Office (ICO) rather than EU authorities. Since Private.Ki already aligns with EU GDPR principles, we also naturally align with UK data protection requirements.

UK users can expect the same level of privacy and protection of their data, for example:

  • Lawful Basis and Consent: We ensure that we have a lawful basis for processing any personal data, just as required under UK law. Typically, the basis is that you, the Private.Ki user, have consented to use our service and we process your data to provide that service (encrypted email and chat). We do not do anything with your data beyond providing the service unless you explicitly opt-in (for example, if you sign up for an update newsletter, that’s by choice).

  • Data Minimization: Private.Ki collects the bare minimum information needed. This is a key principle of the UK GDPR. For instance, we do not require a full name or postal address to create an account. We only require a username and password (and maybe a passphrase). But we don't even know your password or your passphrase - so the only thing we really know about you is your username. Any optional information (like a recovery email) is just that – optional. By minimizing data, we reduce risk and comply with the requirement to process only data that is necessary.

  • Security Measures: The UK GDPR, like the EU GDPR, expects organizations to take appropriate technical and organizational measures to secure personal data. We use state-of-the-art encryption and security practices to safeguard data. This means that any personal data (such as the content of communications, which is indeed personal data when it relates to identified or identifiable individuals) is extremely well-protected. All your data on Private.Ki is encrypted, we could not decrypt it even if we wanted to. (But why would we? We're a privacy service, so we don't want your data.)

In summary, Private.Ki treats UK user data with the same high standards as EU user data. We essentially apply a universal privacy-protective policy that meets or exceeds GDPR/UK GDPR standards across all our users.

UK GDPR compliance is not an afterthought for us – it’s built into how Private.Ki operates. Our commitment to privacy isn’t limited by region; it’s a foundational principle. Users in the UK can confidently use Private.Ki knowing that we respect UK data protection law and, more importantly, we respect your privacy as a fundamental right.