Privacy Policy

Last updated: 20 March 2026

1. Who we are

LAMA ERP ("we", "us", "our") is a software company based in the United Kingdom. We develop and distribute LAMA ERP, a self-hosted business management system. Our registered address and contact details are listed on our Contact page.

We are a data controller for the personal data we collect through this website (lama-erp.com). LAMA ERP software itself is self-hosted — your business data never passes through our systems.

2. Data we collect on this website

Information you provide

  • Contact form submissions: name, email address, company name, subject and message content
  • Purchase information: name, email, billing address, company name collected when you purchase a licence

Information collected automatically

  • Server logs: IP address, browser user agent, pages visited, timestamps — retained for up to 30 days for security purposes
  • Analytics: if you have not opted out, we use Google Analytics to understand aggregate website traffic (no personally identifiable data is sent)

LAMA ERP licence verification

When your installed copy of LAMA ERP performs a licence check, it sends your licence key, installation domain, software version and IP address to our API. This is used solely to verify your licence is valid and to deliver software updates.

3. How we use your data

  • To respond to contact form enquiries
  • To issue and manage software licences
  • To deliver software updates to licensed installations
  • To send transactional emails (licence keys, invoices, support replies)
  • To improve our website and product (aggregate analytics only)
  • To comply with our legal obligations

We do not sell, rent or share your personal data with third parties for marketing purposes.

4. Legal basis for processing

  • Contract performance: processing licence purchases and delivering software
  • Legitimate interests: responding to enquiries, fraud prevention, security monitoring
  • Legal obligation: maintaining records for tax and accounting purposes
  • Consent: analytics (where applicable)

5. Data retention

  • Contact enquiries: 3 years from last contact
  • Customer and licence records: 7 years (UK tax law requirement)
  • Server access logs: 30 days
  • Analytics data: controlled by Google Analytics (typically 26 months)

6. Your rights under UK GDPR

You have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate data
  • Erasure ("right to be forgotten") subject to legal retention requirements
  • Restrict processing in certain circumstances
  • Data portability — receive your data in a machine-readable format
  • Object to processing based on legitimate interests
  • Withdraw consent at any time where consent is the legal basis

To exercise any of these rights, please contact us. We will respond within 30 days.

You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk if you believe we have not handled your data correctly.

7. Cookies

This website uses:

  • Session cookie: a strictly necessary cookie to maintain your session state (e.g. after submitting a form). This is essential for the site to work and cannot be disabled.
  • Analytics cookies: Google Analytics cookies (_ga, _gid) to understand aggregate traffic patterns. You can opt out by using a browser ad-blocker or the Google Analytics opt-out browser add-on.

We do not use advertising cookies or sell data to ad networks.

8. Third-party services

  • Google Analytics: website traffic analysis (data processed in the EU/UK under Standard Contractual Clauses)
  • Stripe: payment processing (PCI DSS Level 1 certified — we never see your full card details)
  • SMTP email provider: transactional emails sent via our configured SMTP server

9. Security

We take appropriate technical and organisational measures to protect your personal data, including HTTPS encryption, password hashing, prepared SQL statements, and regular security reviews.

10. Changes to this policy

We may update this policy periodically. The "last updated" date at the top of this page will reflect any changes. Significant changes will be communicated to active customers by email.

11. Contact

For any data protection queries, please contact us or write to the address on our contact page.