Privacy Policy | Two Point Technologies

Two Point Technologies (operating as Osaka Labs LLC DBA) takes your privacy seriously. This policy explains what data we collect, why we collect it, and how we handle it — across our website at 2pttech.com and our operations in New York and London.

Who we are

Two Point Technologies is operated by Osaka Labs LLC, doing business as Two Point Technologies ("2PT", "we", "us", "our"). We are a strategic commerce consultancy with offices at:

New York: 447 Broadway, New York, NY 10013, United States
London: 45 Fitzroy Street, Fitzrovia, London, W1T 6EB, United Kingdom

For the purposes of UK GDPR, Two Point Technologies is the data controller for personal data collected through this website. For enquiries, contact us at hello@2pttech.com.

What data we collect

We only collect what we need. Depending on how you interact with us, this may include:

Contact information — name, email address, and any message content when you reach out to us via our contact form or email.
Usage data — pages visited, time on site, referring URLs, browser type, and device information, collected via Vercel Analytics on an anonymised basis.
Communications — records of email or other correspondence you initiate with us, for the purposes of responding to your enquiry.
Cookies — see Section 06 for full details on cookies we use.

We do not collect sensitive personal data and we do not purchase, rent, or acquire personal data from third-party sources.

How we use your data

We use the data we collect to:

Respond to your enquiries and communicate with you about potential or existing engagements.
Understand how our website is used so we can improve it — using anonymised, aggregated analytics only.
Comply with legal obligations applicable to us in the UK and United States.
Protect the security and integrity of our systems and operations.

We do not use your data for automated decision-making, profiling, or any purpose other than those stated here.

Legal basis for processing (UK & EU)

For individuals in the United Kingdom or European Economic Area, our legal basis for processing personal data is:

Legitimate interests — responding to enquiries, operating and improving our website, and managing our business relationships.
Contractual necessity — where processing is required to fulfil a contract or take steps prior to entering one.
Legal obligation — where we are required to process data to comply with applicable law.
Consent — where you have explicitly provided consent, such as for optional communications. You may withdraw consent at any time.

Who we share data with

We do not sell your personal data. We may share data with trusted third-party service providers who help us operate our business, including:

Vercel — website hosting and anonymised analytics. Data processed in accordance with Vercel's Privacy Policy.
Google Workspace — email and document management. Data processed in accordance with Google's Privacy Policy.
Box — secure file storage and sharing. Data processed in accordance with Box's Privacy Policy.

All third-party providers are contractually required to handle your data in compliance with applicable law and only for the purposes we specify. We do not transfer your personal data outside the UK or EEA without appropriate safeguards in place.

Cookies

Our website uses a minimal set of cookies. We do not use advertising or tracking cookies.

Essential cookies — required for the website to function correctly. These cannot be disabled.
Analytics cookies — set by Vercel Analytics to collect anonymised usage data. No personally identifiable information is captured. These can be disabled in your browser settings.

You can control cookies through your browser settings. Disabling cookies may affect your experience on our website.

How long we keep your data

We retain personal data only for as long as necessary for the purposes set out in this policy:

Enquiry and contact data — up to 2 years from the date of last contact, unless an ongoing business relationship exists.
Client-related data — retained for the duration of the engagement and for up to 7 years thereafter, in line with legal and tax obligations.
Website analytics data — anonymised and aggregated; no retention limit applies as no personal data is stored.

When data is no longer required, it is securely deleted or anonymised.

Your rights

Depending on your location, you may have the following rights regarding your personal data:

Access — request a copy of the personal data we hold about you.
Rectification — request correction of inaccurate or incomplete data.
Erasure — request deletion of your personal data where there is no legitimate reason for us to continue processing it.
Restriction — request that we restrict processing of your data in certain circumstances.
Portability — request transfer of your data to you or a third party in a structured, machine-readable format.
Objection — object to processing based on legitimate interests or for direct marketing purposes.
Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting prior processing.

California residents may also have rights under the California Consumer Privacy Act (CCPA), including the right to know, delete, and opt out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, contact us at the details below. We will respond within 30 days.

Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. Access to personal data is restricted to authorised personnel only.

While we take security seriously, no method of transmission over the internet is completely secure. If you have concerns about the security of your data, please contact us immediately.

Changes to this policy

We may update this Privacy Policy from time to time. The date at the top of this page reflects when it was last revised. We encourage you to review this page periodically. Continued use of our website following any changes constitutes your acceptance of the revised policy.

Contact & complaints

For any questions about this policy or to exercise your rights, please get in touch:

hello@2pttech.com

New York

447 Broadway
New York, NY 10013

London

45 Fitzroy Street
Fitzrovia, London W1T 6EB

Response time

Within 30 days of receipt

If you are in the UK and are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk. If you are in the EEA, you may contact your local data protection authority.

PrivacyPolicy