Last updated: Jan 2026
Staylo (“we”, “us”, “our”) is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect personal information when you use our website or services.
We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Business Name: staylo
Services Provided: Professional address services, mail handling, and related compliance services
Data Controller: staylo
Registered Address: 105A High Street, Bedford, MK40 1NE
Company Number 16887452
We are:
Registered with the Information Commissioner’s Office (ICO) (registration number is XXX)
Supervised by HMRC for Anti-Money Laundering (AML) – Registration Number XNML00000216266
We may collect and process the following types of personal data:
Full name
Date of birth
Photograph / selfie
Government-issued ID (passport or driving licence)
Proof of address
(Required to meet AML and KYC legal obligations)
Email address
Phone number
Correspondence address
Company name
Company number
Director details
Registered office or service address details
Sender name
Envelope details
Scan images of mail (where scanning is selected)
IP address
Browser type
Pages visited
Cookies (see Cookie Policy)
We only process personal data where there is a lawful reason, including:
Legal obligation (AML, KYC, Companies House, HMRC requirements)
Contractual necessity (to provide our services)
Legitimate interests (service improvement, fraud prevention)
Consent (where explicitly given, such as marketing emails)
We use your data to:
Verify identity and comply with AML regulations
Provide address and mail handling services
Scan, forward, or store mail as instructed
Communicate with you about your account
Maintain accurate records for regulatory purposes
Improve our services and website functionality
We take data security seriously and use:
Encrypted systems and secure servers
Restricted staff access on a need-to-know basis
Secure third-party verification providers
Regular data protection reviews
Physical mail is stored securely in controlled-access premises.
We do not sell your data.
We may share personal data only where necessary with:
Identity verification providers (KYC / ID checks)
HMRC, Companies House, or law enforcement (where legally required)
IT and secure hosting providers
All third parties are contractually required to protect your data.
We retain personal data:
For the duration of your service
For 5 years after the end of the business relationship, where required by AML regulations
Longer only where legally required
Mail scans and documents are deleted in line with our retention schedule unless extended storage is requested.
Under UK GDPR, you have the right to:
Access your personal data
Correct inaccurate data
Request deletion (where legally permitted)
Restrict or object to processing
Data portability
Withdraw consent (where applicable)
Requests can be made by contacting us using the details above.
All clients using our services are required to provide proof of identity and address.
This is a legal requirement under UK Anti-Money Laundering regulations and applies to all address and mail services we provide.
Our website uses cookies to improve functionality and user experience.
For full details, please see our Cookie Policy.
If you have concerns about how your data is handled, please contact us first.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.
We may update this Privacy Policy from time to time.
The latest version will always be available on our website.