Privacy Policy

Controller. [LEGAL ENTITY NAME], [REGISTERED ADDRESS], [CONTACT EMAIL]. This policy covers how we handle personal data under UK GDPR.

1. What we collect.

• Account/sign-in: your email address.
• Scan inputs: the business description, the website URL you submit, and your questionnaire answers.
• Scan outputs: the report we generate, stored so you can return to it.
• Payment: handled by Stripe. We receive confirmation a payment succeeded and limited transaction metadata; we do not see or store your full card details.
• Technical: standard logs (e.g. IP address, basic request data) for security and to run the service.

2. Why, and our legal basis.

• To provide the scan you purchased and show your report — performance of a contract.
• To take payment — contract.
• To keep the service secure and prevent abuse (e.g. rate limiting) — legitimate interests.
• To respond to you — legitimate interests.

3. Who we share it with (processors). We use trusted providers to run Northstar: Stripe (payments), Anthropic (the AI that generates the report — your inputs and the submitted site text are sent to it for processing), Vercel (hosting) and Neon (database)[, and [EMAIL PROVIDER] for emails]. Some of these process data outside the UK/EU (e.g. the United States) under appropriate safeguards such as standard contractual clauses.

4. Retention. We keep your account and scan data while your account is active or as needed to provide the service and meet legal/accounting obligations, then delete or anonymise it.

5. Your rights. You can ask to access, correct, delete, or get a copy of your data, or object to/restrict certain processing. Email [CONTACT EMAIL]. You can also complain to the UK Information Commissioner’s Office (ico.org.uk).

6. Cookies. We use only the cookies needed to run the site and keep you signed in. [Update this if you add analytics.]

7. Changes. We’ll post any updates here with a new date.