Privacy Policy

Effective date: 01 October 2025

1. Introduction

We respect your privacy. This Privacy Policy explains what personal data we collect, why we use it, how long we keep it, and how you can exercise your rights when using foconta.co.uk and related services (the “Service”).

  • Controller: THE COMPANY YOU NEED LTD (Company No. 15967968), 31 Auctioneers Way, Northampton, United Kingdom, NN1 1HF (“Foconta”, “we”, “us”, “our”).
  • Contact: info@foconta.co.uk
  • Scope & age: This Policy applies to Users of the Service. The Service is intended for individuals 18+.

2. Personal Data We Collect

We collect only what we need to operate, secure, and improve the Service.

2.1. Data You Provide Directly

Special category data: We do not ask for special category data. If you voluntarily include such data in prompts/uploads (e.g., beliefs, health, political opinions), we will process it only to deliver the requested feature/output and only with your consent (see §3.2).

  • Name (or display name) and contact details (e.g., email).
  • Account credentials (stored securely in hashed form).
  • Billing details (billing address; optional VAT information for invoicing).
  • Business and project inputs for plan generation (e.g., industry, target markets, competitive notes, goals, milestones, KPIs, financial assumptions, keywords, audience persona, timelines).
  • Files and user-generated content (UGC) you upload (e.g., spreadsheets, briefs, pitch decks, brand assets).
  • Support requests and communications with us.

2.2. Data Collected Automatically

  • IP address, device and browser information, operating system, timezone, language.
  • Access and security telemetry (e.g., login attempts, anti-abuse signals).
  • Usage data: page views, clicks, token purchases/redemptions, generation attempts, delivery/open events, error logs, and aggregate performance metrics.

2.3. Data from Third Parties (as needed)

  • Payment processors: transaction references and status (we do not receive full card numbers).
  • Fraud/abuse-prevention providers: risk and verification signals.
  • Professional advisers: where needed for legal, tax, or compliance purposes.

2.4. User-Generated Content (UGC)

Outputs or materials you upload or generate may contain personal data about you or others. You are responsible for having the necessary rights, notices, and lawful basis for any third-party data contained in your UGC.

3. Why We Process Your Data & Legal Bases (UK GDPR)

We process personal data under the UK GDPR and the Data Protection Act 2018 on the following legal bases:

3.1. Performance of a Contract

  • To create and maintain your Account.
  • To process token top-ups and deliver digital outputs (business plans, reports, spreadsheets, PDFs, presentations).
  • To provide customer support and handle refunds/queries.

3.2. Consent (including special category data)

You may withdraw consent at any time via account settings or by contacting us (see §12). Withdrawal does not affect the lawfulness of prior processing and may reduce output relevance.

  • To use any special category data you voluntarily include in prompts or uploads.
  • To send marketing emails/newsletters where you opt in.
  • To use your content/feedback for model improvement where you opt in.

3.3. Legitimate Interests

  • To keep the Service secure (fraud detection, abuse prevention, logging, rate-limiting).
  • To measure and improve performance and user experience (aggregated/pseudonymised analytics where possible).
  • To communicate important, non-marketing updates about the Service.
  • For business customer outreach related to your existing or potential use of the Service, subject to your rights to object (see §8).

3.4. Legal Obligation

  • Tax, accounting, and compliance record-keeping.
  • Responding to lawful requests from public authorities.

4. AI, Profiling and Automated Decisions

  • The Service uses AI to generate outputs based on your inputs. This involves automated processing and limited profiling to tailor business plans, financial assumptions, timelines, and similar assets to your goals and constraints.
  • We do not make legal or similarly significant decisions about you solely by automated means.
  • You can choose not to provide certain inputs; outputs may then be less relevant. You may request human review of any support outcome at any time.

5. Sharing and International Transfers

  • Payment processing: card acquirers/processors (e.g., Visa/Mastercard providers) – we receive transaction references/status, not full card details.
  • Hosting & IT: secure cloud infrastructure, CDNs, storage and backups.
  • Product & support tooling: analytics (aggregated/pseudonymised where feasible), helpdesk, email delivery, error tracking, A/B testing.
  • Professional advisers: legal, accounting, and compliance (where required).
  • Some providers may be located outside the UK/EEA. Where transfers occur, we implement appropriate safeguards, such as UK adequacy regulations, UK/EU Standard Contractual Clauses (SCCs), and supplementary measures where appropriate.
  • We do not sell your personal data.

6. Cookies and Similar Technologies

We use cookies and similar technologies (including localStorage/sessionStorage) to run the Service, remember preferences, measure performance, and—where you consent—enable analytics/marketing. Essential cookies are necessary for core functionality and security. For details and controls, please see our Cookies Policy (linked in the site footer).

7. Retention

  • Orders, tokens & transactions: at least 24 months, and up to 6 years where disputes, tax, or enterprise records require.
  • Account & profile data (incl. business preferences): while your Account is active and for a reasonable period after closure (typically up to 24 months), unless longer is required for legal or security reasons.
  • Logs & security telemetry: typically 6–24 months, depending on purpose and risk.
  • Where feasible, we minimise, pseudonymise, or anonymise data and then securely delete it.

8. Your Rights

How to exercise: email info@foconta.co.uk from your Account email. We may request proof of identity. We aim to respond within one month (extendable by up to two months for complex requests, with notice).

  • Access your data;
  • Rectification of inaccurate data;
  • Erasure ('right to be forgotten');
  • Restriction of processing;
  • Data portability;
  • Object to processing based on legitimate interests (including direct marketing);
  • Withdraw consent at any time (for marketing, any special-category data you provided, and model-improvement opt-ins).

9. Security

No system is 100% secure. We continuously improve our controls and promptly investigate incidents.

  • Access controls, role-based permissions, and MFA for admin interfaces.
  • Encryption in transit (HTTPS/TLS) and at rest where applicable.
  • Network segregation, firewalls, and regular backups.
  • Logging/monitoring and incident-response procedures.
  • Vendor due diligence and contractual safeguards for processors.

10. Children’s Data

The Service is for users 18+. We do not knowingly collect data from children. If you believe a child has provided data to us, contact info@foconta.co.uk so we can delete it.

11. Changes to this Policy

We may update this Policy from time to time. Material changes will be notified by email and/or a prominent in-product notice. Updates apply prospectively.

12. Contact & Complaints

  • Controller: THE COMPANY YOU NEED LTD
  • Address: 31 Auctioneers Way, Northampton, United Kingdom, NN1 1HF
  • Email (privacy): info@foconta.co.uk
  • If you are not satisfied with our response, you can lodge a complaint with the UK Information Commissioner’s Office (ICO). If you are an EU resident, you may also have the right to complain to your local supervisory authority.