Privacy Policy

Last Updated: November 2025

Introduction

Scorchsoft Limited ("we," "our," or "us") operates StartupTools. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Information We Collect

Information You Provide

  • Account Information: Email address, name, company name, country, VAT number
  • Payment Information: Processed securely through Stripe (we do not store credit card details)
  • Content: Ideas, wireframes, documents, and other content you create using our tools

Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent, interactions
  • Device Information: IP address, browser type, operating system
  • Cookies: Session cookies for authentication and functionality

How We Use Your Information

We use your information to:

  • Provide and maintain our services
  • Process payments and manage subscriptions
  • Send transactional emails (receipts, password resets, service updates)
  • Improve our platform and develop new features
  • Prevent fraud and ensure security
  • Comply with legal obligations

Data Storage and Security

  • Data is stored on secure servers in the European Union
  • We use industry-standard encryption (HTTPS/TLS)
  • Regular security audits and updates
  • Access controls and authentication requirements
  • Automated backups with encryption

Sharing Your Information

We do not sell your personal information. We may share data with:

  • Stripe: For payment processing
  • OpenAI/Anthropic/Google: For AI features (content only, no personal data)
  • Email Service: For transactional emails
  • Legal Requirements: When required by law or to protect our rights

Your Rights (GDPR)

If you are in the EU/UK, you have the right to:

Right to Access

Request a copy of all personal data we hold about you, including account information, usage history, and content you've created.

Right to Rectification

Request correction of inaccurate or incomplete personal data.

Right to Erasure (Right to be Forgotten)

Request deletion of your personal data. This includes: - Your account and profile information - Content you've created (ideas, wireframes, documents, chat history) - Usage data and analytics associated with your account - Any other personal information we hold

Important Notes on Erasure:

  • Some data may be retained for legal compliance (e.g., transaction records for tax purposes)
  • Data in encrypted backups will be deleted once those backups are overwritten (within 90 days)
  • Anonymized or aggregated data that cannot identify you may be retained for analytics

Right to Restrict Processing

Request that we limit how we use your data while we investigate a concern you've raised.

Right to Data Portability

Request your data in a structured, commonly used format (JSON or CSV) to transfer to another service.

Right to Object

Object to processing of your data for direct marketing or other purposes based on legitimate interests.

Right to Withdraw Consent

Withdraw your consent at any time for processing activities that require consent.

How to Exercise Your Rights

To exercise any of these rights, please email us at: [email protected]

Include in your request:

  • Your full name and email address associated with your account
  • The specific right you wish to exercise (e.g., "Right to Erasure")
  • Any additional details to help us process your request

Our Response Timeline:

  • We will acknowledge your request within 5 Business Days
  • We will fulfill your request within 30 days (as required by GDPR)
  • If we need more time, we will inform you and explain why

For Right to Erasure Requests:

  1. We will verify your identity to protect your data
  2. We will delete all personal data from active systems within 7 days
  3. You will receive confirmation once deletion is complete
  4. Data in backups will be permanently deleted within 90 days as backups are rotated

If you are not satisfied with how we handle your request, you have the right to lodge a complaint with your local data protection authority:

  • UK: Information Commissioner's Office (ICO) - ico.org.uk
  • EU: Your local supervisory authority

Data Retention

  • Account data: Retained while your account is active
  • Deleted accounts: Data erased within 30 days
  • Transaction records: Retained for 7 years (legal requirement)
  • Backups: Overwritten within 90 days

Children's Privacy

Our service is not intended for users under 18. We do not knowingly collect data from children.

International Data Transfers

If you access our service from outside the EU, your data may be transferred to EU servers. We ensure adequate safeguards are in place.

Changes to This Policy

We may update this Privacy Policy. We will notify you of significant changes via email or a prominent notice on our website.

Contact Us

For privacy questions or to exercise your rights:

  • Email: [email protected]
  • Registerred Address: Scorchsoft Ltd, 13 Portland Road, Edgbaston, Birmingham, B16 9HN
    • Company Number: 07246693
  • VAT Registration Number: GB124720540
  • Data Protection Officer: [email protected]
Back to Home