Privacy policy.
Plain English: we collect as little as we need, we don't sell it, we keep it encrypted, we delete what we can when we can, and you can ask us what we have on you at any time.
01Who is the controller.
[Company TBD], registered in [TBD] with company number [TBD]. ICO registration [TBD].
02What we collect.
| Category | Examples |
|---|---|
| Account | Name, email, phone, address, tax ID (contractors) |
| Verification | ID document scan (deleted after [TBD] days) |
| Activity | Leads claimed, pitches logged, outcomes, wallet history |
| Device | App version, device type, IP, crash reports |
| Client data | Business name, scraped public info, pitch outcomes |
03Why we collect it.
- To operate the platform (contract).
- To verify identities and prevent fraud (legal obligation / legitimate interest).
- To pay contractors and clients (contract).
- To improve the demo generator (legitimate interest — outcome data, de-identified).
04Who we share with.
Only our sub-processors, listed on our Security page. We don't sell data. We don't share for advertising.
05Retention.
- Account: for the life of the account + [TBD] years after closure (tax/audit).
- ID verification: [TBD] days after approval or decline.
- Pitch outcomes: indefinite but de-identified after [TBD].
- Wallet ledger: [TBD] years (legal requirement).
06Your rights.
Under UK GDPR you have the right to access, correct, delete, port, restrict, and object. Email dpo@salesflow.[TBD]. We reply within [TBD] days.
07International transfers.
Primary storage is UK/EU. Any transfer outside the UK uses Standard Contractual Clauses and, where applicable, UK Addendum.
08Contact.
Data Protection Officer: dpo@salesflow.[TBD]. You can also complain to the ICO at ico.org.uk, but we'd like a chance to put things right first.