Privacy Policy

Last updated: April 2026

1. Data Controller

Auldric Ltd ("we", "us", "our") is the data controller responsible for your personal data. We are registered in England and Wales.

2. Data We Collect

We collect the following categories of personal data:

  • Account data: name, email address, and authentication credentials.
  • Usage data: feature usage, token consumption, and session activity.
  • Payment data: processed securely by Stripe. We do not store card details.
  • Technical data: IP address, browser type, and device information.

3. Legal Basis for Processing

We process your data under the following legal bases: performance of a contract (providing the Service), legitimate interests (improving the Service), and consent (marketing communications).

4. How We Use Your Data

  • To provide and maintain the Service
  • To process payments and manage subscriptions
  • To communicate with you about your account
  • To improve and develop the Service
  • To comply with legal obligations

5. Data Sharing

We share data with the following third parties:

  • Stripe: payment processing
  • Clerk: authentication
  • Neon: database hosting
  • OpenAI: AI model execution (project data is processed but not retained for training)

We do not sell your personal data.

6. Data Retention

We retain your personal data for as long as your account is active. Upon account deletion, data is purged within 30 days, except where retention is required by law.

7. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure ("right to be forgotten")
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time

To exercise any of these rights, contact us at privacy@auldric.com.

8. Cookies

We use essential cookies required for the Service to function. We do not use advertising or tracking cookies. Analytics cookies may be introduced in future with explicit consent.

9. Security

We implement industry-standard security measures including encryption in transit (TLS 1.3), encryption at rest, and access controls. All infrastructure is hosted on Fly.io with data residency in the UK/EU.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email at least 30 days before they take effect.

11. Contact

For privacy-related enquiries, contact us at privacy@auldric.com.