Privacy Policy

This policy explains how AlgoGrass Ltd collects, uses, and protects your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Company name: AlgoGrass Ltd

Registered in: England and Wales

Registered address: 5 Jupp Road West, London, E15 2HS

Email: privacy@algograss.co.uk

AlgoGrass Ltd is the data controller for personal data collected through algograss.co.uk and the AlgoGrass compliance platform.

Account data: Name, email address, password (stored as a one-way hash), company name, website URL.

Billing data: Email address, billing name, billing address, and payment method details. Card data is processed and stored by Stripe — we never see or store your full card number.

Usage data: Pages visited, compliance scans run, documents generated, features used, and timestamps of activity.

Technical data: IP address, browser type, device type, operating system, referral source.

Scan data: The website URLs you submit for compliance scanning and the results generated.

Communications: Emails you send to us and any support requests.

To provide the service (Contract — Art. 6(1)(b)): Creating and managing your account, running compliance scans, generating compliance documents, processing payments, sending service emails (receipts, plan confirmations).

Legitimate interests (Art. 6(1)(f)): Improving the platform, detecting and preventing fraud and abuse, monitoring platform performance and security, anonymised analytics to understand feature usage.

Legal obligation (Art. 6(1)(c)): Keeping billing records as required by HMRC, responding to lawful requests from authorities.

Consent (Art. 6(1)(a)): Marketing emails and non-essential analytics cookies — only where you have given explicit consent which you can withdraw at any time.

Account data: For the duration of your account plus 2 years after closure.

Billing records: 7 years as required by HMRC.

Scan results: 12 months from date of scan, then automatically deleted.

Usage/activity logs: 6 months.

Email communications: 3 years.

When your account is deleted, we remove your personal data within 30 days, except where legal retention obligations apply.

We do not sell your personal data. We share it only with the following trusted processors who are contractually bound to protect it:

We may also disclose data to law enforcement or regulatory authorities where required by law.

Some of our processors (Stripe, Vercel, Resend, Anthropic) are based in the USA. Transfers are protected by Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office, providing equivalent protection to UK GDPR.

You have the following rights over your personal data:

To exercise any right, email privacy@algograss.co.uk. We respond within 30 days.

We use essential cookies to keep you logged in and the platform secure. With your consent, we also use analytics cookies to improve the service. See our Cookie Policy for full details.

We protect your data using HTTPS encryption, hashed passwords, secure HTTP headers (CSP, HSTS, X-Frame-Options), access controls, and regular security reviews. No system is 100% secure — if you believe your data has been compromised, contact us immediately at privacy@algograss.co.uk.

AlgoGrass is a business-to-business service intended for adults (18+). We do not knowingly collect data from children. If you believe a child has provided us with data, please contact us and we will delete it promptly.

We may update this policy from time to time. We will notify you by email and update the "Last updated" date above. Continued use of AlgoGrass after changes constitutes acceptance.

For any privacy questions or to exercise your rights: privacy@algograss.co.uk

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

🌐 ico.org.uk · 📞 0303 123 1113 · Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF