Privacy Notice

Last updated: 17/02/2026

1. Controller and Contact Details

Controller: FounderScale Ltd
Contact: [email protected]
Registered office: [Address to be provided]
Company no: [Company number to be provided]

2. What Personal Data We Collect

We may process the following categories of personal data:

  • Account/contact data: Name, email address, company name, job title
  • Assessment responses: Your answers to assessment questions and maturity scores
  • Chat content: Messages you send to our AI chatbots (which may include personal data if you choose to include it)
  • Technical data: IP address, device/browser information, timestamps, usage logs
  • Communications: If you contact us for support or inquiries

Important: Please do not include special category data (health, biometrics, race/ethnicity, religion, sexual orientation) or confidential business information in your chatbot conversations.

3. Why We Process Data and Our Lawful Bases (UK GDPR)

We process personal data for the following purposes:

A) Providing the Service

Responding to assessment questions, generating maturity insights, and delivering AI chatbot responses.

Lawful basis: Performance of a contract (Art. 6(1)(b)) or steps at your request pre-contract.

B) Security, Fraud Prevention, and Service Integrity

Monitoring for abuse, detecting security threats, and maintaining service quality.

Lawful basis: Legitimate interests (Art. 6(1)(f)).

C) Improving and Developing the Service

Analytics, debugging, quality improvements, and model refinement using aggregated/de-identified data.

Lawful basis: Legitimate interests (Art. 6(1)(f)) and/or consent where required.

D) Legal and Compliance Obligations

Responding to lawful requests, record keeping, and regulatory compliance.

Lawful basis: Legal obligation (Art. 6(1)(c)) and/or legitimate interests.

4. Special Category Data and Criminal Offence Data

We do not intend to process special category or criminal offence data. Please do not provide it. If you do, we will handle it in line with this Notice and may delete it where feasible.

5. Automated Decision-Making

The chatbot generates automated outputs and maturity scores. We do not use the chatbot to make automated decisions that produce legal or similarly significant effects about you (UK GDPR Art. 22). The tool is informational and advisory only.

6. Who We Share Data With

We share personal data with service providers who help us run the Service, including:

  • AI/Agent Platform: Manus (for chatbot functionality and infrastructure)
  • Hosting/Infrastructure: Manus-managed cloud infrastructure
  • Analytics: Internal analytics only (no third-party analytics providers)

These providers act as processors/sub-processors under contract with appropriate confidentiality and security obligations. Manus uses aggregated/de-identified data to improve services.

7. International Transfers (Outside the UK)

Your data may be transferred outside the UK to countries that do not provide the same level of data protection. Where we transfer personal data internationally, we use appropriate safeguards, such as:

  • UK International Data Transfer Agreement (IDTA) or UK Addendum to EU Standard Contractual Clauses (SCCs)
  • Adequacy regulations where applicable
  • Additional technical and organisational measures

Note: Manus operates cloud infrastructure which may involve international data transfers. For specific hosting locations, please contact us at [email protected].

8. Data Retention

We keep personal data only as long as necessary for the purposes above, including security and legal needs, then delete or anonymise it.

Retention Schedule:

  • Assessment results and chat logs: 24 months from last activity
  • Account data: Duration of account plus 12 months
  • Security logs: 12-24 months
  • Support tickets: 24 months
  • Aggregated/de-identified analytics: May be retained longer

9. Your Rights (UK GDPR)

You have the following rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data (subject to legal obligations)
  • Restriction: Limit how we use your data
  • Objection: Object to processing based on legitimate interests
  • Portability: Receive your data in a structured, machine-readable format
  • Withdraw consent: Where processing is based on consent
  • Complain: Lodge a complaint with the Information Commissioner's Office (ICO)

To exercise your rights, contact us at [email protected]. We may ask you to verify your identity.

ICO Contact: https://ico.org.uk

10. Security

We use technical and organisational measures to protect personal data, including access controls, encryption, least privilege principles, and monitoring. However, no online service is 100% secure.

11. Cookies and Tracking

We use essential cookies to operate the Service (authentication, session management). For details on cookies, purposes, and retention, please see our Cookie Policy.

12. Contact

For privacy requests or questions about this Notice, contact us at: [email protected]

Responsible AI Commitment

We are committed to using AI in a transparent, secure, and responsible way. This tool is designed to support reflection and learning, not to replace professional judgement. We continuously work to ensure our AI systems are fair, explainable, and aligned with best practices in AI governance.