Privacy Policy

IdeaRocket ('we', 'us', 'our') is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information in compliance with UK GDPR and Data Protection Act 2018.

1. Information We Collect

Personal Information:

• Name, email address, phone number
• Business information (idea, industry, target market)
• Payment information (processed by Stripe - we don't store card details)
• IP address, browser type, device information

How We Collect It:

• Purchase forms
• AI-powered idea capture sessions (with permission, recordings)
• Email communications
• Website cookies and analytics

2. How We Use Your Information

We use your data to:

• Deliver services (create your business documentation templates)
• Communicate about your order and deliverables
• Process payments (via Stripe)
• Improve our services
• Send service-related emails (delivery, revisions)
• Comply with legal obligations

We do NOT:

• Sell your data to third parties
• Use your data for marketing without consent
• Share your business ideas publicly

3. Legal Basis for Processing (GDPR)

• Contract: Processing necessary to fulfil our service
• Legitimate Interest: Improving services, fraud prevention
• Consent: Marketing communications (opt-in only)

4. Data Sharing & Third Parties

We share data only with:

• Stripe (Payment Processing):
  • Payment information for processing transactions
  • Privacy Policy: stripe.com/privacy
• Google Workspace (Document Storage & Delivery):
  • Documents stored on Google Drive
  • Privacy Policy: policies.google.com/privacy
• Email Service Provider:
  • AWS SES for transactional emails
  • Privacy Policy: aws.amazon.com/privacy

We do NOT share with:

• Marketing companies
• Data brokers
• Social media platforms (for advertising)

5. Data Security

We implement appropriate security measures:

• Encrypted data transmission (SSL/TLS)
• Secure cloud storage (Google Workspace)
• Access controls (limited team access)
• Regular security reviews

However: No system is 100% secure. You acknowledge inherent risks of online data transmission.

6. Data Retention

• Client Data: Retained for 90 days after delivery, then deleted
• Financial Records: Retained for 7 years (UK tax law requirement)
• Email Communications: Retained for 1 year, then deleted
• Early Deletion: Request at contact@idearocket.me

7. Your Rights (GDPR)

You have the right to:

• Access: Request copy of your data (free)
• Rectification: Correct inaccurate data
• Erasure: Request deletion (after legal retention period)
• Portability: Receive data in portable format
• Restrict Processing: Limit how we use your data
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Opt out of marketing anytime

To exercise rights: Email contact@idearocket.me with "Data Request" in subject line. We respond within 30 days.

8. Cookies

See our Cookie Policy for details.

• Essential Cookies: Required for site function (payment processing, sessions)
• Analytics Cookies: Google Analytics (anonymised) - opt-out available
• No Advertising Cookies: We don't use cookies for ads or tracking

9. International Data Transfers

• Data processed in UK and EU (Google Workspace servers)
• If transferred outside UK/EU, adequate safeguards in place (Standard Contractual Clauses)

10. Children's Privacy

Our services are not directed to anyone under 18. We do not knowingly collect data from minors. If you believe we have, contact us immediately for deletion.

11. Changes to Privacy Policy

We may update this policy. Changes posted with "Last Updated" date. Material changes will be notified via email.

12. Contact & Complaints

Data Controller: IdeaRocket
Contact: contact@idearocket.me

Complaints: You have the right to lodge a complaint with:

• Information Commissioner's Office (ICO)
• Website: ico.org.uk
• Phone: 0303 123 1113