← Back to we41.store

Privacy Policy & GDPR

Last updated: 1 April 2025

1. Who We Are

we41.store is the data controller for personal data collected through this website and the associated Service. Contact us at privacy@we41.store.

2. What Data We Collect

Category	Data	Source
Account data	Full name, email address, company name, password (hashed)	Provided by you at registration
Subscription & billing	Subscription tier, billing dates, Stripe customer ID	Generated through use of the Service
Report data	Company domain, social media links, competitor names provided for reports	Provided by you when generating reports
Usage data	Report count, login timestamps, activity logs	Automatically collected
Technical data	IP address, browser type, device type	Automatically collected
Cookies	Session cookies, preference cookies (theme, language)	Set by the Service

We do not collect special category (sensitive) data and do not sell your data to third parties.

3. Legal Basis for Processing

Purpose	Legal basis
Providing the Service (account management, generating reports)	Contract performance (Art. 6(1)(b) UK GDPR)
Processing payments via Stripe	Contract performance & legal obligation
Sending transactional emails (confirmations, alerts)	Contract performance
Sending marketing digest emails	Legitimate interests (you can opt out at any time)
Analytics and service improvement	Legitimate interests
Legal compliance, fraud prevention	Legal obligation / legitimate interests

4. How We Use Your Data

• To create and manage your account and subscription.
• To generate AI-powered marketing analysis reports based on the information you provide.
• To send transactional emails: account confirmation, subscription updates, payment receipts, and report alerts.
• To send monthly digest emails and usage warnings (you can unsubscribe in Settings).
• To process payments securely through Stripe (we do not store card details).
• To detect and prevent fraud or abuse.
• To comply with applicable laws and regulations.

5. Cookies

We use the following cookies:

Cookie	Purpose	Duration
mk-theme	Stores your UI theme preference (dark/light)	Persistent (localStorage)
mk-lang	Stores your language preference	Persistent (localStorage)
mk-token	Authentication session token	Session / 7 days
mk-cookie-consent	Records your cookie consent choice	1 year

We do not use third-party tracking or advertising cookies. You can manage cookie preferences via the banner on our homepage or by clearing your browser cookies.

6. Third-Party Processors

• Stripe — payment processing. Data processed in the UK/EU under standard contractual clauses. Stripe Privacy Policy.
• Supabase — database and authentication. Data stored in the EU. Supabase Privacy Policy.
• Resend — transactional email delivery. Resend Privacy Policy.
• Anthropic (Claude AI) — AI report generation. Prompts may include company/competitor names you provide. Data is not used to train Anthropic's models under API terms. Anthropic Privacy Policy.

7. Data Retention

• Account data is retained for the duration of your account plus 2 years.
• Reports are retained indefinitely unless you delete them from your dashboard.
• Activity logs are retained for 12 months.
• You can delete your account and associated data at any time from Settings or by emailing privacy@we41.store.

8. Your Rights (UK GDPR)

You have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you.
• Rectification — request correction of inaccurate data.
• Erasure — request deletion of your data ("right to be forgotten").
• Restriction — request that we limit how we process your data.
• Portability — receive your data in a machine-readable format.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any right, email privacy@we41.store. We will respond within 30 days. If you are dissatisfied with our response, you may lodge a complaint with the Information Commissioner's Office (ICO).

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Passwords are stored as bcrypt hashes; we never store plaintext passwords.
• All data in transit is encrypted via TLS/HTTPS.
• Authentication tokens are signed JWTs with expiry.
• Database access is restricted to application services only.

10. International Transfers

Your data is primarily processed within the UK and EU. Where data is transferred outside these regions (e.g. to Anthropic's US-based API), we rely on standard contractual clauses or adequacy decisions to ensure an equivalent level of protection.

11. Children's Privacy

The Service is not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has created an account, contact us at privacy@we41.store.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or via a notice on our website. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

13. Contact

For any privacy-related queries or to exercise your rights:
Email: privacy@we41.store
Website: we41.store

---