1. Who We Are
Creative Sauce Ltd is the data controller for AgentConsole HQ. We are committed to protecting your privacy and ensuring you have a positive experience on our platform.
Data Controller: Creative Sauce Ltd
Contact: privacy@creativesauce.io
2. What Data We Collect
We collect data necessary to provide, secure, and improve our platform. Here's what we collect:
Account Data
- Full name
- Email address
- Business name and industry
- Account preferences
Payment Data
- Payment information is processed securely by Stripe
- We store only the last 4 digits of payment cards for verification purposes
- Full payment details are never stored on our servers
- Billing address and transaction records
Usage Data
- AI agent activity and interactions
- Tasks completed and workflow data
- Feature usage and engagement metrics
- Timestamps and duration of platform use
Technical Data
- IP address and location data
- Browser type and version
- Device information and operating system
- Log files and access data
Communications Data
- Support tickets and correspondence
- User feedback and survey responses
- Customer support interactions
3. How We Use Your Data
We use your personal data for the following purposes:
- Service Delivery: To provide, maintain, and improve the Creative Sauce platform
- Payment Processing: To process subscriptions and transactions securely
- Service Communications: To send platform updates, security alerts, and essential service notifications
- Product Improvement: To analyse usage patterns and develop better AI agents and features
- Security: To prevent fraud, unauthorised access, and other security threats
- Legal Compliance: To meet regulatory and legal obligations
- Marketing (with consent): To send promotional content, newsletters, and product updates only when you have consented
4. Legal Basis Under UK GDPR
We process your personal data under the following legal bases:
- Contract Performance: Processing data necessary to perform our service agreement with you
- Legitimate Interests: Protecting platform security, preventing fraud, and improving our services
- Consent: Marketing communications and optional features (you can withdraw consent anytime)
- Legal Obligations: Complying with tax, financial, and regulatory requirements
5. Data Sharing
We only share your data with trusted partners necessary to operate the platform. We never sell your personal data.
Third Parties We Share With:
- Stripe: Payment processor for secure transaction handling
- Cloud Hosting Providers: AWS and Render for secure infrastructure and data storage
- Analytics Providers: Anonymised usage data only to understand platform performance
Data We Do NOT Share:
- Personal data is never sold to advertisers or third-party marketers
- Personal data is never shared for commercial purposes
- Personal data is never rented or leased to other organisations
6. Data Retention
We retain your data for different periods depending on the type and purpose:
| Data Type | Retention Period |
|---|---|
| Active Account Data | While subscription is active |
| Cancelled Account Data | 30 days after cancellation, then permanently deleted |
| Payment Records | 7 years (required by UK tax law) |
| Anonymised Analytics | Retained indefinitely for service improvement |
| Support Tickets | 3 years or until account deletion |
7. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
- Right of Access: Request a copy of all personal data we hold about you
- Right of Rectification: Correct inaccurate or incomplete data
- Right of Erasure: Request deletion of your data (subject to legal obligations)
- Right of Data Portability: Receive your data in a structured, machine-readable format
- Right to Restrict Processing: Limit how we use your data in certain circumstances
- Right to Object: Object to marketing communications and certain processing activities
- Rights Related to Automated Decision-Making: Transparency and opt-out rights for automated processing
How to Exercise Your Rights
To exercise any of these rights, please contact us at privacy@creativesauce.io with clear details of your request. We will respond within 30 days of receipt.
Right to Complain
If you believe we have not handled your personal data appropriately, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
8. Cookies and Tracking Technologies
Our platform uses minimal cookies and tracking technologies:
- Authentication Token: Essential for keeping you logged in securely
- Session Cookie: Maintains your session during platform use
- Analytics Cookie: Helps us understand how the platform is used (optional, user opt-in)
You can control cookie preferences through your browser settings. Disabling essential cookies may prevent platform access.
9. Security
We implement comprehensive security measures to protect your personal data:
- Encryption in Transit: All data transferred between your device and our servers uses TLS/SSL encryption
- Encryption at Rest: Sensitive data is encrypted when stored on our servers
- Access Controls: Strict role-based access controls limit who can access personal data
- Regular Audits: We conduct regular security assessments and penetration testing
- Employee Training: Our staff receive ongoing data protection and security training
- Incident Response: We maintain procedures to respond to any potential security incidents
10. Children's Privacy
AgentConsole HQ is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will delete such data immediately and terminate the child's account.
11. International Data Transfers
Your personal data is primarily processed and stored within the United Kingdom and European Economic Area (EEA). If we transfer data outside the UK/EEA, we implement appropriate safeguards including Standard Contractual Clauses to ensure your data remains protected in accordance with UK GDPR.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will provide you with at least 30 days' notice of any material changes by:
- Sending an email notification to your registered email address
- Posting a prominent notice on our platform
- Updating the "Effective Date" at the top of this policy
Your continued use of the platform after changes become effective constitutes your acceptance of the updated Privacy Policy.
13. Contact Us
If you have any questions about this Privacy Policy, your personal data, or our privacy practices, please contact us:
Creative Sauce Ltd
Email: privacy@creativesauce.io
Subject Line: "Privacy Policy Inquiry"
We aim to respond to all privacy inquiries within 10 business days.