Foundations

Privacy Policy

Effective Date: 7 June 2025

This Privacy Policy explains how Foundations (“we”, “our”, “us”) collects, uses, and protects your personal data. Foundations is operated by Michael Dominic van Almsick, a sole trader based in the United Kingdom.

1. Data We Collect

a) User Data

  • Name and email address (via Clerk);
  • Authentication tokens and login metadata;
  • Stripe payment and payout information;
  • IP address, device, and usage metadata (via PostHog).

b) Client Data

You may store client information — such as names, email addresses, and session notes — within the Service. You are the data controller for this content.

c) Cookies & Similar Tech

We use cookies for authentication (Clerk) and, with your consent, analytics (PostHog). See our Cookie Policy.

2. How We Use Your Data

  • Provide, maintain, and improve the Service;
  • Process payments and payouts via Stripe;
  • Deliver transactional emails via Resend;
  • Analyse usage to build better features (PostHog);
  • Ensure security, prevent fraud, and comply with law.

We do not sell your personal data.

3. Legal Basis for Processing

  • Contractual necessity (to deliver the Service);
  • Legitimate interests (product improvement, fraud prevention);
  • Consent (for optional analytics or marketing emails).

4. Data Sharing & Processors

We share data with trusted providers who process it on our behalf:

  • Stripe – payments & payouts
  • Clerk – authentication
  • Resend – email delivery
  • Neon – Postgres database
  • PostHog – analytics (consent-based)
  • Google Maps API – location autocomplete
  • Vercel – hosting

All processors are GDPR-compliant and bound by DPA agreements.

5. Data Retention

We retain personal data while you have an active account. Upon request or account deletion, data is erased or anonymised within 30 days, unless retention is required by law.

6. Your Rights (UK GDPR)

You may:

  • Access, correct, or delete your data;
  • Object to or restrict certain processing;
  • Export your data (“data portability”);
  • Withdraw consent at any time (for analytics/marketing).

To exercise these rights, email support@usefoundations.app.

7. Security

We use encryption in transit and at rest, principle-of-least-privilege access controls, and serverless hosting on Vercel. However, no online service is 100 % secure.

8. International Transfers

Data may be processed outside the UK (e.g. EEA or US) by our sub-processors, but always under appropriate safeguards such as Standard Contractual Clauses.

9. Policy Updates

We may update this Privacy Policy periodically. Material changes will be announced via the Service or email.

Questions? Email support@usefoundations.app