Privacy Policy

Summary

Folelse Ltd is registered with the ICO (No. [ICO registration number]). We store all data in the UK, never sell your personal information, and give you full control over your data. This policy explains exactly what we collect, why, and your rights under UK GDPR.

1. Who we are

Folelse Ltd (company number 17132576, incorporated 1 April 2026) ("Folelse", "we", "us", "our") is a data controller registered with the Information Commissioner's Office (ICO) under registration number [ICO registration number]. Our registered office is 6th Floor, 37 Lombard Street, London, EC3V 9BQ, United Kingdom.

If you have any questions about this policy or about how we handle your personal data, please contact our Data Protection Officer at privacy@folelse.com.

2. What personal data we collect

We collect personal data in the following contexts:

Account and billing information: name, work email address, job title, organisation name, billing address, and payment method details (processed via Stripe — we do not store full card numbers).

Platform usage data: login timestamps, IP addresses, browser and device information, and in-app activity logs for security and audit purposes.

Support communications: messages, call recordings (with consent), and ticket content when you contact our support team.

Marketing: name and email address if you subscribe to our newsletter or request a demo, with your explicit consent.

Cookies and similar technologies: see our Cookie Policy for details.

3. Legal basis for processing

We rely on the following legal bases under UK GDPR Article 6:

Contract performance (Art. 6(1)(b)): processing necessary to deliver the platform services under our subscription agreement.

Legitimate interests (Art. 6(1)(f)): platform security, fraud prevention, product improvement analytics, and direct marketing to existing customers (you can opt out at any time).

Legal obligation (Art. 6(1)(c)): retaining financial records for HMRC compliance and responding to lawful requests from regulators.

Consent (Art. 6(1)(a)): newsletter subscriptions, marketing to prospective customers, and non-essential cookies.

4. How we use your data

We use your personal data to:

•Provide, operate, and improve the Folelse platform
•Process subscription payments and send invoices
•Respond to support requests and account queries
•Send product update notifications and security alerts
•Comply with legal and regulatory obligations
•Prevent fraud and ensure platform security
•Send marketing communications (where you have consented or we have a legitimate interest)

6. International transfers

Your personal data is stored and processed in the United Kingdom (Microsoft Azure — UK South region). Where any processor operates outside the UK, we ensure appropriate safeguards are in place, including UK International Data Transfer Agreements (IDTAs) or equivalent adequacy decisions.

7. How long we keep your data

We retain personal data only for as long as necessary:

•Active account data: held for the duration of your subscription plus 90 days following termination (to allow data export)
•Financial records: 7 years from the end of the relevant tax year (HMRC requirement)
•Support tickets: 3 years from ticket closure
•Marketing consents: until withdrawn or 3 years of inactivity
•Security logs: 12 months rolling

You may request deletion of your account data at any time (subject to legal retention obligations) by emailing privacy@folelse.com.

8. Your rights

Under UK GDPR you have the right to:

•Access — obtain a copy of the personal data we hold about you
•Rectification — correct inaccurate or incomplete data
•Erasure — request deletion ("right to be forgotten") where permitted
•Restriction — limit how we process your data in certain circumstances
•Portability — receive your data in a machine-readable format
•Objection — object to processing based on legitimate interests or for direct marketing
•Withdraw consent — at any time where processing is consent-based

To exercise any right, email privacy@folelse.com. We will respond within one month (extendable to three months for complex requests). You also have the right to lodge a complaint with the ICO (ico.org.uk).

9. Security measures

We implement technical and organisational security measures including:

•Encryption of data in transit (TLS 1.3) and at rest (AES-256)
•Role-based access controls and principle of least privilege
•Multi-factor authentication for all staff and admin accounts
•Annual CREST-certified penetration testing
•Automated vulnerability scanning and dependency auditing
•Immutable audit logs for all data access
•ISO 27001-aligned information security management

In the event of a personal data breach affecting you, we will notify you without undue delay where required under UK GDPR Article 34.

10. Cookies

We use cookies and similar technologies on our website and platform. Please see our Cookie Policy for full details, including how to manage your preferences.

11. Children's data

Our services are not directed at children under 18 and we do not knowingly collect personal data from minors. If you believe we have inadvertently collected data about a child, please contact privacy@folelse.com immediately.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or via an in-app notification at least 30 days before the change takes effect. The "last updated" date at the top of this page will always reflect the most recent revision.

13. Contact us

Data Protection Officer
Folelse Ltd
6th Floor, 37 Lombard Street, London, EC3V 9BQ, United Kingdom
Email: privacy@folelse.com

If you are dissatisfied with our response, you may complain to the ICO:
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113 | ico.org.uk

Cookie Policy Terms of Use DPA Template