Privacy Policy

Last updated: 3 November 2025

We comply with UK GDPR and EU GDPR.

1) Who we are

• Controller: Sienda Ltd
  Third Floor, 207 Regent Street, W1B 3HH London, United Kingdom
• Contact: privacy@sienda.co.uk
• UK ICO registration number: ZA303820

2) What data we process

2.1 Free tier (no sign-up)

• Local only: Goals, chats, and usage counters are stored locally in your browser. We do not receive or store this content server-side.
• Technical logs (server): IP address, user-agent, URL, timestamp, and basic error logs — used for security and diagnostics.

2.2 Premium accounts

• Account & subscription: Email, subscription status/plan, and limited profile attributes needed to operate your account.
• Product data: Goal/session metadata, dashboard metrics, and notification preferences.
• Operational events: Minimal events (e.g., “checkout created”, “subscription activated”, “login”).
• Payments: Processed by our provider / Merchant-of-Record; we receive no full card details — only references (e.g., customer/subscription IDs) and status.

3) Purposes & legal bases (UK/EU GDPR)

• Provide the Service / authentication / subscription management
  → Contract (Art. 6(1)(b)); Legitimate interests (Art. 6(1)(f)) for security/anti-abuse
• Billing, tax, fraud prevention
  → Legal obligation (Art. 6(1)(c)); Legitimate interests (Art. 6(1)(f))
• Notifications & product emails
  → Contract / Legitimate interests; you can manage preferences or opt out of non-essential messages
• Marketing emails (if any)
  → Consent (Art. 6(1)(a))
• Analytics (if enabled)
  → Consent for non-essential cookies/SDKs; we keep them off by default in the UK/EEA until you opt in

4) Cookies & local storage

• Essential cookies (e.g., auth session) — used for Premium sign-in; strictly necessary
• Non-essential cookies/SDKs (analytics/experiments) — used only with your consent in the UK/EEA
• Local storage — used for Free-tier goals/chats and usage counters; remains on your device

5) Retention

• Free tier content: Remains in your browser until you delete it (we don’t have it)
• Premium account data: Kept while your account is active and for up to 24 months after closure (or as required by law)
• Billing/tax records: Retained for the legally required period (typically 6–10 years, jurisdiction-dependent)
• Operational logs: Typically 12–24 months, unless needed longer for security/compliance

6) Sharing & recipients

We share data with trusted providers only to run the Service:

• Hosting
• Email and notification services
• Analytics (if consented)
• Payment / Merchant-of-Record providers that handle tax and invoicing

We require appropriate data protection terms (UK IDTA / EU SCCs where relevant).

7) International transfers

We may transfer data outside the UK/EEA. When we do, we rely on:

• UK adequacy regulations / EU adequacy decisions (where available); and/or
• UK IDTA and/or EU Standard Contractual Clauses (SCCs) with appropriate supplementary measures

8) Your rights

Under UK GDPR / EU GDPR, you can request:

• Access
• Rectification
• Erasure
• Restriction
• Portability
• Objection to processing (including for direct marketing)
• Withdrawal of consent at any time (where processing is based on consent)

How to exercise your rights:
📧 Email us at privacy@sienda.co.uk

Complaints:

• UK users may complain to the ICO
• EEA users may complain to their national supervisory authority

9) Children

The Service is intended for users 18+. If you believe a child has provided personal data, contact us to remove it.

10) Security

We use technical and organisational measures appropriate to the risk:

• Encryption in transit
• Access controls
• Backups
• Monitoring

⚠️ No system is perfectly secure because perfection is not of this world.

11) Changes to this policy

We may update this policy. Material changes will be notified in-app or by email.

← Back