Privacy Policy

Last updated: 30 September 2025

We comply with UK GDPR and EU GDPR.

1) Who we are

  • Controller: Sienda Ltd, London, Third Floor 207 Regent Street, W1B 3HH London, United Kingdom
  • Contact: privacy@sienda.co.uk
  • UK ICO registration number: ZA303820

2) What data we process

2.1 Free tier (no sign-up)
  • Local only: Goals, chats and usage counters are stored locally in your browser. We do not receive or store this content server-side.
  • Technical logs (server): IP address, user-agent, URL, timestamp, basic error logs—used for security and diagnostics.
2.2 Premium accounts
  • Account & subscription: Email, subscription status/plan, limited profile attributes needed to operate your account.
  • Product data: Goal/session metadata, dashboard metrics, notification preferences.
  • Operational events: Minimal events (e.g., “checkout created”, “subscription activated”, “login”).
  • Payments: Processed by our provider/Merchant-of-Record; we receive no full card details—only references (e.g., customer/subscription IDs) and status.

3) Purposes & legal bases (UK/EU GDPR)

  • Provide the Service / authentication / subscription managementContract (Art. 6(1)(b)); Legitimate interests (Art. 6(1)(f)) for security/anti-abuse.
  • Billing, tax, fraud preventionLegal obligation (Art. 6(1)(c)); Legitimate interests (Art. 6(1)(f)).
  • Notifications & product emailsContract / Legitimate interests; you can manage preferences or opt out of non-essential messages.
  • Marketing emails (if any)Consent (Art. 6(1)(a)).
  • Analytics (if enabled)Consent for non-essential cookies/SDKs; we keep them off by default in the UK/EEA until you opt in.

4) Cookies & local storage

  • Essential cookies (e.g., auth session) — used for premium sign-in; strictly necessary.
  • Non-essential cookies/SDKs (analytics/experiments) — used only with your consent in the UK/EEA.
  • Local storage — used for free-tier goals/chats and usage counters; remains on your device.

5) Retention

  • Free tier content: remains in your browser until you delete it (we don’t have it).
  • Premium account data: kept while your account is active and for up to 24 months after closure (or as required by law).
  • Billing/tax records: retained for the legally required period (typically 6–10 years, jurisdiction-dependent).
  • Operational logs: typically 12–24 months, unless needed longer for security/compliance.

6) Sharing & recipients

We share data with trusted providers only to run the Service: hosting, email and notification services, analytics (if consented), and payment/MoR providers that handle tax and invoicing. We require appropriate data protection terms (UK IDTA/EU SCCs where relevant).

7) International transfers

We may transfer data outside the UK/EEA. When we do, we rely on:

  • UK adequacy regulations / EU adequacy decisions (where available); and/or
  • UK IDTA and/or EU Standard Contractual Clauses (SCCs) with appropriate supplementary measures.

8) Your rights

Under UK GDPR/EU GDPR you can request: access, rectification, erasure, restriction, portability, objection to processing (including for direct marketing), and withdrawal of consent at any time (where processing is based on consent).

  • How: email privacy@sienda.co.uk
  • Complaints: UK users may complain to the ICO; EEA users to their national supervisory authority.

9) Children

The Service is intended for users 18+. If you believe a child has provided personal data, contact us to remove it.

10) Security

We use technical and organisational measures appropriate to the risk (encryption in transit, access controls, backups, monitoring). No system is perfectly secure.

11) Changes to this policy

We may update this policy. Material changes will be notified in-app or by email.