Privacy policy

Your data, your rights

This policy explains what personal and workspace data we collect, why we process it, and how we comply with the UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations.

Last updated: April 4, 2026

Data controller

Who is responsible

Dhruvi Infinity Ltd (registered in England & Wales) controls this data. You can reach the team at legal@dii.ltd for any privacy concern.

What we collect

Account, workspace, and purchase data

  • Account identifiers such as name, email, password hash, and billing details
  • Workspace content, founder stories, evidence, and documents you upload or type
  • Support requests, entitlements, payment history, and AI usage metadata

Why we process it

Lawful bases

  • Contract performance (UK GDPR Article 6(1)(b)) to deliver the workspaces and paid packages you selected
  • Legitimate interests (Article 6(1)(f)) to maintain platform security, fraud prevention, and quality assurance
  • Consent for marketing communications and certain preferences you actively opt into

Usage of your data

Data powers workspace delivery, onboarding, customer support, and data-driven product improvements. AI calls are logged for auditing and cost-tracking, but we never publish private founder data externally.

For more on AI telemetry, see Visitor events.

Third parties

We work with trusted processors under UK-approved agreements. External services include Stripe (payments), AWS (hosting), OpenAI (AI checkpoints), and other infrastructure partners. We do not sell personal data.

Retention & security

Records are retained only while needed for contract fulfilment, legal compliance, or to respond to disputes, per the Data Protection Act 2018. We protect data with encryption, access controls, monitoring, and staff training.

Your rights

You may request access, correction, erasure, restriction, portability, or object to processing. We will respond within one month unless the law allows an extension. You also have the right to complain to the Information Commissioner’s Office (ico.org.uk).

Cookies & marketing

Cookies enable authentication, analytics, and personalization. Marketing emails are sent only with your consent and always include an unsubscribe link, consistent with the Privacy and Electronic Communications Regulations.

International transfers

When data crosses borders, we rely on UK adequacy decisions or Standard Contractual Clauses approved by the ICO to keep the protection level intact.

Policy updates

We may update this policy to reflect new legal guidance. We will post the revised version here with the effective date and notify you of major changes.