Privacy Policy

Last Updated: 2026-04-27

1. Introduction, Data Controller & Contact

This Privacy Policy explains how we collect, use, and protect your information when you use our application.

For the purposes of the General Data Protection Regulation (GDPR) and the UK GDPR, the Data Controller responsible for your personal data is NON.agency United Kingdom, with its registered office at 20-22 Wenlock Road, N1 7GU London, United Kingdom.

For any privacy-related inquiries, to exercise your data rights, or to contact our Data Protection Officer, please email us at hello@non.agency.

2. Data We Collect

We collect the minimum amount of data necessary to operate our service:

• Provided by you: Name (or preferred moniker), Email address, and Phone number.
• Automatically collected: IP address, Language preference, and Session ID.
• Account/System data: Stripe Customer ID and Referral data (if you arrived via a partner link).

3. Legal Basis for Processing (GDPR)

We process your data under the following legal bases:

• Performance of a Contract: To create your account, process your payments, and provide the core AI generation tools (Email, Stripe ID, Session ID).
• Legitimate Interest: To analyze platform usage, troubleshoot bugs, and prevent fraud (IP address, Language, Matomo analytics).
• Consent: For the use of non-essential cookies, session recording (Microsoft Clarity), and live chat (Tawk.to).
• Consent: For the use of non-essential cookies.

4. Data Retention

We do not hold your data indefinitely.

• App Data & Content: Your personal profile data and generated content are kept while your account is active. If your account is deleted by you, or remains dormant for twelve (12) months, we will permanently delete your profile data, session history, and generated content from our active databases.
• Financial & Tax Records: To comply with UK tax and legal obligations, we retain basic transactional data (your Email and Stripe Customer ID) for seven (7) years following the closure of your account.

5. Third-Party Services & “Do Not Sell” Clause (CCPA)

We do not sell your personal data. We have not sold any personal data to third parties in the preceding 12 months. We share data only with the following service providers strictly to operate our platform:

• Stripe: For secure payment processing. Stripe handles your payment credentials directly; we only store your Stripe Customer ID. Their use of your data is governed by Stripe’s privacy policy.
• Matomo: For analytics tracking. We use this to understand user behavior.
• FormBricks: For forms and surveys. This data is collected without user attribution or matching.
• AI Model Providers: Your prompts are sent to third-party AI APIs to generate the requested content.

6. Cookies & Tracking

We use cookies to maintain your session, remember your preferences, and track application analytics. You have the right to accept or decline non-essential cookies via our cookie consent banner.

Necessary cookies are set automatically and cannot be declined — they are required for authentication and core platform functionality.

Analytics cookies are only set after you accept via the consent banner:

• Matomo — self-hosted analytics measuring page views and feature usage. No data is shared with third parties.
• Google Tag Manager — used to load analytics scripts in a controlled way.
• Microsoft Clarity — records anonymised session replays and heatmaps to help us identify usability issues. Because session recording captures interaction patterns, the UK Information Commissioner’s Office (ICO) classifies this as requiring prior consent rather than legitimate interest. Clarity is loaded only after you accept analytics cookies. Microsoft may process the data as described in Microsoft’s privacy statement.

Functional cookies are only set after you accept via the consent banner:

• Tawk.to — provides the live chat widget. If you interact with the chat, Tawk.to may set its own cookies to maintain the chat session. These are loaded only after consent.

You can withdraw consent at any time by clearing the cookie-consent cookie in your browser settings. Previously loaded analytics data is not retroactively deleted.

7. Your Privacy Rights (GDPR & CCPA)

Depending on your location, you possess the following rights regarding your personal data:

• Right to Access / Know: You can request a copy of the personal data we hold about you.
• Right to Erasure / Deletion: You can request that we delete your personal data (subject to our 7-year legal/tax retention requirements for transactional data).
• Right to Rectification: You can request corrections to inaccurate data.
• Right to Restrict Processing: You can ask us to suspend the processing of your data.
• Right to Data Portability: You can request your data in a structured, commonly used format.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, email hello@non.agency. We will respond to your request within 30 days.