ShapeAI LogoShapeAI.co.uk

PRIVACY POLICY

Effective date: 2 October 2025
Data controller: PREPARING BUSINESS LTD
Company no.: 16107292
Registered office: 12 Skinner Lane, Leeds, England, LS7 1DL
Contact / Data Protection / Support: info@shapeai.co.uk
Service: https://shapeai.co.uk

1. Introduction

We respect your privacy. This Policy explains what personal data we collect, why we process it, how long we keep it and how you can exercise your rights. It applies to data collected when you use the Service.

2. What data we collect

We collect personal data necessary to provide and improve the Service:

  • Identity & contact: name (optional), email, postal/billing address if required.
  • Account data: username, hashed password, profile settings and preferences.
  • Payment & transactions: order refs, transaction IDs, amounts, currency (EUR, GBP, USD), dates — we do not store full card numbers or CVV unless explicitly stated (payments handled by third-party processors).
  • Service usage & content: token ledger, purchase history, Generation Transaction logs (prompt metadata, words count, days, selected options), generated outputs, download/access logs.
  • Health / dietary data (sensitive): allergies, medical conditions, dietary requirements, weight, height, age — processed only with explicit consent or other lawful basis.
  • Technical & device: IP address, device type, browser, user-agent, access timestamps, crash logs.
  • Support & communications: emails, chat transcripts, attachments.
  • Marketing & consent records: newsletter subscriptions, consent logs.

3. Purposes & legal bases for processing

We process personal data for specific purposes and with lawful bases:

  • To provide and operate the Service (accounts, deliveries, token purchases): performance of contract.
  • Payments and fraud prevention: legal obligation and legitimate interests.
  • Support, refunds and complaints: performance of contract / legitimate interests.
  • Marketing: consent (you may withdraw anytime).
  • Service improvement & analytics: legitimate interests (we balance interests and minimise data). Health/diet data used for personalisation only with explicit consent.
  • Compliance with law: legal obligation.

4. Automated decision-making and profiling (AI)

  • The Service uses AI to generate meal plans. Generation involves automated processing based on the data you provide (profiling).
  • You may request human review of any automated output that significantly affects you — contact info@shapeai.co.uk.
  • We will not rely solely on automated processing of special category data in a way that produces legal effects without explicit consent unless permitted by law.

5. Sharing & international transfers

We share data with third parties to deliver the Service — payment processors, cloud hosting, AI providers, analytics, customer support platforms and advisors. Some recipients may be located outside the UK/EEA; in such cases we use appropriate safeguards (UK adequacy, Standard Contractual Clauses or other lawful mechanisms). We will ensure onward recipients provide adequate protection.

Note: Specific providers include payment processors, OpenAI for AI services, cloud hosting providers, analytics services, and customer support platforms. Detailed list available upon request.

6. Cookies & similar technologies

We use cookies, localStorage, sessionStorage and pixels to operate the Service, remember preferences, keep sessions and — with consent — for analytics and marketing. Essential cookies do not require consent. See our Cookie Policy for more.

7. Retention (how long we keep data)

We retain data only as long as necessary:

  • Transaction records / Token ledger: minimum 24 months, up to 6 years for disputes/compliance.
  • Account profile & access logs: while Account active and for a reasonable period after closure for fraud prevention.
  • Generation outputs & model logs: retained for operational, audit and quality purposes; retention minimised.
  • Support correspondence: retained as necessary to resolve issues.

We delete or anonymise data when no longer required unless legal obligations require otherwise.

8. Your rights

You have rights under UK GDPR, including access, rectification, erasure, restriction, portability, objection and withdrawal of consent. To exercise rights contact info@shapeai.co.uk. We may request ID to verify requests and will respond within statutory timeframes (normally one month).

Note: We recommend implementing a DSAR (Data Subject Access Request) web form and logging system for efficient processing.

9. Security

We implement appropriate technical and organisational measures: TLS encryption in transit, access controls, secure backups, least-privilege access, monitoring and vulnerability management. No system is absolute; in case of personal data breach we will notify affected users and the ICO as required by law.

10. Children

Service is for users aged 18+. We do not knowingly collect data from children under 18. If you suspect data from a child has been collected contact info@shapeai.co.uk.

11. Marketing & preferences

Marketing communications require consent; you may opt out via unsubscribe links or by contacting info@shapeai.co.uk. Transactional messages (receipts, security notices) are still sent as needed.

12. Changes to this Policy

We may update this Policy; material changes will be notified to registered users. Effective date will be updated.

13. Contact & complaints

For data requests or complaints contact:

Email: info@shapeai.co.uk

Phone: +44 7418 638914

You also have the right to complain to the Information Commissioner's Office (ICO) if you are unhappy with how we use your data: ico.org.uk