Privacy Policy

1. Introduction and Data Controller

1.1 About This Policy

FundCreators ("FundCreators", "we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and safeguard your personal data when you use our website, mobile application, and services (collectively, the "Platform").

1.2 Data Controller

FundCreators is the data controller for the personal data collected through our Platform. As data controller, we determine the purposes and means of processing your personal data. We are established in Scotland and operate under the laws of the United Kingdom.

1.3 Legal Framework

We process your personal data in accordance with:

• The UK General Data Protection Regulation (UK GDPR);
• The Data Protection Act 2018;
• The Privacy and Electronic Communications Regulations 2003 (PECR);
• Other applicable UK data protection legislation.

1.4 Supervisory Authority

Our supervisory authority is the Information Commissioner's Office (ICO). You have the right to lodge a complaint with the ICO if you believe your data protection rights have been violated.

• Website: https://ico.org.uk/concerns/
• Telephone: 0303 123 1113
• Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

1.5 Contact Details

For data protection enquiries, please contact us:

• Email: privacy@fundcreators.com
• General enquiries: support@fundcreators.com

2. Personal Data We Collect

We collect and process the following categories of personal data:

2.1 Information You Provide Directly

2.2 Information Collected Automatically

• Device Information: IP address, browser type and version, operating system, device type, device identifiers, screen resolution.
• Usage Information: Pages visited, features used, time spent on pages, click patterns, search queries, referring websites.
• Location Information: Approximate location derived from IP address; precise location only if you grant permission.
• Cookies and Similar Technologies: Session data, preferences, authentication tokens. See our Cookie Policy for details.

2.3 Information from Third Parties

• Social Media Providers: If you log in via social media, we receive your name, email, and profile picture from the provider.
• Payment Processors (Stripe): Transaction status, payment confirmation, partial card details for verification.
• Identity Verification Services: Verification results and fraud risk assessments.
• Analytics Services: Aggregated usage statistics and insights.

2.4 Special Category Data

We do not intentionally collect special category data (such as racial or ethnic origin, political opinions, religious beliefs, health data, or sexual orientation). If you voluntarily include such data in Project descriptions or communications, you consent to its processing as part of the relevant content.

3. Legal Basis for Processing

Under Article 6 of the UK GDPR, we process your personal data on the following legal bases:

3.1 Legitimate Interests Assessment

Where we rely on legitimate interests, we have conducted a balancing assessment to ensure our interests do not override your fundamental rights and freedoms. You may request details of these assessments by contacting privacy@fundcreators.com.

4. How We Use Your Personal Data

4.1 Service Provision

• Creating and managing your account;
• Processing Contributions and disbursing funds to Creators;
• Facilitating communication between Creators and Backers;
• Delivering notifications about Projects you've backed or created;
• Providing customer support.

4.2 Platform Safety and Security

• Detecting and preventing fraud, abuse, and security incidents;
• Verifying user identities where required;
• Enforcing our Terms of Service;
• Protecting the rights and safety of users.

4.3 Platform Improvement

• Analysing usage patterns to improve functionality;
• Testing new features;
• Conducting research and analysis;
• Personalising your experience (with your consent where required).

4.4 Communications

• Sending essential service communications (account updates, transaction confirmations);
• Sending Project updates for campaigns you've backed;
• Marketing communications (only with your consent);
• Responding to your enquiries.

4.5 Legal Compliance

• Complying with tax and accounting obligations;
• Responding to lawful requests from authorities;
• Exercising and defending legal claims.

5. Sharing Your Personal Data

We may share your personal data with the following categories of recipients:

5.1 Other Users

• Creators: When you back a Project, we share your name (unless you choose to contribute anonymously), contribution amount, and contact details necessary for reward fulfilment with the Creator.
• Backers: Creator profile information and Project details are publicly visible.
• Public Content: Comments, reviews, and other public content you post is visible to all users.

5.2 Service Providers

We use third-party service providers who process data on our behalf:

• Stripe: Payment processing (based in the US with UK and EU entities; Privacy Shield certified and uses Standard Contractual Clauses).
• Cloud Hosting: Data storage and infrastructure services.
• Analytics Providers: Usage analysis and improvement.
• Customer Support Tools: Helpdesk and communication services.
• Email Service Providers: Transactional and marketing email delivery.
• Identity Verification Services: KYC and fraud prevention.

All service providers are bound by data processing agreements requiring them to process data only on our instructions and implement appropriate security measures.

5.3 Legal and Regulatory Disclosures

We may disclose your personal data:

• To comply with applicable laws, regulations, or legal processes;
• To respond to lawful requests from public authorities (including law enforcement);
• To protect our rights, property, or safety, or that of our users or the public;
• In connection with legal proceedings or prospective legal proceedings.

5.4 Business Transfers

If FundCreators is involved in a merger, acquisition, reorganisation, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you of any such transfer and any choices you may have regarding your data.

5.5 With Your Consent

We may share your personal data with other parties where you have given us specific consent to do so.

6. International Data Transfers

Your personal data may be transferred to, and processed in, countries outside the United Kingdom, including countries that may not provide the same level of data protection as the UK.

6.1 Transfer Safeguards

When we transfer personal data outside the UK, we ensure appropriate safeguards are in place, including:

• UK Adequacy Decisions: Transfers to countries that the UK has determined provide adequate data protection.
• International Data Transfer Agreement (IDTA): The UK Government's approved contract for international transfers.
• UK Addendum to EU SCCs: Standard Contractual Clauses with the UK Addendum where applicable.
• Binding Corporate Rules: Where recipients have approved binding corporate rules.

6.2 Transfer Impact Assessments

Where required, we conduct Transfer Impact Assessments to evaluate the level of protection afforded to personal data in recipient countries and implement supplementary measures where necessary.

6.3 Further Information

You may request copies of the safeguards we have in place for international transfers by contacting privacy@fundcreators.com.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest.
• Access Controls: Role-based access restrictions and authentication requirements.
• Security Monitoring: Continuous monitoring for security threats and vulnerabilities.
• Security Testing: Regular penetration testing and security assessments.
• Staff Training: Data protection and security awareness training for employees.
• Incident Response: Documented procedures for responding to data breaches.
• Vendor Security: Security assessments of third-party service providers.

While we take reasonable precautions, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.

7.1 Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to you, we will also notify you directly without undue delay.

8. Your Rights Under UK GDPR

Under the UK GDPR and Data Protection Act 2018, you have the following rights regarding your personal data:

8.1 How to Exercise Your Rights

To exercise any of your rights, please contact us at privacy@fundcreators.com with:

• Your name and contact details;
• A description of the right you wish to exercise;
• Any information to help us identify your data.

We will respond within one month of receiving your request. If your request is complex or we receive multiple requests, we may extend this by up to two additional months. We will inform you of any extension and the reasons for it.

8.2 Identity Verification

We may request proof of identity before processing your request to ensure we do not disclose personal data to the wrong person.

8.3 Fees

Requests are normally free. However, we may charge a reasonable fee for manifestly unfounded, excessive, or repetitive requests, or we may refuse to comply with such requests.

8.4 Complaints

If you are unhappy with how we have handled your data or your rights request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Online: https://ico.org.uk/concerns/
• Telephone: 0303 123 1113

We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first at privacy@fundcreators.com.

9. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

9.1 Retention Periods

9.2 Retention Criteria

To determine appropriate retention periods, we consider:

• The nature and sensitivity of the personal data;
• The purposes for which we process the data;
• Applicable legal requirements;
• Limitation periods for potential legal claims;
• Guidance from the ICO and other regulators.

9.3 Data Deletion and Anonymisation

After the retention period expires, we will securely delete or anonymise your personal data. Anonymised data may be retained indefinitely for research and statistical purposes.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to collect information about your browsing activities. For detailed information about the cookies we use, your choices, and how to manage cookies, please see our Cookie Policy.

11. Children's Privacy

Our Platform is not intended for children under the age of 18. We do not knowingly collect personal data from children under 18. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@fundcreators.com. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information promptly.

12. Third-Party Links

Our Platform may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy does not apply to such third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will notify you of significant changes by:

• Posting the updated Policy on this page with a new "Last Updated" date;
• Sending you an email notification (for material changes);
• Displaying a notice on our Platform.

We encourage you to review this Privacy Policy periodically. Your continued use of the Platform after changes become effective constitutes your acknowledgment of the updated Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Privacy enquiries: privacy@fundcreators.com
• General support: support@fundcreators.com

We aim to respond to all enquiries within 5 business days.