Privacy Policy

Last Updated: 25 November 2025

Your Privacy Rights

This Privacy Policy explains how we collect, use, share, and protect your personal data. Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have important rights regarding your personal data, which are detailed in Section 8 of this Policy.

1. Introduction and Data Controller

1.1 About This Policy

FundCreators ("FundCreators", "we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and safeguard your personal data when you use our website, mobile application, and services (collectively, the "Platform").

1.2 Data Controller

FundCreators is the data controller for the personal data collected through our Platform. As data controller, we determine the purposes and means of processing your personal data. We are established in Scotland and operate under the laws of the United Kingdom.

1.3 Legal Framework

We process your personal data in accordance with:

The UK General Data Protection Regulation (UK GDPR);
The Data Protection Act 2018;
The Privacy and Electronic Communications Regulations 2003 (PECR);
Other applicable UK data protection legislation.

1.4 Supervisory Authority

Our supervisory authority is the Information Commissioner's Office (ICO). You have the right to lodge a complaint with the ICO if you believe your data protection rights have been violated.

Website: https://ico.org.uk/concerns/
Telephone: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

1.5 Contact Details

For data protection enquiries, please contact us:

Email: privacy@fundcreators.com
General enquiries: support@fundcreators.com

2. Personal Data We Collect

We collect and process the following categories of personal data:

2.1 Information You Provide Directly

Category	Types of Data	When Collected
Account Information	Name, email address, password, username	Registration
Profile Information	Profile picture, biography, website links, social media handles, location	Profile setup
Identity Verification	Government-issued ID, proof of address, date of birth	Creator verification
Financial Information	Bank account details, billing address (payment card details processed by Stripe)	Payments
Project Information	Project descriptions, images, videos, funding goals, reward details	Project creation
Communications	Messages, comments, support enquiries, survey responses	Platform use

2.2 Information Collected Automatically

Device Information: IP address, browser type and version, operating system, device type, device identifiers, screen resolution.
Usage Information: Pages visited, features used, time spent on pages, click patterns, search queries, referring websites.
Location Information: Approximate location derived from IP address; precise location only if you grant permission.
Cookies and Similar Technologies: Session data, preferences, authentication tokens. See our Cookie Policy for details.

2.3 Information from Third Parties

Social Media Providers: If you log in via social media, we receive your name, email, and profile picture from the provider.
Payment Processors (Stripe): Transaction status, payment confirmation, partial card details for verification.
Identity Verification Services: Verification results and fraud risk assessments.
Analytics Services: Aggregated usage statistics and insights.

2.4 Special Category Data

We do not intentionally collect special category data (such as racial or ethnic origin, political opinions, religious beliefs, health data, or sexual orientation). If you voluntarily include such data in Project descriptions or communications, you consent to its processing as part of the relevant content.

3. Legal Basis for Processing

Under Article 6 of the UK GDPR, we process your personal data on the following legal bases:

Processing Activity	Legal Basis	Justification
Account creation and management	Contract (Art. 6(1)(b))	Necessary to perform our contract with you
Processing payments and transactions	Contract (Art. 6(1)(b))	Necessary to provide our services
Service communications (updates, alerts)	Contract (Art. 6(1)(b))	Necessary to provide our services
Identity verification	Legal Obligation (Art. 6(1)(c))	Required for anti-money laundering compliance
Fraud prevention and security	Legitimate Interests (Art. 6(1)(f))	Protecting users and the platform from fraud
Platform improvement and analytics	Legitimate Interests (Art. 6(1)(f))	Improving our services and user experience
Marketing communications	Consent (Art. 6(1)(a))	Only with your explicit opt-in consent
Non-essential cookies	Consent (Art. 6(1)(a))	Only with your explicit consent
Tax and accounting records	Legal Obligation (Art. 6(1)(c))	Required by UK tax and accounting laws
Responding to legal requests	Legal Obligation (Art. 6(1)(c))	Compliance with court orders or law enforcement

3.1 Legitimate Interests Assessment

Where we rely on legitimate interests, we have conducted a balancing assessment to ensure our interests do not override your fundamental rights and freedoms. You may request details of these assessments by contacting privacy@fundcreators.com.

4. How We Use Your Personal Data

4.1 Service Provision

Creating and managing your account;
Processing Contributions and disbursing funds to Creators;
Facilitating communication between Creators and Backers;
Delivering notifications about Projects you've backed or created;
Providing customer support.

4.2 Platform Safety and Security

Detecting and preventing fraud, abuse, and security incidents;
Verifying user identities where required;
Enforcing our Terms of Service;
Protecting the rights and safety of users.

4.3 Platform Improvement

Analysing usage patterns to improve functionality;
Testing new features;
Conducting research and analysis;
Personalising your experience (with your consent where required).

4.4 Communications

Sending essential service communications (account updates, transaction confirmations);
Sending Project updates for campaigns you've backed;
Marketing communications (only with your consent);
Responding to your enquiries.

4.5 Legal Compliance

Complying with tax and accounting obligations;
Responding to lawful requests from authorities;
Exercising and defending legal claims.

5. Sharing Your Personal Data

We may share your personal data with the following categories of recipients:

5.1 Other Users

Creators: When you back a Project, we share your name (unless you choose to contribute anonymously), contribution amount, and contact details necessary for reward fulfilment with the Creator.
Backers: Creator profile information and Project details are publicly visible.
Public Content: Comments, reviews, and other public content you post is visible to all users.

5.2 Service Providers

We use third-party service providers who process data on our behalf:

Stripe: Payment processing (based in the US with UK and EU entities; Privacy Shield certified and uses Standard Contractual Clauses).
Cloud Hosting: Data storage and infrastructure services.
Analytics Providers: Usage analysis and improvement.
Customer Support Tools: Helpdesk and communication services.
Email Service Providers: Transactional and marketing email delivery.
Identity Verification Services: KYC and fraud prevention.

All service providers are bound by data processing agreements requiring them to process data only on our instructions and implement appropriate security measures.

5.3 Legal and Regulatory Disclosures

We may disclose your personal data:

To comply with applicable laws, regulations, or legal processes;
To respond to lawful requests from public authorities (including law enforcement);
To protect our rights, property, or safety, or that of our users or the public;
In connection with legal proceedings or prospective legal proceedings.

5.4 Business Transfers

If FundCreators is involved in a merger, acquisition, reorganisation, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you of any such transfer and any choices you may have regarding your data.

5.5 With Your Consent

We may share your personal data with other parties where you have given us specific consent to do so.

6. International Data Transfers

Your personal data may be transferred to, and processed in, countries outside the United Kingdom, including countries that may not provide the same level of data protection as the UK.

6.1 Transfer Safeguards

When we transfer personal data outside the UK, we ensure appropriate safeguards are in place, including:

UK Adequacy Decisions: Transfers to countries that the UK has determined provide adequate data protection.
International Data Transfer Agreement (IDTA): The UK Government's approved contract for international transfers.
UK Addendum to EU SCCs: Standard Contractual Clauses with the UK Addendum where applicable.
Binding Corporate Rules: Where recipients have approved binding corporate rules.

6.2 Transfer Impact Assessments

Where required, we conduct Transfer Impact Assessments to evaluate the level of protection afforded to personal data in recipient countries and implement supplementary measures where necessary.

6.3 Further Information

You may request copies of the safeguards we have in place for international transfers by contacting privacy@fundcreators.com.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

Encryption: Data encrypted in transit (TLS/SSL) and at rest.
Access Controls: Role-based access restrictions and authentication requirements.
Security Monitoring: Continuous monitoring for security threats and vulnerabilities.
Security Testing: Regular penetration testing and security assessments.
Staff Training: Data protection and security awareness training for employees.
Incident Response: Documented procedures for responding to data breaches.
Vendor Security: Security assessments of third-party service providers.

While we take reasonable precautions, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.

7.1 Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to you, we will also notify you directly without undue delay.

8. Your Rights Under UK GDPR

Under the UK GDPR and Data Protection Act 2018, you have the following rights regarding your personal data:

Right of Access (Article 15)

You have the right to obtain confirmation of whether we process your personal data and to request a copy of your personal data.

Right to Rectification (Article 16)

You have the right to request correction of inaccurate personal data and completion of incomplete personal data.

Right to Erasure ("Right to be Forgotten") (Article 17)

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for its original purpose.

Right to Restriction of Processing (Article 18)

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as while we verify the accuracy of your data.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we demonstrate compelling legitimate grounds.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that significantly affect you. You can request human intervention, express your point of view, and contest such decisions.

Right to Withdraw Consent

Where we process your data based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

8.1 How to Exercise Your Rights

To exercise any of your rights, please contact us at privacy@fundcreators.com with:

Your name and contact details;
A description of the right you wish to exercise;
Any information to help us identify your data.

We will respond within one month of receiving your request. If your request is complex or we receive multiple requests, we may extend this by up to two additional months. We will inform you of any extension and the reasons for it.

8.2 Identity Verification

We may request proof of identity before processing your request to ensure we do not disclose personal data to the wrong person.

8.3 Fees

Requests are normally free. However, we may charge a reasonable fee for manifestly unfounded, excessive, or repetitive requests, or we may refuse to comply with such requests.

8.4 Complaints

If you are unhappy with how we have handled your data or your rights request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Online: https://ico.org.uk/concerns/
Telephone: 0303 123 1113

We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first at privacy@fundcreators.com.

9. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

9.1 Retention Periods

Data Category	Retention Period	Reason
Account information	Duration of account + 6 years	Legal claims limitation period
Transaction records	7 years from transaction	UK tax and accounting requirements
Identity verification documents	5 years after relationship ends	Anti-money laundering regulations
Project data	Duration of rewards + 6 years	Contractual obligations and legal claims
Customer support enquiries	3 years from resolution	Service improvement and dispute resolution
Marketing consent records	Duration of consent + 2 years	Consent record-keeping requirements
Website logs and analytics	26 months	Security and service improvement

9.2 Retention Criteria

To determine appropriate retention periods, we consider:

The nature and sensitivity of the personal data;
The purposes for which we process the data;
Applicable legal requirements;
Limitation periods for potential legal claims;
Guidance from the ICO and other regulators.

9.3 Data Deletion and Anonymisation

After the retention period expires, we will securely delete or anonymise your personal data. Anonymised data may be retained indefinitely for research and statistical purposes.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to collect information about your browsing activities. For detailed information about the cookies we use, your choices, and how to manage cookies, please see our Cookie Policy.

11. Children's Privacy

Our Platform is not intended for children under the age of 18. We do not knowingly collect personal data from children under 18. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@fundcreators.com. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information promptly.

12. Third-Party Links

Our Platform may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy does not apply to such third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will notify you of significant changes by:

Posting the updated Policy on this page with a new "Last Updated" date;
Sending you an email notification (for material changes);
Displaying a notice on our Platform.

We encourage you to review this Privacy Policy periodically. Your continued use of the Platform after changes become effective constitutes your acknowledgment of the updated Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy enquiries: privacy@fundcreators.com
General support: support@fundcreators.com

We aim to respond to all enquiries within 5 business days.

By using the FundCreators platform, you acknowledge that you have read and understood this Privacy Policy.