Legal

Privacy Policy

Last updated: 17 April 2026

1. Who we are

Selfound Ltd ("we", "us", "our") is an AI venture studio registered in England and Wales (company number 16450921). Our registered office is at Unit 82a James Carter Road, Mildenhall, Bury St. Edmunds, IP28 7DE, United Kingdom. We operate the website at selfound.com and the AI chat assistant at ai.selfound.com.

This policy explains what personal data we collect from you when you use our site or chat with our AI consultant, how we use it, and the rights you have over it under the UK GDPR, the Data Protection Act 2018, and (where applicable) the EU GDPR.

Data controller: Selfound Ltd. For any privacy question or to exercise your rights, contact us at hello@selfound.com.

2. What we collect

a) Information you give us through the AI chat

When you use the chat widget on our site, we process the content of your messages and any information you choose to share: your name, email address, job title, company, team size, pain points, tools in use, budget expectations, and timeline. You control what you share.

At the end of a qualification conversation, when you confirm, we store the full conversation transcript, a summary, and your contact details in our database so our team can follow up with a tailored proposal.

b) Information you give us by email

If you email hello@selfound.com, we retain that correspondence and any details you include.

c) Technical data

Our chat backend processes your IP address transiently for abuse prevention and rate-limiting. IPs are not stored with your lead record.

d) Analytics (opt-in)

If you consent via our cookie banner, we load Umami, a self-hosted, privacy-friendly analytics script. Umami uses no persistent cookies and does not cross-site track. It records aggregated events like page views, referrer, browser family, and approximate country — none of which identify you personally.

3. Why we process it (legal basis)

  • Consent (Art. 6(1)(a) GDPR) — for analytics via Umami and for follow-up marketing emails where applicable.
  • Legitimate interest (Art. 6(1)(f) GDPR) — for qualifying leads, preparing tailored proposals, protecting the service from abuse, and keeping a record of enquiries.
  • Contract performance (Art. 6(1)(b) GDPR) — for delivering services to clients who engage us.

4. Who we share it with (sub-processors)

We rely on a small number of trusted vendors to run the service. None sell your data.

ProviderRoleLocation
OpenAILLM provider — processes your chat content to generate AI responsesUnited States (Art. 46 SCCs)
VercelWebsite hosting (selfound.com)Global CDN; primary region configurable
HetznerHosting for the AI backend and database (ai.selfound.com)Germany (EU)
UmamiSelf-hosted website analytics (cookie-less)EU
SlackInternal notifications when a new lead is submittedUnited States (SCCs + DPF)

International transfers to the United States are covered by Standard Contractual Clauses (SCCs) where applicable. We do not transfer your data outside this list of processors.

5. How long we keep it

  • Chat transcripts and leads: 24 months from last contact, then deleted — unless you become a paying client, in which case we retain records for the duration of the engagement plus 6 years after its end, as required by UK record-keeping obligations (Companies Act 2006 s.388 and HMRC retention rules).
  • Email correspondence: 24 months from last contact, unless it forms part of a client engagement (then 6 years after engagement ends, per above).
  • Umami analytics: aggregated, not tied to you personally; retained as long as needed for trend analysis.
  • Rate-limit IP counters: in-memory only; cleared on server restart (never persisted).

6. Your rights

Under the UK GDPR and EU GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — ask us to delete your data (subject to legal retention obligations).
  • Restriction — ask us to pause processing while an issue is resolved.
  • Portability — receive your data in a machine-readable format.
  • Object — to processing based on legitimate interest or for direct marketing.
  • Withdraw consent — at any time, for analytics or marketing. You can reset your cookie preference below.
  • Complain — to a supervisory authority (UK: the ICO, ico.org.uk; EU: your local Data Protection Authority).

To exercise any of these rights, email hello@selfound.com. We respond within 30 days.

7. Automated processing

The AI chat uses a large language model (OpenAI GPT-class) to generate responses and route you to relevant services. It does not make decisions with legal or similarly significant effects on you. A human reviews every qualified lead before any commercial follow-up.

8. Cookies and local storage

We use the following on the website:

  • Essential (always on): selfound-consent in local storage — remembers your cookie-banner choice so we don't keep asking.
  • Analytics (opt-in): Umami script from stats.mavlin.com. Umami uses no tracking cookies; it hashes your session for a single day and discards the data after.

To change your choice:

9. Security

Data in transit is encrypted via HTTPS/TLS 1.3. The database is hosted in a private Docker network with no public ingress. Access to production data is restricted to named engineers with role-based authentication. We log access for audit.

10. Children

The service is not directed at children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Changes to this policy

We may update this policy from time to time. Material changes will be announced on this page with a revised "Last updated" date. Continued use of the site after an update means you accept the revised policy.

12. Contact

For any privacy-related question or request, contact us at hello@selfound.com.