Privacy Policy

1. Who We Are

Sweet Spot is operated by Sweet Spot Consulting Ltd, a UK-based company providing AI-driven audience intelligence and trend analysis tools to businesses and individuals.

We are the "data controller" under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What Personal Data We Collect

We collect and process the following personal data when you use our services:

• Email address – for account creation, login, and communications
• Username – to identify your user account
• Usage data – including your use of search and report credits, login activity, and support requests
• Payment details – managed securely by our third-party payment processor (we do not store card numbers)
• Subscription data – including billing cycle, plan type, and transaction history
• Communication records – if you contact us via email or other channels

We do not collect sensitive categories of personal data (e.g., health, biometric data).

3. Lawful Basis for Processing

We only process your personal data where we have a legal basis to do so. This includes:

• Contractual necessity – to deliver services you subscribe to
• Legitimate interests – such as improving our platform, securing our services, and providing support
• Consent – for specific communications or marketing (where applicable)
• Legal obligation – where required to comply with tax, fraud, or other legal requirements

4. How We Use Your Data

We use your personal data to:

• Provide access to the Sweet Spot platform
• Manage subscriptions and credit usage
• Communicate with you about updates, features, or issues
• Send you invoices, receipts, and payment reminders
• Respond to support queries or data rights requests
• Improve platform performance and user experience

We do not sell your personal data to third parties.

5. Data Retention

We retain your personal data:

• For as long as your account is active
• For up to 6 years after account closure, to comply with UK tax and accounting rules
• Shorter periods where legally required or requested for deletion

Anonymised data may be retained indefinitely for analytical purposes.

6. Your Rights Under UK GDPR

You have the following rights under UK data protection law:

• Right of access – to request a copy of the data we hold about you
• Right to rectification – to correct inaccurate or incomplete data
• Right to erasure – to request deletion of your data ("right to be forgotten")
• Right to restrict processing – to limit how we use your data
• Right to data portability – to receive your data in a commonly used format
• Right to object – to processing based on legitimate interests
• Right to lodge a complaint – with the Information Commissioner's Office (ICO)

You can exercise these rights by contacting: [email protected]

7. Data Security

We take appropriate technical and organisational measures to protect your data, including:

• Encryption of data in transit and at rest
• Access controls and password protection
• Secure third-party payment processing (PCI DSS-compliant)
• Regular backups and disaster recovery systems
• Limited access to data only by authorised personnel

8. Third-Party Services

We may share your data with trusted service providers to help deliver our services, including:

• Payment processors (e.g. Stripe)
• Cloud hosting providers
• Analytics tools to improve performance

These providers are contractually bound to process your data securely and only as instructed by us.

9. International Transfers

Your data may be stored or processed outside the UK, including in countries with different data protection laws. In such cases, we use legally recognised mechanisms such as Standard Contractual Clauses or ensure that providers are part of an approved framework (e.g., UK-US Data Bridge) to safeguard your data.

10. Changes to This Privacy Policy

We may update this policy periodically. Any material changes will be communicated to you via email or our platform. You can always view the latest version on this page, with the updated revision date at the top.

11. Contact Us

For any privacy-related questions or to exercise your rights, please contact:

📧 [email protected]

If you are not satisfied with our response, you may contact the Information Commissioner's Office (ICO) at: www.ico.org.uk