Back to home

Privacy Policy

Last updated: December 2024

CIC Tools is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your personal information when you use our platform.

1. Who We Are

CIC Tools is a software platform helping UK Community Interest Companies manage compliance and governance. For the purposes of data protection law, we are the data controller for personal information collected through our platform.

  • Contact: support@cictools.co.uk
  • Website: www.cictools.co.uk

2. Information We Collect

Information you provide:

  • Account information: Name, email address, password
  • Organisation details: CIC name, company number, registered address, activities
  • Contact information: Phone number, WhatsApp number (if provided)
  • Payment information: Processed securely by Stripe (we don't store card details)
  • Content you create: Policies, evidence logs, survey responses, meeting minutes
  • Communications: Support requests, feedback, emails

Information collected automatically:

  • Usage data: Pages visited, features used, actions taken
  • Device information: Browser type, operating system, device type
  • Log data: IP address, access times, referring pages
  • Cookies: Essential cookies for authentication and preferences

Information from third parties:

  • Companies House: Publicly available company information to verify your CIC
  • Google OAuth: Name and email if you sign in with Google

3. How We Use Your Information

We use your information to:

  • Provide and maintain our services
  • Process your subscription and payments
  • Send important account notifications and compliance reminders
  • Generate AI-powered content (policies, grant applications, guidance)
  • Improve and develop new features
  • Respond to your support requests
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

4. Legal Basis for Processing

Under UK GDPR, we process your data based on:

  • Contract: To provide services you've subscribed to
  • Legitimate interests: To improve our services and prevent fraud
  • Legal obligation: To comply with laws and regulations
  • Consent: For optional marketing communications (you can opt out anytime)

5. Data Sharing

We do not sell your personal information. We share data only with:

  • Service providers: Who help us operate our platform (see section 6)
  • Legal requirements: When required by law or to protect our rights
  • Business transfers: In the event of a merger or acquisition (with notice)

6. Third-Party Services

We use the following service providers:

ServicePurposeLocation
SupabaseDatabase and authenticationEU (Frankfurt)
VercelWebsite hostingGlobal CDN
StripePayment processingEU/US
OpenAIAI content generationUS
ResendEmail deliveryEU
Companies HouseCompany verificationUK

Where data is transferred outside the UK, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses or adequacy decisions).

7. Data Retention

We retain your data for as long as necessary to:

  • Active accounts: Data is retained while your account is active
  • After cancellation: We retain data for 90 days to allow reactivation
  • Deleted accounts: Most data is deleted within 30 days of account deletion
  • Legal requirements: Some data may be retained longer for legal or tax purposes
  • Backups: Removed from backups within 90 days

8. Your Rights

Under UK GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Where processing is based on consent

To exercise these rights, contact us at support@cictools.co.uk. We will respond within 30 days.

9. Cookies

We use essential cookies to:

  • Keep you signed in to your account
  • Remember your preferences
  • Ensure security and prevent fraud

We do not use advertising or tracking cookies. You can manage cookies through your browser settings, but disabling essential cookies may affect platform functionality.

10. Security

We protect your data through:

  • Encryption in transit (HTTPS/TLS) and at rest
  • Secure authentication with password hashing
  • Regular security updates and monitoring
  • Access controls and audit logging
  • Secure, reputable infrastructure providers

While we implement strong security measures, no system is completely secure. Please keep your login credentials confidential.

11. Children's Privacy

CIC Tools is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via email or through the platform. The "Last updated" date at the top indicates when changes were made.

13. Complaints

If you have concerns about how we handle your data, please contact us first at support@cictools.co.uk.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: ico.org.uk
  • Phone: 0303 123 1113

14. Contact Us

For any privacy-related questions or requests:

  • Email: support@cictools.co.uk
  • Website: www.cictools.co.uk