IdeaSpec

Privacy Policy

Last updated: 29 December 2025

1. Introduction

IdeaSpec is operated by Cliency Ltd, a company registered in England and Wales. We are committed to protecting your privacy and handling your data transparently.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use IdeaSpec (the “Service”).

Data Controller: Cliency Ltd

Contact: hello@ideaspec.co.uk

Website: cliency.co.uk

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, name, and profile information when you create an account
  • Project Data: App ideas, quiz responses, and generated specifications you create using our Service
  • Payment Information: Billing details processed securely through Stripe (we do not store your full card details)
  • Communications: Messages you send to us via email or support channels

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent on the Service
  • Device Information: Browser type, operating system, device type
  • Log Data: IP address, access times, referring URLs
  • Cookies: Essential cookies for authentication and preferences (see Section 6)

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process your transactions and send related information
  • Send you technical notices, updates, and support messages
  • Respond to your comments, questions, and requests
  • Monitor and analyse trends, usage, and activities
  • Detect, investigate, and prevent fraudulent or unauthorized activities
  • Personalise and improve your experience

We do not sell your personal data. We do not use your project data to train AI models unless you explicitly opt-in.

4. Legal Basis for Processing (GDPR)

Under UK and EU data protection law, we process your data based on:

  • Contract: Processing necessary to provide the Service you requested
  • Legitimate Interests: Improving our Service, preventing fraud, ensuring security
  • Consent: Marketing communications (you can withdraw consent anytime)
  • Legal Obligation: Compliance with applicable laws

5. Data Sharing and Disclosure

We may share your information with:

  • Service Providers: Third parties that help us operate the Service (hosting, payment processing, analytics)
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

Our key service providers include:

  • Stripe: Payment processing (USA, EU-US Data Privacy Framework)
  • OpenAI: AI services for generating specifications
  • Vercel: Hosting and infrastructure

6. Cookies

We use cookies and similar technologies to operate and improve our Service:

  • Essential Cookies: Required for authentication and security
  • Preference Cookies: Remember your settings and choices
  • Analytics Cookies: Help us understand how you use the Service

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Service.

7. Data Retention

We retain your personal data for as long as necessary to provide the Service and fulfil the purposes described in this policy. Specifically:

  • Account Data: Retained while your account is active, deleted within 30 days of account deletion
  • Project Data: Retained while your account is active, or as required for legal purposes
  • Payment Records: Retained for 7 years as required by tax laws
  • Analytics Data: Aggregated and anonymised after 26 months

8. Your Rights

Under UK GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data (“right to be forgotten”)
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent for marketing at any time

To exercise these rights, contact us at hello@ideaspec.co.uk. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organisational measures to protect your data:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure authentication and access controls
  • Regular security assessments and monitoring
  • Employee training on data protection

10. International Transfers

Your data may be transferred to and processed in countries outside the UK/EEA. When this happens, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

11. Children's Privacy

The Service is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date. We encourage you to review this policy periodically.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Cliency Ltd

Email: hello@ideaspec.co.uk

Website: cliency.co.uk

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.