1. Introduction
This Privacy Policy explains how Runivox LTD ("we", "us", or "our"), operating the PromptHelm platform and website at prompthelm.app, collects, uses, stores, and protects your personal data.
We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).
Please read this Privacy Policy carefully. By accessing or using our website, you acknowledge that you have read this policy. For information specifically about how we use cookies, please see our Cookie Policy.
2. Data Controller
The data controller responsible for your personal data is:
Company: Runivox LTD
Company Number: 16980284
Registered Office: 20 Wenlock Road, London, England, N1 7GU
Country: United Kingdom
Email: [email protected]
3. What Personal Data We Collect
We collect and process the following categories of personal data:
Data You Provide Directly
| Category | Data | When Collected |
|---|---|---|
| Contact & Identity | Email address | Waitlist sign-up, contact forms |
| Account | Name, email, password (hashed) | Account registration (when platform launches) |
| Communications | Message content, email address | When you contact us via email |
Data Collected Automatically
| Category | Data | Legal Basis |
|---|---|---|
| Technical | IP address (anonymised), browser type, operating system, device type | Legitimate Interest |
| Usage | Pages visited, time on site, referral source | Consent (via cookies) |
| Cookie Data | Cookie consent preference | Legitimate Interest |
4. How We Use Your Personal Data
We use your personal data for the following purposes:
Waitlist Management
To manage your place on the waitlist and notify you when PromptHelm launches.
Legal basis: Consent (Article 6(1)(a) UK GDPR)
Service Provision
To provide, maintain, and improve the PromptHelm platform when it becomes available.
Legal basis: Contract performance (Article 6(1)(b) UK GDPR)
Communication
To respond to your enquiries, support requests, or feedback.
Legal basis: Legitimate Interest (Article 6(1)(f) UK GDPR)
Analytics & Improvement
To understand how visitors use our website and to improve its content and functionality.
Legal basis: Consent (Article 6(1)(a) UK GDPR) — only with your cookie consent
Security & Technical Operations
To ensure the security, integrity, and proper functioning of our website and infrastructure.
Legal basis: Legitimate Interest (Article 6(1)(f) UK GDPR)
Legal Compliance
To comply with legal obligations, enforce our terms, and protect our rights.
Legal basis: Legal obligation (Article 6(1)(c) UK GDPR)
5. Legal Bases for Processing
We only process your personal data when we have a lawful basis to do so under the UK GDPR. The legal bases we rely on are:
- Consent (Article 6(1)(a)): You have given clear consent for us to process your personal data for a specific purpose (e.g., joining the waitlist, analytics cookies).
- Contract (Article 6(1)(b)): Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
- Legal Obligation (Article 6(1)(c)): Processing is necessary to comply with a legal obligation to which we are subject.
- Legitimate Interest (Article 6(1)(f)): Processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights. Our legitimate interests include website security, fraud prevention, and improving our services.
6. Who We Share Your Data With
We do not sell, rent, or trade your personal data. We may share your data with the following categories of recipients only as necessary:
Service Providers
Third-party providers that help us operate our website and services, including hosting providers, email delivery services, and analytics providers (Google Analytics 4). These providers act as data processors under Data Processing Agreements.
Legal & Regulatory
Law enforcement agencies, regulatory authorities, or other third parties where required by law or to protect our legal rights.
Business Transfers
In the event of a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you of any such change.
7. International Data Transfers
Some of our service providers are based outside the United Kingdom. Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place, including:
- The UK International Data Transfer Agreement (IDTA)
- The UK Addendum to the EU Standard Contractual Clauses
- Transfers to countries with an adequacy decision from the UK Secretary of State
Supplementary safeguards such as encryption, access controls, and regular security assessments are also applied to ensure your data is adequately protected.
8. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specific retention periods are:
| Data Type | Retention Period | After Expiry |
|---|---|---|
| Waitlist email address | Until platform launch + 6 months, or until you unsubscribe | Permanently deleted |
| Account data | Duration of account + 12 months after deletion | Permanently deleted |
| Cookie consent preference | 12 months | Re-consent requested |
| Analytics data | 24 months (Google Analytics) | Automatically deleted by Google |
| Communication records | 24 months from last correspondence | Permanently deleted |
When personal data is no longer required, it is securely deleted or anonymised so that it can no longer be associated with you.
9. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:
- Encryption of data in transit (TLS/SSL) and at rest
- Access controls and authentication mechanisms
- Regular security assessments and vulnerability testing
- Secure hosting infrastructure with reputable providers
- Staff awareness and data protection training
While we take all reasonable steps to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
10. Your Rights
Under the UK GDPR and the Data Protection Act 2018, you have the following rights:
- Right to be informed — to know how your personal data is being used (this Privacy Policy)
- Right of access — to request a copy of the personal data we hold about you
- Right to rectification — to request correction of inaccurate or incomplete data
- Right to erasure — to request deletion of your personal data where there is no compelling reason to continue processing it
- Right to restrict processing — to request that we limit how we use your data
- Right to data portability — to receive your data in a structured, commonly used, and machine-readable format
- Right to object — to object to processing based on legitimate interests or for direct marketing purposes
- Right to withdraw consent — to withdraw consent at any time where we rely on consent as the legal basis. Withdrawal does not affect the lawfulness of prior processing.
- Rights related to automated decision-making — to not be subject to decisions based solely on automated processing that produce legal or significant effects
How to Exercise Your Rights
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one calendar month. In complex cases, this may be extended by a further two months, in which case we will inform you of the extension and reason.
We may ask you to verify your identity before processing your request. There is no fee for exercising your rights, unless requests are manifestly unfounded or excessive.
11. Automated Decision-Making and Profiling
We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects. No decisions about you are made solely by automated means.
12. Children's Privacy
Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly. If you believe we may have collected data from a child, please contact us at [email protected].
13. Third-Party Links
Our website may contain links to third-party websites, services, or social media platforms. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party websites you visit.
14. Cookies
We use cookies and similar technologies on our website. For detailed information about the types of cookies we use, their purposes, durations, and how to manage your preferences, please refer to our Cookie Policy.
15. Complaints
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the UK supervisory authority:
Information Commissioner's Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
We would appreciate the opportunity to address your concerns before you contact the ICO, so please reach out to us first at [email protected].
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Any changes will be posted on this page with an updated "Last updated" date and version number.
If we make material changes that significantly affect how we process your personal data, we will notify you through a prominent notice on our website and, where appropriate, request your consent again.
17. Contact Us
If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your personal data, please contact us:
Data Controller: Runivox LTD
Company Number: 16980284
Registered Office: 20 Wenlock Road, London, England, N1 7GU
Country: United Kingdom
Email: [email protected]
Website: runivoxlabs.com