Privacy Policy

1) Who we are (Data Controller)

This policy applies to the Rocketeer Platform, related websites, and services provided to customers and users (“you”). It is written for UK GDPR and the Data Protection Act 2018. If you are in the EEA, we apply equivalent EU GDPR standards and safeguards.

2) Scope

This policy covers personal data processed when you browse our sites, create an account, use the Rocketeer Platform (including our AI-driven features), receive emails from us, or contact support.

3) Information we collect

• Account & identity data: name, email address, password (hashed), company details and roles (e.g., owner, navigator).
• Business/Platform data: inputs and reports you provide such as BEN (Business Enterprise Numbers), BEV (Business Enterprise Value) metrics, Avatars/tiers, GAPs (Growth Action Points), success ratios, financial inputs (e.g., revenue, COGS, gross profit), and other configuration and usage data needed to generate insights.
• Communications: messages to support, feedback forms, contact requests.
• Billing: invoicing details and payment status (card data handled by PCI‑compliant processors; we do not store your full card details).
• Device/usage data: IP address, device and browser type, session metadata, activity logs, security event logs.
• Cookies & similar technologies: identifiers and telemetry used for sign‑in, security, preferences, analytics, and performance (see “Cookies” below).

4) Lawful bases for processing

• Contract: to create and operate your account and provide the Platform features you request.
• Legitimate interests: to secure and improve the Platform, measure performance, prevent fraud/abuse, and provide relevant in‑product guidance.
• Consent: for non‑essential cookies/analytics and for promotional emails where required by law (you can withdraw consent at any time).
• Legal obligation: to meet compliance, tax, and regulatory requirements.

5) AI-assisted features (RAI) and Data Sovereignty

The Platform provides AI-assisted features (RAI) that generate suggestions, action items, and strategic outputs based on the Customer Data you input.

The Walled Garden Guarantee: We guarantee that Customer Data submitted to the Platform will not be used to train underlying public or open-source foundational AI models (such as the public versions of ChatGPT). Your data is strictly partitioned and used solely to process your specific inputs and deliver your Services.

We may use third-party enterprise AI models via secure APIs (acting as data processors) to deliver these features, bound by strict confidentiality and zero-retention agreements.

While RAI is designed using our proprietary business logic, AI outputs may occasionally be inaccurate, incomplete, or inappropriate for your specific operational context. You must independently review, verify, and approve all AI-generated outputs before executing them in your business.

You remain solely responsible for the outcomes of any decisions made based on Platform outputs and for ensuring you have a lawful basis to upload any data into the Platform.

6) Emails & communications

6.1 Transactional emails

We send essential service emails (e.g., account confirmations, password resets, login codes, billing notices, system alerts). These are delivered securely via Amazon Web Services Simple Email Service (AWS SES) or an equivalent reputable email delivery provider. Because they are necessary to operate your account, you cannot opt out of transactional emails.

6.2 Promotional emails

We send newsletters, feature announcements, and offers via Mailchimp. You can opt out at any time using the unsubscribe link in any promotional email or by contacting us. Where applicable (e.g., the UK’s PECR “soft opt‑in”), we may send marketing to existing customers about similar services; you will always have an easy way to opt out.

7) Sharing your information

We do not sell personal data. We share data only with:

• Service providers (processors): cloud hosting, email delivery (AWS SES or equivalent), analytics, error monitoring, payment processing, and customer support tools—bound by contracts and confidentiality obligations.
• Legal/Compliance: where required by law, regulation, or to protect rights, safety, or the integrity of our services.
• Business transfers: if we undergo a merger, acquisition, or asset sale, your data may transfer under equivalent protections.

8) Security

• Transport encryption (HTTPS/TLS) for data in transit.
• Vulnerability management and regular backups.

9) Data retention

• Account & platform data: retained while your account is active; upon closure, we generally retain core records for up to 6 years to meet tax/legal obligations, then delete or anonymise.
• Logs & telemetry: typically retained for 12–24 months, shorter where feasible.
• Support communications: typically retained for up to 24 months after resolution.
• Marketing preferences: suppression lists retained indefinitely to respect your opt‑out.

Retention periods may vary where laws require longer or shorter retention.

10) International transfers

Your data may be processed outside the UK/EEA. Where we transfer data internationally, we use appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) and/or EU Standard Contractual Clauses (SCCs), plus supplementary measures where necessary.

11) Cookies & similar technologies

We use necessary cookies for login, security (e.g., bot protection), load‑balancing, and user preferences. With your consent, we may use analytics cookies to measure usage and improve features.

• Strictly necessary: required for core functionality and security.
• Preferences: remember your settings.
• Analytics (consent‑based): help us understand feature use and performance.

You can manage cookies through your browser and (where provided) our cookie banner or settings page. Blocking some cookies may affect site functionality.

12) Your rights

Subject to conditions and exemptions under UK/EU law, you may have the right to:

• Access your personal data;
• Rectify inaccurate or incomplete data;
• Erase data (right to be forgotten);
• Restrict or object to processing (including objection to marketing);
• Data portability;
• Not be subject to decisions based solely on automated processing that produce legal or similarly significant effects.

To exercise these rights, contact us at [email protected]. We will respond within statutory timeframes. You also have the right to complain to the UK Information Commissioner’s Office (ICO).

13) Children’s privacy

Our services are not directed to children under 18, and we do not knowingly collect personal data from children.

14) Changes to this policy

We may update this policy from time to time. We will post the latest version here and, where appropriate, notify you via the Platform or email. The “Effective date” above shows when this version took effect.