Privacy Policy
Last updated: 14 June 2026
Who we are
Incognito Fire & Security Professional ("we", "us") is the data controller for personal data processed through this service. This policy explains what we collect, why, how long we keep it, and your rights under the UK GDPR and the Data Protection Act 2018. Contact: support@incognitofiresecurity.com.
Data processing summary
| What we collect | Why (lawful basis) | Retention |
|---|---|---|
| Account: email, name, company | Provide the service (contract) | Until account deletion |
| Authentication data (session tokens) | Keep you signed in (contract) | Session lifetime |
| Billing: Stripe customer/subscription IDs, status | Manage subscription (contract / legal obligation) | Account life + statutory accounting period |
| AI queries you submit & usage counts | Provide answers; enforce fair-use limits (contract / legitimate interests) | Usage counts: rolling; query content not stored except as below |
| High-risk query logs (category + short excerpt) | Safety & quality record (legitimate interests / safety) | [Retention period to be set] e.g. 24 months |
| Technical logs (IP, timestamps) | Security, abuse prevention (legitimate interests) | Short-term |
Card details are handled directly by Stripe; we never see or store full card numbers.
Processors we use
- Supabase — authentication, database, hosting of your account data.
- Anthropic — processes the text of your assistant queries to generate answers.
- Stripe — payment processing and subscription management.
- Vercel — application hosting and delivery.
Some processors operate outside the UK/EEA; where they do, transfers are safeguarded by appropriate mechanisms (e.g. UK IDTA / Standard Contractual Clauses).
Your rights
You have the right to access, rectify, erase, restrict, port, and object to processing of your personal data. You can delete your account and all associated data at any time from Account settings, or by emailing us. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.
Security
Access to your data is protected by authentication and database row-level security. Secrets are held server-side only. No system is perfectly secure, but we take reasonable technical and organisational measures to protect your data.