Legal

Privacy Policy

Last updated: 11 June 2026 · Applies to ouridea.ai, app.ouridea.ai and all OurIdea.ai products (GTM Launchpad, SIGNAL, abi. Starter, abi. Pro)

OurIdea.ai ("OurIdea", "we", "us", "our") provides AI-powered go-to-market engineering products and services, including GTM Launchpad, the SIGNAL methodology and SIGNAL Academy, and the abi. platform (Starter and Pro). This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and the rights you have over it.

This policy applies wherever you interact with us: our website, our checkout pages, the abi. platform application, SIGNAL Academy, and any emails or support communications.

In short: we collect the minimum data needed to deliver your purchase and run your account, we don't sell your data, we store it securely in the UK/EU, and you can ask us to access, export or delete it at any time by emailing privacy@ouridea.ai.

1. Who we are

OurIdea.ai (trading name of OurIdea Ltd, registered in England and Wales). For data protection purposes, OurIdea Ltd is the "data controller" of the personal data described in this policy.

Company	OurIdea Ltd
Company number	[to be added once incorporation is complete — see note to Adam]
ICO registration	[to be added once registered at ico.org.uk]
Data protection contact	privacy@ouridea.ai

2. What data we collect

2.1 Information you give us directly

Account & contact data: name, email address, company name, role, when you sign up, complete an intake form, or contact support.
Purchase data: product purchased, plan/tier, billing address — processed via Stripe (we do not store your card details, see section 6).
GTM Launchpad & SIGNAL Academy inputs: information you submit about your business, ideal customer profile (ICP), targets, and strategy answers, used to generate your deliverables and personalise the Academy.
Communications: emails, support requests, and any feedback you send us.

2.2 Information we collect automatically

Usage data: pages viewed, features used, login timestamps, device/browser type, and approximate location (from IP address) — collected via our website analytics and within the abi. app.
Cookies: see our Cookie Policy for full detail on what we set and how to control it.

2.3 Information from connected business tools (abi. only)

If you use abi. Starter or Pro and connect a third-party tool (HubSpot, Stripe, Google Analytics 4, or others), we request read-only access to compute your GTM metrics. Specifically:

CRM (HubSpot, Salesforce, Pipedrive): deal records to compute pipeline value, deal count, win/loss ratio, deal velocity and stage distribution. We do not access contact personal data, email threads, notes, or any personal information about your prospects or customers.
Billing (Stripe, Chargebee): subscription records and payment events to compute MRR, ARR, churn, ARPU and CAC payback. We do not access card details, bank information, or full customer records.
Web analytics (Google Analytics 4): aggregated session and conversion data by channel. We do not access individual visitor data, user IDs, or IP addresses from your website visitors.

No raw data storage. When we pull data from your connected tools, we compute the relevant metric, store the resulting number, and discard the raw payload. We do not build or retain a copy of your CRM, billing or analytics data.

3. How we use your data

To create and operate your account and deliver the product(s) you've purchased.
To generate your GTM Launchpad deliverables, SIGNAL Academy progress, and abi. weekly metrics and AI-generated insights.
To send essential service communications (welcome emails, weekly digests, billing receipts, security notices).
With your consent, to send occasional product updates or marketing emails (you can opt out at any time).
To maintain the security, integrity and performance of our systems, including fraud and abuse prevention.
To comply with our legal and tax obligations.

4. AI processing

Your computed metrics and GTM Pack/Academy data may be sent to Anthropic's Claude API to generate weekly insights, recommendations, or course personalisation. We send computed metrics (numbers only), your ICP definition, and your stated targets — never your customers' names, your team's personal data, or any other personally identifiable information. This transmission is covered by Anthropic's standard data processing terms; data is processed in transit and is not retained by Anthropic for model training.

5. Lawful basis for processing (UK GDPR)

Contract performance (Art. 6(1)(b)): processing needed to deliver the product or service you purchased.
Legitimate interests (Art. 6(1)(f)): system security, fraud prevention, service improvement, and aggregated analytics — balanced against your rights and never used for invasive profiling.
Consent (Art. 6(1)(a)): marketing emails and non-essential cookies — you can withdraw consent at any time.
Legal obligation (Art. 6(1)(c)): retaining transaction records for UK tax and accounting law (7 years).

6. Payments

All payments are processed by Stripe. We never see or store your full card number, CVC, or bank details. Stripe acts as an independent controller for payment processing and is certified to PCI-DSS Level 1. See Stripe's Privacy Policy for details.

7. Data retention

Data type	Retention period
Account data (name, email, company)	Duration of your relationship with us, plus 90 days after account closure
Weekly metric snapshots (abi.)	24 months from creation
Monthly aggregate snapshots (abi.)	36 months from creation
AI insight reports (abi.)	24 months from generation
GTM Launchpad / SIGNAL Academy deliverables	Duration of access entitlement, plus 12 months
Email/communication logs	12 months
Integration connection records (OAuth tokens)	Duration of subscription, plus 90 days
Billing & transaction records	7 years (UK statutory requirement)

Data is deleted within 30 days of the relevant retention period expiring, or immediately upon a valid deletion request (subject to our right to retain billing records as required by law).

8. Where your data is stored

Your account and platform data is stored in Supabase (PostgreSQL), hosted in AWS eu-west-2 (London). Your data is held in the UK/EEA for storage purposes, with the following exceptions:

Anthropic (Claude API) — US-based, data processed in transit only, not stored for training.
Nango (OAuth token storage) — EU-region hosting.
Stripe — payment processing, US-based with appropriate Standard Contractual Clauses / UK addendum in place.

9. Sub-processors

We use the following sub-processors to operate our products. A current version of this list is also maintained on our Security & Sub-processors page.

Sub-processor	Purpose	Location	Data shared
Supabase	Database hosting	UK (AWS eu-west-2)	All account & platform data
Anthropic	AI insight & content generation	USA (in transit only)	Computed metrics, ICP/targets — no PII
Nango	OAuth token management	EU	OAuth tokens for connected tools only
Make.com	Workflow automation	EU	Account & metrics data in transit
Resend	Transactional email delivery	EU/USA	Name, email address, email content
Stripe	Payment processing	USA (SCCs/UK IDTA in place)	Billing & payment data (not stored by us)
Netlify	Website & app hosting	Global CDN	Website traffic logs

10. Your rights

Under UK GDPR, you have the right to:

Access — request a copy of all personal data we hold about you (provided as a JSON export within 30 days).
Rectification — ask us to correct inaccurate data within 14 days.
Erasure — ask us to delete your account and associated data (processed within 30 days, subject to statutory retention obligations).
Restriction — ask us to pause processing without deleting your account (e.g. disable an integration via Settings → Integrations).
Portability — receive your data in a machine-readable format.
Object — object to processing based on legitimate interests, or withdraw consent for marketing at any time.
Complain — lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have mishandled your data.

To exercise any of these rights, email privacy@ouridea.ai with the relevant subject line (e.g. "Data Access Request" or "Deletion Request"). We will respond within 30 days.

11. Children's privacy

Our products are intended for business use by adults (18+) acting on behalf of their organisation. We do not knowingly collect personal data from children.

12. Changes to this policy

We may update this policy from time to time to reflect changes in our practices or legal requirements. Material changes will be notified by email or via an in-app notice. The "last updated" date at the top of this page reflects the most recent revision.

13. Contact us

For any questions about this policy or how we handle your data, contact privacy@ouridea.ai or adam@ouridea.ai.