Privacy Policy

Last Updated: August 24, 2025

At 42 Decisions Ltd, we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services, particularly as a registered user.

By accessing or using our website and services, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your personal information as described in this Privacy Policy.

1. Information We Collect

We collect personal information that you voluntarily provide to us when you register on the website, express an interest in obtaining information about us or our products and services, when you participate in activities on the website, or otherwise when you contact us.

  • Personal Identifiers: When you register for an account, we collect your **username**, **email address**, and **registration date**.
  • Authentication Data: We store a **hashed version of your password**. Please note that we do not store your actual password in plain text.
  • Usage Data: We may also collect certain information automatically when you visit, use, or navigate the website, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our website, and other technical information. This information is primarily needed to maintain the security and operation of our website, and for our internal analytics and reporting purposes.

2. How We Use Your Information

We use the information we collect or receive:

  • • To **facilitate account creation and login process**. We use your email and hashed password to verify your identity and allow you to log into your account.
  • • To **send you password recovery emails**. In case you forget your password, your email address is used to send you a secure link or code to reset it.
  • • To **manage user accounts**. We may use your information for the purposes of managing our account and keeping it in working order.
  • • To **track user growth and display aggregate statistics**. The registration date is used for internal analytics to understand user acquisition trends and may be used to display the total number of registered users on our website (this will always be an aggregate number and will not identify individual users).
  • • To **send administrative information to you**. We may send you product, service, and new feature information and/or information about changes to our terms, conditions, and policies.
  • • To **protect our Services**. We may use your information as part of our efforts to keep our website safe and secure (e.g., for fraud monitoring and prevention).
  • • To **respond to user inquiries/offer support to users**.

3. Legal Basis for Processing (UK GDPR)

For users within the UK and EU, we process your personal data based on the following lawful bases:

  • Contractual Necessity: The processing of your username, email, and hashed password is necessary for the performance of the contract to which you are a party (i.e., providing you with access to and functionality of your user account).
  • Legitimate Interests: We may process certain data (e.g., usage data, IP addresses for security, and registration date for internal analytics and aggregate display) where it is necessary for our legitimate interests and these interests do not override your fundamental rights and freedoms. Our legitimate interests include ensuring the security of our website, preventing fraud, improving our services, and transparently showcasing our community growth.

4. How We Protect Your Information

We implement a variety of security measures to maintain the safety of your personal information. Your password is **hashed** (converted into an unreadable string) before being stored in our database, meaning we never store your actual password. We use industry-standard practices to protect against unauthorized access, alteration, disclosure, or destruction of your personal data. However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.

5. Data Retention

We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

6. Your Data Protection Rights (UK GDPR)

Under UK GDPR, you have certain rights regarding your personal data. These include:

  • • The right to **access** your personal data.
  • • The right to request **rectification** of inaccurate personal data.
  • • The right to request **erasure** of your personal data (the "right to be forgotten").
  • • The right to request **restriction** of processing of your personal data.
  • • The right to **data portability**.
  • • The right to **object** to the processing of your personal data.
  • • The right to **withdraw consent** at any time (where consent is the legal basis for processing).
  • • The right to **complain to a supervisory authority**, particularly the Information Commissioner's Office (ICO) in the UK.

To exercise any of these rights, please contact us using the details provided in the "Contact Us" section below.

7. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Revised" date and the updated version will be effective as soon as it is accessible. If we make material changes to this Privacy Policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your information.

8. Contact Us

If you have questions or comments about this Privacy Policy, please contact us at:

Email: support@42decisions.co.uk