Privacy Policy

This policy explains what personal data myugcstudio (“we”, “us”) collects when you use our website at myugcstudio.app (and myugcstudio.co.uk), why we collect it, how long we keep it, and your rights under the UK GDPR and Data Protection Act 2018.

1. Who we are

The data controller is Danielle Sparkle (sole trader), trading as myugcstudio. Contact: hello@myugcstudio.co.uk. If you live in the UK or EU, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

2. What data we collect

• Account data - email, first/last name, password (hashed), avatar URL, and the invite code you used.
• Profile & app data - content items, scripts, outreach pitches, tasks, email templates, calendar entries, and notes you save in the app.
• Subscription & billing data - plan, status, trial dates, and Stripe customer/subscription IDs. We never see or store your card number.
• Email engagement - whether emails we sent were delivered, opened, bounced, or unsubscribed.
• Waitlist - your email address and how you arrived (e.g. landing page).
• Technical data - IP address, browser type, and access logs created by our hosting provider for security and abuse prevention.

3. Why we use it (and the legal basis)

• Provide the service - to give you access, save your work, and run features you ask for. Basis: performance of a contract.
• Account & service emails - sign-up confirmations, password resets, important updates. Basis: performance of a contract.
• Billing - process payments via Stripe, send receipts, handle refunds. Basis: contract and legal obligation.
• Marketing & waitlist updates - when you join the waitlist or opt in. Basis: consent. You can unsubscribe at any time using the link in any marketing email.
• Security & abuse prevention - rate-limiting, detecting fraud, debugging. Basis: legitimate interests.

4. Who we share it with (sub-processors)

We use a small number of trusted providers. Each one only receives the data they need to do their job:

• Lovable Cloud (Supabase) - database, authentication, file storage and email queue. Hosted in the EU.
• Stripe - payments and billing. Stripe is the controller of card details. Hosted in the US/EU.
• Google - optional sign-in with Google. Hosted in the US/EU.
• Email delivery provider (via Lovable Cloud) - delivers transactional and marketing emails.

Where data is transferred outside the UK/EU, we rely on Standard Contractual Clauses or equivalent safeguards. We do not sell your personal data.

5. How long we keep it

• Active accounts - for as long as your account is open.
• Closed accounts - most data is deleted immediately when you delete your account. Stripe billing records may be retained for up to 7 years where required by law (UK accounting rules).
• Waitlist - up to 12 months after launch, or until you unsubscribe - whichever comes first.
• Email logs - up to 12 months for deliverability and abuse prevention.

6. Your rights

Under UK GDPR you have the right to:

• access a copy of your personal data;
• correct data that's wrong or incomplete;
• delete your data (the “right to be forgotten”);
• restrict or object to certain processing;
• port your data to another service;
• withdraw consent at any time.

You can export or delete all your data directly from your Profile settings. Or email hello@myugcstudio.co.uk and we'll respond within 30 days.

7. Security

We use HTTPS everywhere, encrypted databases, hashed passwords, row-level security, and least-privilege access for our team. No system is 100% secure - if we ever discover a breach affecting your data, we will notify the ICO within 72 hours and tell you directly if your rights are at risk.

8. Children

myugcstudio is not intended for anyone under 16. We do not knowingly collect data from children.

9. Cookies & analytics

See our Cookie Policy for details on what we use.

10. Changes to this policy

If we make material changes we'll update the “last updated” date and, if the change is significant, email you at the address linked to your account.