Privacy Policy

Last updated: January 2025

1. Who We Are

IMsolver Ltd is a UK-registered company (England and Wales) providing AI-powered software tools and platforms. Our registered office is in Birmingham, United Kingdom.

Data Controller: IMsolver Ltd
Contact: privacy@imsolver.co.uk
DPO Contact: dpo@imsolver.co.uk

2. What Data We Collect

We collect only the data necessary to provide our services:

Account Information

• Email address (for authentication and communication)
• Display name (optional, for personalization)
• Profile photo (optional, via Google Sign-In)
• Account creation date and last login timestamp

Usage Data

• AI conversation history (stored in your account for your reference)
• Files you upload (processed and stored securely)
• Feature usage patterns (to improve our services)
• Device type, browser, and operating system (for compatibility)

Payment Information

• Billing name and email (processed by Stripe)
• Payment card details (never stored by us - handled by Stripe)
• Transaction history and subscription status

Technical Data

• IP address (for security and fraud prevention)
• Cookies and local storage (for authentication and preferences)
• Error logs and performance metrics (to maintain service quality)

3. How We Use Your Data

We process your data for these lawful purposes:

• Service Delivery: To provide, maintain, and improve our AI tools (contractual necessity)
• Account Management: To authenticate you and manage your subscription (contractual necessity)
• Payment Processing: To handle billing and prevent fraud (contractual necessity and legal obligation)
• Communication: To send service updates, security alerts, and support responses (legitimate interest)
• Legal Compliance: To comply with UK tax, accounting, and data protection laws (legal obligation)
• Product Improvement: To analyze usage patterns and enhance features (legitimate interest, with your consent where required)

4. Legal Basis for Processing

Under UK GDPR, we process your data based on:

• Contract: Processing necessary to provide services you've subscribed to
• Consent: Where you've explicitly agreed (e.g., marketing emails - opt-in only)
• Legitimate Interest: For service improvement and security, balanced against your rights
• Legal Obligation: To comply with UK laws (tax, accounting, data retention)

5. Data Sharing and Third Parties

We share data only when necessary:

Service Providers

• Google Firebase: Hosting, authentication, and database (Google Cloud Platform - UK/EU servers)
• Stripe: Payment processing (PCI DSS Level 1 certified)
• Google AI: AI model processing (Gemini API - data not used for training)

Legal Requirements

We may disclose data if required by UK law, court order, or to protect our legal rights.

We Never

• Sell your personal data to third parties
• Use your data for advertising or marketing without consent
• Share your conversations or files with anyone except as required by law

6. International Data Transfers

Your data is primarily stored in UK/EU data centers (Google Cloud). Where data is transferred outside the UK/EEA (e.g., to Google's US servers), we ensure adequate safeguards through:

• Standard Contractual Clauses (SCCs) approved by the UK ICO
• Adequacy decisions where applicable
• Encryption in transit and at rest

7. Data Retention

We retain your data for as long as necessary:

• Active Accounts: Data retained while your account is active
• Deleted Accounts: Personal data deleted within 30 days (except where legally required to retain)
• Financial Records: Retained for 7 years (UK tax law requirement)
• Backups: Deleted data may persist in backups for up to 90 days

8. Your Rights Under UK GDPR

You have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

To exercise these rights, email privacy@imsolver.co.uk. We'll respond within 30 days.

9. Security Measures

We protect your data using:

• End-to-end encryption for data in transit (TLS 1.3)
• Encryption at rest for stored data (AES-256)
• Multi-factor authentication for admin access
• Regular security audits and penetration testing
• Automated backup and disaster recovery systems
• Access controls and audit logs

10. Cookies and Tracking

We use cookies for:

• Essential Cookies: Authentication and security (cannot be disabled)
• Functional Cookies: Remember your preferences (theme, language)
• Analytics Cookies: Understand how you use our services (with consent)

You can manage cookies in your browser settings. Disabling essential cookies may affect functionality.

11. Children's Privacy

Our services are not intended for children under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us immediately at privacy@imsolver.co.uk.

12. Changes to This Policy

We may update this policy to reflect legal or service changes. Material changes will be notified via email or prominent notice on our website. Continued use after changes constitutes acceptance.

13. Complaints and Regulatory Authority

If you're unhappy with how we handle your data, contact us first at privacy@imsolver.co.uk. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

ICO: ico.org.uk
Phone: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

14. Contact Us

For privacy questions or to exercise your rights:

Email: privacy@imsolver.co.uk
Data Protection Officer: dpo@imsolver.co.uk
General Inquiries: hello@imsolver.co.uk