LodestarDECISION WORKBENCH
§ POLICY

Privacy Policy

This policy explains how GORDON FOLEY CONSULTING LTD handles personal data when you use the Lodestar workbench, including your workspace inputs and generated results.

Last updated: 14 July 2026

01Who is responsible for your data

GORDON FOLEY CONSULTING LTD ("we", "us", "Lodestar") is the data controller for personal data processed through gorfolcon.shop. Our registered office is 82 West Nile Street, G1 2QH, Scotland.

You can reach us about privacy at support@gorfolcon.shop or +44 7414711807. If you are in the UK or EU, you have the right to lodge a complaint with a supervisory authority (in the UK, the Information Commissioner's Office at ico.org.uk); we ask that you contact us first so we can help.

02What we collect

  • Account data: the email address and any name you provide when you subscribe or contact us.
  • Workspace inputs: the business problem, constraints, current-state notes, goals and any text or reference material you enter to generate a plan.
  • Generated results: the action plans, diagrams, reels and Playbooks produced from your inputs.
  • Support and lead data: messages you send through the contact form, the workspace "send brief" form, email or phone.
  • Billing data: subscription status and billing metadata. Card payments are handled by Stripe; we never receive or store your full card number.
  • Technical data: IP address, device and browser type, and basic usage events needed to operate and secure the service.

03Collection sources

We collect personal data from the following collection sources: (1) directly from you — the user input you type into the workspace (the business problem, constraints, current-state notes and goals), forms you complete, and messages you send by email or phone; (2) automatically — technical data collected by our hosting and security infrastructure when you use the site; and (3) from our payment processor, Stripe, which provides billing and subscription status. We do not buy personal data from third-party data brokers.

04Why we use it and our legal bases

  • To provide the service — generating plans, diagrams, reels and exports from your inputs (legal basis: performance of a contract).
  • To operate your subscription and process payments through Stripe (contract; legal obligation for tax and accounting records).
  • To respond to support requests and follow up on briefs you send us (legitimate interests; consent where you request follow-up).
  • To secure, maintain and improve the service and prevent abuse (legitimate interests).
  • To send service and, where you have opted in, occasional product messages (consent; legitimate interests). You can opt out at any time.

05AI data handling: your user input, generated results and uploads

User input: the text you type as user input into the workspace (your business problem, constraints, current-state notes and goals) is processed to generate your plan, diagrams, reel and exports. Any files or example data you upload as reference are processed for the same purpose only.

Generated results: the plans, diagrams, reels and Playbooks produced from your user input are stored so you can review, download and return to them.

We do not sell your user input or generated results, and we do not use your user input, uploads or generated results to train AI models. Where an AI provider is used to generate content, your user input is sent to that provider solely to return your result, under a data-processing agreement that requires it to protect your data and not to train on it.

Retention and deletion: by default, user input, uploaded files and generated results are retained for up to 30 days to support regeneration and support requests, after which they are deleted or anonymised, unless you have saved them to your account or we must keep them to meet a legal obligation. You can ask us to delete your workspace content sooner at any time.

06Who we share it with

  • Hosting and delivery: our cloud hosting and content-delivery provider, which runs the site and serves generated files.
  • Payments: Stripe, which processes subscription payments and handles card data under its own privacy terms.
  • Database and storage: our managed database and storage provider, which stores account, lead and workspace data.
  • AI processing: where configured, an AI provider that generates plan content from your inputs, under a data-processing agreement.
  • Email and support tooling used to reply to you.
  • Professional advisers, and authorities where we are legally required to disclose. We do not sell your personal data.

07International transfers

We are based in the United Kingdom. Some processors may store or process data outside the UK/EEA. Where that happens, we rely on appropriate safeguards such as UK International Data Transfer Agreements, EU Standard Contractual Clauses, or an adequacy decision, so your data receives an equivalent level of protection.

08How long we keep it

  • Workspace inputs and generated results: up to 30 days by default, unless saved to your account or required for a legal obligation.
  • Account data: for the life of your account and a reasonable period afterwards.
  • Billing and tax records: as required by law (generally up to 6 years).
  • Support and lead records: typically up to 24 months from last contact.

09Your rights (UK GDPR, EU GDPR and CCPA)

Depending on where you live, you have rights to access, correct, delete, restrict or object to processing, to data portability, and to withdraw consent. To exercise any right, email us and we will respond within the timeframe required by law.

  • Access, correction and deletion of your personal data.
  • Restriction of, or objection to, certain processing.
  • Portability of data you provided to us.
  • Withdrawal of consent at any time, without affecting prior processing.
  • For California residents: the right to know, delete and correct, and to non-discrimination for exercising your rights.

10Do Not Sell or Share

We do not sell your personal information, and we do not share it for cross-context behavioural advertising, as those terms are defined under the CCPA/CPRA. You do not need to do anything to opt out of a sale, because none takes place. If this ever changes, we will update this policy and provide a clear opt-out.

11Cookies and analytics

We use strictly necessary cookies to run the site and keep you signed in, and limited privacy-respecting analytics to understand usage and improve the service. See our Cookie Policy for details and choices.

12Automated decisions and children

Lodestar generates suggestions and drafts, but it does not make legally or similarly significant decisions about you automatically; you decide whether to act on its output.

The service is not for children. It may not be used by anyone under 13. Users aged 13–17 may use it only with the consent and supervision of a parent or guardian. We do not knowingly collect data from children under 13; if you believe a child has provided us data, contact us and we will delete it.

13Security

We use encryption in transit, access controls, and reputable infrastructure providers to protect your data. No system is perfectly secure, but we work to protect your information and will notify you and any regulator of a qualifying breach as required by law.

14Changes and contact

We may update this policy from time to time and will change the "last updated" date above. For any privacy request or question, contact GORDON FOLEY CONSULTING LTD at support@gorfolcon.shop or +44 7414711807.

GORDON FOLEY CONSULTING LTD

82 West Nile Street, G1 2QH, Scotland

support@gorfolcon.shop · +44 7414711807

Questions about this policy? Contact us. Governing law: England and Wales.