51Folds Logo
Pricing
Get Started for free
PricingGet Started for free
LEGAL

Privacy Policy

Our commitment to protecting your privacy and personal information

1. Introduction

This Privacy Policy explains how 51Folds.AI LIMITED ("we", "our", or "us") collects, uses, stores, and protects your personal data when you use our website and services. We are committed to safeguarding your privacy and ensuring compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Company Information

51Folds.AI LIMITED is the data controller for the purposes of UK GDPR, meaning we determine the purposes and means of processing your personal data.

Legal Name: 51Folds.AI LIMITED
Registered Address: Unit B1/B2 Knights Park, Knight Road, Rochester, Kent, ME2 2LS, United Kingdom
Contact Email: [email protected]
ICO Registration: We are registered with the Information Commissioner's Office.

3. Data We Collect

We may collect and process the following categories of personal data:

Account Data

  • First name
  • Email address

Transaction Data

  • Purchase amounts, dates, and confirmation details (for accounting and service delivery purposes)
  • We do not receive or store payment card details. All card processing is handled securely by our payment processor, Stripe.

Analytics Data (with consent)

  • Web analytics data collected via Google Analytics, only if you opt in via our cookie banner

Under UK GDPR, we must have a valid legal basis for processing your personal data. We rely on the following bases listed in the format stipulated below:

Processing Activity -> Legal Basis

Account creation and management -> Contract performance Service delivery and analytical outputs -> Contract performance Service-related communications -> Contract performance Transaction processing and records -> Contract performance Marketing emails -> Consent (opt-in required) Analytics and cookies -> Consent (via cookie banner) Security and fraud prevention -> Legitimate interests Service improvement -> Legitimate interests Legal compliance -> Legal obligation

Legitimate Interests: Where we rely on legitimate interests, we have assessed that our interests do not override your fundamental rights and freedoms. Our legitimate interests include maintaining the security of our Services, preventing fraud, and improving our platform.

5. Use of Cookies and Analytics

We use cookies and similar technologies on our website. Our use of cookies falls into the following categories:

  • Strictly necessary cookies: Required for the operation of our website (e.g., authentication, security). These do not require consent.
  • Analytics cookies: We use Google Analytics to understand how users interact with our website. These cookies are only activated if you provide consent via our cookie banner.

6. Third-Party Services

We share personal data with the following third-party service providers who process data on our behalf:

Stripe

  • Data shared: Transaction details for payment processing
  • Purpose: To process payments securely
  • Location: United States (with UK/EU safeguards)
  • Note: Stripe handles all payment card details directly. We do not receive or store card numbers.

Sendgrid

  • Data shared: Email addresses, first names
  • Purpose: To send service and marketing communications
  • Location: United States
  • Safeguards: Standard Contractual Clauses (SCCs) and Data Processing Agreement in place

Google Analytics

  • Data shared: Usage data, IP addresses (anonymised)
  • Purpose: To analyse website traffic and user behaviour
  • Location: United States
  • Safeguards: Consent required; data anonymisation applied

OpenRouter

  • Data shared: Prompts and queries only (no personal identifiers)
  • Purpose: To provide AI-powered analytical capabilities
  • Data retention: Zero Data Retention (ZDR) policy — no data is stored or retained by inference providers
  • Note: All inference providers selected via OpenRouter maintain ZDR policies and are UK GDPR compliant

Microsoft Azure

  • Data shared: Account data, service data
  • Purpose: Secure data storage and hosting
  • Location: United Kingdom

All third-party processors are bound by data processing agreements and are required to process your data only in accordance with our instructions and applicable data protection laws.

7. Data Storage and Retention

Data collected through our Services is stored securely in Microsoft Azure cloud infrastructure located in the United Kingdom.

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. This includes account data, transaction records, analytics data and service interaction data. After the applicable retention period, personal data is securely deleted or anonymised.

Anonymised and Aggregated Data

We may collect and process anonymised, aggregated data regarding how users interact with our Services to improve platform performance and develop new features. Such data does not identify any individual and is not considered personal data under UK GDPR. We may retain and use anonymised data indefinitely.

8. User Rights

You have the following rights regarding your personal data under UK GDPR:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data (subject to legal retention requirements)
  • Right to restriction: Request that we limit how we use your data
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw consent at any time for processing based on consent (e.g., marketing emails, analytics)

Data Portability: Please note that we do not offer data portability due to the bespoke nature of our systems. Your data is not held in a commonly-used, machine-readable format that would be meaningful if transferred to another provider.

How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected].

  • We will acknowledge your request within 72 hours
  • We will respond to your request within one month, as required by UK GDPR
  • For deletion requests, we will complete the process within 30 days and confirm deletion to you

How to Withdraw Consent

To withdraw consent for marketing emails, you can:

To withdraw consent for analytics cookies, you can update your preferences via our cookie banner or clear cookies in your browser settings.

Right to Complain

If you are not satisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
United Kingdom
Website: https://ico.org.uk
Telephone: 0303 123 1113

Automated Decision-Making

Our Services utilise artificial intelligence and probabilistic modelling (including Bayesian network analysis) to generate analytical outputs. However, we do not use automated decision-making that produces legal or similarly significant effects on you without human involvement.

The analytical outputs generated by our Services are provided for informational and decision-support purposes only. Any decisions based on these outputs are made by you or your organisation, not automatically by our systems.

9. Children's Data

Our Services are intended for users who are at least 18 years old. We do not knowingly collect personal data from individuals under the age of 18. Use of our Services requires acknowledgment of our Terms of Service, which confirms the user is 18 or older.

If we become aware that we have collected personal data from a minor, we will take steps to delete that information promptly.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction:

  • Data is encrypted in transit (TLS/SSL) and at rest
  • Access controls restrict data access to authorised personnel only
  • Regular security assessments and monitoring
  • Secure cloud infrastructure with UK-based hosting

While we take all reasonable precautions, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

11. International Data Transfers

Your personal data may be transferred to and processed in countries outside the United Kingdom, specifically the United States, where some of our service providers are located (including Sendgrid, Stripe, and Google Analytics).

Where we transfer data outside the UK, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs): EU/UK-approved contractual terms that provide adequate protection for transferred data
  • Processor certifications and compliance programmes: Our processors maintain compliance with applicable data protection frameworks

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, Services, or legal requirements. When we make changes:

  • We will update the "Last Updated" date at the top of this policy
  • For material changes, we will notify you by email and/or by posting a prominent notice on our website

We encourage you to review this Privacy Policy periodically. Your continued use of the Services after any changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

51Folds.AI LIMITED Unit B1/B2 Knights Park
Knight Road
Rochester, Kent, ME2 2LS
United Kingdom
Email: [email protected]

Last updated: 11/26/2025