Privacy Policy
Last updated: 21 October 2025
This privacy policy explains how Numen Technology Ltd ("we", "us", "our") collects, uses, and protects your personal data when you visit guardianscan.ai (the "Site"). We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Data controller
Numen Technology Ltd is the data controller responsible for your personal data.
Numen Technology Ltd
Company No. 13262519
Registered in England and Wales
86-90 Paul Street, London, United Kingdom, EC2A 4NE
Contact: privacy@numentechnology.co.uk
2. What personal data we collect
Email address
When you sign up for launch notifications, we collect your email address.
Legal basis: Consent (GDPR Article 6(1)(a)) – you explicitly provide your email and tick a consent checkbox.
Analytics and usage data
We use Google Analytics 4 and Vercel Analytics to understand how visitors use this site. This includes:
- Pages visited and time spent on each page
- Device type, browser, and screen resolution
- Approximate location (city/region level, derived from anonymised IP)
- Referral source (how you found our site)
- User interactions (button clicks, scrolling behaviour)
Vercel Analytics: Cookieless and privacy-first. Collects aggregated, anonymised page view data without tracking individual users or using cookies.
Legal basis: Legitimate interest (GDPR Article 6(1)(f)) – we need to understand site performance to improve user experience. We've balanced this against your privacy rights by anonymising IP addresses and offering opt-out options.
Advertising data
We use Google Ads to promote GuardianScan. Google may collect:
- Whether you clicked on one of our ads
- Ad conversion data (if you sign up after clicking an ad)
- Cookie identifiers for ad personalisation
Legal basis: Legitimate interest (GDPR Article 6(1)(f)) – measuring advertising effectiveness is essential for a sustainable business model. You can opt out via Google Ads Settings.
3. How we use your personal data
We'll send you one email when GuardianScan launches (pre-launch phase only). After launch, we may occasionally send product updates, but you can unsubscribe at any time via the link in every email. We will never sell, rent, or share your email address with third parties for their marketing purposes.
We analyse site usage to identify popular features, fix bugs, and improve navigation. This helps us build a better product for developers.
We measure which ads and campaigns work so we can allocate our marketing budget effectively and reach the right audience.
4. Data storage, security, and retention
Email addresses
- Storage: Supabase (PostgreSQL database, London region, UK)
- Security: Industry-standard encryption at rest and in transit (TLS 1.3). Access restricted to authorised personnel only.
- Retention: Stored until you unsubscribe or 30 days after product launch (whichever comes first). After that, permanently deleted from our systems and backups.
- Data location: UK only (ensures UK GDPR compliance and data sovereignty)
Analytics data
- Processor: Google LLC (Google Analytics 4)
- Data location: EU and US (Google operates under EU-US Data Privacy Framework and UK-US Data Bridge)
- IP anonymisation: Enabled – last octet of IP addresses removed before storage
- Retention: 26 months (Google's default), after which data is automatically deleted
- Transfer safeguards: Google's Standard Contractual Clauses (SCCs) ensure GDPR compliance for international transfers
Advertising data
- Processor: Google LLC (Google Ads)
- Data location: EU and US (same safeguards as Analytics)
- Retention: Up to 540 days for conversion tracking, 90 days for most ad cookies
- Transfer safeguards: Standard Contractual Clauses (SCCs)
5. Third-party data processors
We share your personal data with the following third-party processors:
Supabase Inc.
Purpose: Email storage and database hosting
Data location: UK (London region)
Privacy policy: supabase.com/privacy
Vercel Inc.
Purpose: Website hosting and cookieless analytics (Vercel Analytics)
Data location: Global CDN (with EU/UK data processing options)
Privacy policy: vercel.com/legal/privacy-policy
Note: Vercel Analytics is cookieless and privacy-first. It does not use cookies or track individual users across sessions. It collects aggregated, anonymised page view data for performance monitoring.
Google LLC
Purpose: Analytics (Google Analytics 4) and advertising (Google Ads)
Data location: EU/US (with SCCs)
Privacy policy: policies.google.com/privacy
We have Data Processing Agreements (DPAs) in place with all third-party processors to ensure they handle your data securely and in compliance with UK GDPR.
6. Cookies and tracking technologies
We use cookies to make this site work properly and understand how you use it. By accepting our cookie banner, you consent to the following cookies:
These are required for the site to function and cannot be disabled:
cookie-consent– stores your cookie preferences (1 year)
Cookieless analytics that tracks page views and performance:
- No cookies stored – uses ephemeral session tracking
- Privacy-first – no personal data collected
- GDPR compliant – no consent required (Recital 30)
Learn more: Vercel Analytics Privacy Policy
These track page views and user behaviour (requires consent):
_ga– unique user identification (2 years)_gid– session identification (24 hours)_gat– throttles request rate (1 minute)
These measure ad performance and enable remarketing:
_gcl_au– stores ad click information (90 days)IDE– ad personalisation (2 years)DSID– links activity across devices (2 weeks)
Manage preferences: Google Ads Settings
Managing cookies: You can block or delete cookies through your browser settings. However, this may affect site functionality. Most browsers allow you to refuse cookies entirely or accept them selectively.
7. Your rights under UK GDPR
You have the following rights regarding your personal data:
Request a copy of all personal data we hold about you. We'll provide this within 30 days, free of charge.
Correct any inaccurate or incomplete personal data (e.g., if your email address changes).
Request deletion of your data. Click "unsubscribe" in any email, or email us directly. We'll delete your data within 7 days.
Limit how we use your data while we investigate a complaint or accuracy issue.
Receive your data in a machine-readable format (CSV or JSON) to transfer to another service.
Object to processing based on legitimate interests (e.g., analytics or advertising). We'll stop processing unless we have compelling legitimate grounds.
Withdraw your email signup consent at any time via the unsubscribe link or by emailing us.
To exercise any of these rights: Email privacy@numentechnology.co.uk with your request. We'll respond within 30 days. There's no charge unless your request is manifestly unfounded or excessive.
8. Right to lodge a complaint
If you believe we've mishandled your personal data or violated your privacy rights, you have the right to lodge a complaint with the UK's supervisory authority:
Information Commissioner's Office (ICO)
Website: ico.org.uk/make-a-complaint
Phone: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
We'd appreciate the opportunity to resolve any concerns first, so please contact us at privacy@numentechnology.co.uk before escalating to the ICO.
9. Data security and breach notification
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction:
- TLS 1.3 encryption for data in transit
- AES-256 encryption for data at rest
- Access controls and authentication (MFA) for all team members
- Regular security audits and penetration testing
- Supabase Row Level Security (RLS) policies to restrict database access
In the event of a data breach: If we experience a breach affecting your personal data, we'll notify you within 72 hours (as required by GDPR Article 33) via email. We'll explain what happened, what data was affected, and what steps we're taking to mitigate harm.
10. International data transfers
Your email data stays within the UK (Supabase London region). However, analytics and advertising data may be transferred to the United States (Google LLC).
Transfer safeguards: Google has committed to:
- EU-US Data Privacy Framework certification (adequate level of protection)
- UK-US Data Bridge extension (UK GDPR compliant transfers)
- Standard Contractual Clauses (SCCs) approved by the EU Commission
These mechanisms ensure your data receives equivalent protection to UK GDPR standards even when processed in the US.
11. Children's privacy
GuardianScan is a professional developer tool. We do not knowingly collect personal data from individuals under 16 years old. If you believe we've inadvertently collected data from a child, please contact us immediately at privacy@numentechnology.co.uk and we'll delete it promptly.
12. Automated decision-making
We do not use your personal data for automated decision-making or profiling that produces legal effects or similarly significantly affects you (GDPR Article 22). All email communications and marketing decisions involve human oversight.
13. Changes to this policy
We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. When we make material changes:
- We'll update the "Last updated" date at the top of this page
- We'll notify you via email if you're subscribed to launch notifications
- For significant changes, we may ask you to re-consent
We recommend reviewing this policy periodically. Continued use of the site after changes constitutes acceptance of the updated policy.
Contact us
If you have any questions about this privacy policy or how we handle your personal data, please contact us:
Email: privacy@numentechnology.co.uk
Data Controller: Numen Technology Ltd
Company No. 13262519, Registered in England and Wales
86-90 Paul Street, London, United Kingdom, EC2A 4NE