Privacy Policy

Last updated: 30 April 2026

We take your privacy seriously. This policy explains how we collect, use, and protect your personal and business information.

1. Introduction

OwnerCompass ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our business continuity and organisation platform (the "Service").

This policy applies to all users of OwnerCompass, whether you're using our Business Continuity or Business Valuation plans.

By using OwnerCompass, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our Service.

2. Information We Collect

We collect several types of information to provide and improve our Service.

2.1 Information You Provide Directly

Account Information: Name, email address, password, company name, phone number

Business Information: Industry, number of employees, business start date, business description

Payment Information: Billing address, payment card details (processed securely by Stripe - we do not store full card numbers)

Documents: Business documents you upload (accounts, contracts, policies, etc.)

Contacts: Business contact information you add to the platform

Communications: Messages you send us via contact forms or email

2.2 Information Collected Automatically

Usage Data: Pages viewed, features used, time spent on platform

Device Information: IP address, browser type, operating system, device type

Log Data: Access times, error logs, system activity

Cookies: Small data files stored on your device (see Section 8 for details)

2.3 Information from Third Parties

Payment Processors: Stripe provides us with payment confirmation and billing information

Authentication Services: If you sign in using third-party services, we receive basic profile information

3. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Create and maintain your account, store your documents, process your business information
  • Process Valuations: Calculate and provide quarterly business valuations (Business Valuation tier)
  • Generate Data Rooms: Compile your business information into organised data packs
  • Communicate With You: Send service updates, respond to enquiries, provide customer support
  • Process Payments: Bill your subscription and process transactions
  • Improve the Service: Analyse usage patterns, fix bugs, develop new features
  • Ensure Security: Detect and prevent fraud, abuse, and security issues
  • Comply With Legal Obligations: Meet regulatory requirements, respond to legal requests

We will never:

  • Sell your personal or business information to third parties
  • Use your business documents for our own purposes (e.g., training AI models)
  • Share your information for marketing purposes without your consent
  • Access your account without your explicit permission (except for support requests)

4. Data Storage and Security

4.1 Where We Store Your Data

Your primary data is stored in UK-based servers:

  • Database servers: Hosted in UK data centres (London region) via Supabase
  • Document storage: Stored in UK-based secure storage via Supabase
  • Backups: Automated daily backups in encrypted storage

We use a small number of trusted third-party services to operate the platform (see Section 5). Some of these services, such as our hosting and email providers, may process data outside the UK. All such providers are contractually bound to handle your data in accordance with UK GDPR.

4.2 How We Protect Your Data

We implement multiple security measures:

  • Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Strong password requirements, two-factor authentication via email verification code
  • Regular Backups: Daily automated backups, encrypted storage
  • Monitoring: Continuous monitoring for suspicious activity
  • Secure Infrastructure: ISO 27001 certified data centres

5. Sharing Your Information

We share your information only in these limited circumstances:

Service Providers: We use the following services to operate our platform:

  • Stripe — Payment processing
  • Supabase — Data hosting and storage (UK region)
  • Resend — Transactional emails only
  • Anthropic — AI-powered document analysis (your documents are not used for AI training)
  • Vercel — Application hosting and delivery

These providers are GDPR-compliant and contractually obligated to protect your information. They cannot use your data for their own purposes.

Legal Requirements: We may disclose information if required by law, court order, or government regulation.

Business Transfers: If OwnerCompass is acquired or merged, your information may be transferred. We will notify you before this happens.

With Your Consent: We may share information for other purposes with your explicit consent.

We will never sell your information to third parties for marketing purposes.

6. Your Rights

Under UK GDPR, you have the following rights:

Right to Access: Request a copy of all personal data we hold about you

Right to Rectification: Correct inaccurate or incomplete information

Right to Erasure: Request deletion of your personal data (subject to legal obligations)

Right to Restrict Processing: Limit how we use your data in certain circumstances

Right to Data Portability: Receive your data in a structured, commonly-used format

Right to Object: Object to certain types of processing (e.g., direct marketing)

Right to Withdraw Consent: Withdraw consent for processing where we rely on consent

To exercise these rights, including requesting a copy of your personal data, please contact us at privacy@ownercompass.com. You can also delete your account at any time from your account settings.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we've mishandled your data.

7. Data Retention

We retain your information for as long as necessary to provide the Service and comply with legal obligations:

Active Accounts: We retain all data while your account is active

After Subscription Cancellation:

  • Your access continues until the end of your current billing period
  • After your billing period ends, your account enters a 90-day retention window
  • During this window your data is retained but your access is restricted
  • You will receive email reminders before permanent deletion
  • After 90 days, all personal data and documents are permanently deleted

After Account Deletion:

  • Once you delete your account, your personal data and documents are permanently removed
  • This action cannot be undone
  • Billing records are retained for 7 years (UK tax law requirement)

You can delete your account at any time from your account settings, or contact us at privacy@ownercompass.com.

8. Cookies

We use cookies and similar technologies to provide and improve the Service.

Strictly Necessary Cookies: Required for the Service to function (authentication, security). These cannot be disabled.

We do not use:

  • Marketing or advertising cookies
  • Third-party tracking cookies
  • Social media cookies

You can manage cookie preferences in your browser settings. Disabling necessary cookies may prevent you from using certain features.

For more details, see our Cookie Policy.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

When we make changes:

  • We'll update the "Last updated" date at the top of this page
  • For significant changes, we'll notify you by email
  • Continued use of the Service after changes constitutes acceptance

We encourage you to review this policy periodically.

10. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

We aim to respond to all enquiries within 2 business days.