Privacy Policy

Effective Date: 4 December 2025

Freshideas.ie LTD (“we”, “our”, “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your data in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

1. Data Controller

Freshideas.ie LTD
10 Stockman’s Crescent, Belfast, BT11 9AW, UK
Email: [email protected]

For data protection inquiries, you may contact our designated Data Protection Officer at the same email address.

2. Personal Data We Collect

We may collect and process the following personal data:

  • Account information: Name, email address (if you register or subscribe).

  • Payment information: Provided via Stripe (we do not store any card details).

  • Uploaded files: Documents and images you submit for conversion, email design or signature creation.

  • Usage information: IP address, browser type, device info, pages visited.

  • Cookies & analytics data:

    • Google Analytics 4 (GA4) – aggregated traffic and usage statistics for all users.

    • Microsoft Clarity – session recording and analytics only for signed-in users.

3. How We Use Your Data

We process your data for the following purposes:

  1. Service Delivery: To convert documents, design emails, generate signatures, and provide related services.

  2. Account Management: To manage subscriptions, communicate updates, and provide support.

  3. Payments: To process payments via Stripe.

  4. Analytics & Improvement: To improve website functionality and user experience using GA4 and Clarity.

  5. Legal Obligations: To comply with applicable laws and prevent fraud.

Legal Bases:

  • Contract necessity (providing paid services).

  • Consent (cookies, Clarity tracking, GA4 optional features, newsletters).

  • Legitimate interests (security, anonymised analytics, service improvements).

4. Data Sharing & Subprocessors

We share personal data only with trusted third parties necessary to provide our services:

  • Stripe – payment processing

  • Google Analytics 4 – website analytics

  • Google Login - account registration and login

  • OpenAI – AI features

  • Microsoft Clarity – session analytics for signed-in users

  • DigitalOcean / AWS – hosting and storage

All subprocessors operate under GDPR-compliant agreements (Standard Contractual Clauses for transfers outside the EEA).

5. Data Retention

  • Uploaded files: Stored until you delete them or 6 months after paid account expiration.

  • Account & payment data: Retained as long as the account is active, then deleted or anonymised according to legal obligations.

  • Analytics and logs:

    • GA4 data is stored in anonymised or aggregated form.

    • Clarity data is stored only for signed-in users and deleted according to retention rules (e.g., 12 months).

6. Your Rights

Under GDPR, you have the following rights:

  1. Access: Request a copy of your personal data.

  2. Rectification: Correct inaccurate or incomplete data.

  3. Deletion (“Right to be Forgotten”): Request deletion of personal data.

  4. Restriction: Limit how we process your data.

  5. Data Portability: Receive your data in a machine-readable format.

  6. Objection: Object to processing based on legitimate interests.

  7. Withdraw Consent: At any time for features relying on consent (e.g., GA4, Clarity, optional cookies).

Requests can be sent to [email protected]

We will respond within 30 days.

7. Cookies & Tracking

We use cookies and similar technologies:

  • Essential cookies: Stripe, Google Login and Cloudflare. Required for website functionality.

  • Analytics cookies:

    • Google Analytics 4: aggregated traffic and usage statistics for all users.

    • Microsoft Clarity: session recording and analytics only for signed-in users (requires explicit consent).

Users can manage cookie preferences through the website's browser settings.

8. Data Security

We implement technical and organisational measures to protect personal data, including:

  • Encryption: HTTPS site-wide, encrypted storage for uploaded files.

  • Access control: Limited staff/admin access, strong passwords, 2FA for admin panel.   

  • Regular security monitoring: Protection against unauthorised access or data breaches.

In case of a personal data breach, we will notify affected users and authorities within 72 hours, where required by law.

9. International Data Transfers

Some subprocessors (Google, Stripe, OpenAI, Microsoft, Digital Ocean, AWS) may transfer data outside the EEA. Transfers rely on Standard Contractual Clauses (SCCs) to ensure adequate protection.

10. Children’s Privacy

Our services are not intended for children under 16. We do not knowingly collect personal data from minors.

11. Changes to This Privacy Policy

We may update this policy. Any changes will be posted on this page with an updated effective date. Users will be notified of material changes.