Privacy Policy

1. Who we are

Exit Mode Ltd is the controller of personal data processed through the Exit Mode website and related services unless this policy says otherwise. If you have questions about this policy or want to exercise your rights, contact privacy@exit-mode.com.

2. The data we collect

Depending on how you use the service, we may collect:

• identity and contact data, such as name, email address, company name, and profile details;
• account data, including login information, preferences, and support history;
• payment data processed by Stripe, including transaction identifiers and billing status;
• usage and analytics data, including page views and product interaction data via Umami;
• communications you send to us, such as emails, support messages, and feedback;
• technical data such as IP address, browser type, device information, and log data.

3. How we collect data

We collect personal data directly from you when you create an account, subscribe, make a purchase, submit a form, join a waiting list, or contact us. We also collect some data automatically from your browser or device when you use the service. In some cases we receive data from service providers such as Stripe, Kit, Vercel, Supabase, OpenAI, or Anthropic where those providers support our infrastructure or service delivery.

4. Why we use your data

We use personal data to:

• create and manage accounts, authenticate users, and provide product access;
• process payments, manage subscriptions, and prevent fraud or misuse;
• operate, secure, and improve the website, academy, and related tools;
• send product communications, account notices, launch notifications, and service updates;
• respond to enquiries, support requests, and legal or compliance obligations;
• analyse service usage and performance using privacy-respecting analytics;
• develop AI-assisted product features where applicable.

5. Lawful bases for processing

Under the UK GDPR and EU GDPR, we rely on different lawful bases depending on the activity:

• contract, where processing is necessary to provide the service you requested;
• consent, where you choose to receive certain marketing or waiting-list communications;
• legitimate interests, where processing is necessary to operate, secure, and improve our service;
• legal obligation, where we must retain or disclose data to comply with law.

6. Third-party processors and recipients

We use carefully selected third parties to support the service, including:

• Stripe for payment processing and billing operations;
• Kit for email and subscriber communications where used;
• Vercel for hosting and delivery infrastructure;
• Supabase for authentication, database, and storage services;
• OpenAI and Anthropic for AI-enabled features where relevant;
• Umami for privacy-respecting website analytics.

These providers act as processors or independent controllers depending on the service they provide. We require them to handle personal data in line with applicable data protection law and our contractual instructions where relevant.

7. International transfers

Some suppliers may process personal data outside the UK or EEA. Where this happens, we use appropriate safeguards such as adequacy regulations, the UK International Data Transfer Agreement, or standard contractual clauses, together with supplementary measures where necessary.

8. Data retention

We keep personal data only for as long as necessary for the purposes set out in this policy. Account and order data may be retained while your account is active and for a reasonable period afterwards for audit, tax, fraud prevention, dispute handling, and legal compliance. Analytics and technical logs are retained for shorter operational periods unless a longer period is necessary for security or legal reasons.

9. Your data protection rights

You may have rights to:

• request access to the personal data we hold about you;
• request correction of inaccurate or incomplete data;
• request erasure where there is no lawful reason for us to continue processing;
• request restriction of processing in certain circumstances;
• object to processing based on legitimate interests;
• request portability of data you provided to us;
• withdraw consent where processing relies on consent.

To exercise any of these rights, email privacy@exit-mode.com. We may need to verify your identity before actioning a request.

10. Marketing communications

We may send marketing or launch communications where you have opted in or where we are otherwise permitted to do so. You can unsubscribe at any time using the link in the email or by contacting us. Service emails relating to orders, access, security, or billing are not marketing and may still be sent when necessary.

11. Security

We use technical and organisational measures designed to protect personal data against accidental loss, unauthorised access, misuse, alteration, and disclosure. No system is completely secure, but we aim to apply controls appropriate to the nature of the data and the risk involved.

12. Children

The service is intended for business users and adults. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, contact privacy@exit-mode.com and we will investigate.

13. Complaints

We hope to resolve concerns directly. You also have the right to lodge a complaint with the Information Commissioner's Office in the UK. Details are available at ico.org.uk.

14. Changes to this policy

We may update this Privacy Policy to reflect legal, technical, or business changes. The latest version will always be published on this page with the effective date shown at the top.