Privacy Policy

Introduction

Perpetua ("we", "us", "our") is a UK private company intelligence platform. This policy explains what personal data we collect when you use Perpetua, why we collect it, and your rights under the UK GDPR and EU GDPR.

Data we collect

• Account data — email address and hashed password when you register.
• API usage metadata — request logs (endpoint, timestamp, response code) and rate-limit counters, retained to operate and protect the service.
• Session cookie — a signed HTTP-only session cookie used to maintain your authenticated session.

How we use it

• Service delivery — authenticating your account and responding to API requests.
• Billing — tracking usage against plan quotas.
• Abuse prevention — detecting and rate-limiting anomalous request patterns.
• Product analytics — understanding which endpoints and features are most used to improve the platform.

Data we don't collect

We do not use tracking pixels, fingerprinting scripts, or third-party advertising networks. We do not sell or broker your personal data.

Third parties

• Supabase — authentication and database hosting, EU region.
• Vercel — frontend hosting and edge functions.
• Stripe — payment processing (when billing ships). No card data is stored by Perpetua.

Your rights under GDPR

You have the right to access, correct, delete, or receive a portable copy of your personal data. To exercise any of these rights, email privacy@perpetua.uk. We will respond within 30 days.

Data retention

• Account data — retained while your account is active and for 30 days after deletion.
• API request logs — retained for 90 days, then purged.

Contact

Privacy enquiries: privacy@perpetua.uk