Privacy Policy

1. Introduction

Composa LTD ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our email template builder service ("Composa" or the "Service").

We are registered in the United Kingdom and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

We collect information that you provide directly to us:

• Account Information: When you register, we collect your name, email address, and password (stored securely using encryption).
• Content: Email templates, components, and images you create or upload to the Service.
• Workspace Data: Information about workspaces you create or join, including team member details.
• Usage Data: Information about how you interact with the Service, including access times, pages viewed, and features used.
• Integration Data: If you connect third-party services (e.g., Figma, Braze), we may store API keys and integration settings.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Create and manage your account
• Process and store your email templates and content
• Send you technical notices, updates, and support messages
• Respond to your comments, questions, and requests
• Monitor and analyse trends, usage, and activities
• Detect, investigate, and prevent fraudulent transactions and abuse

4. Legal Basis for Processing (UK GDPR)

We process your personal data on the following legal bases:

• Contract: Processing necessary to provide the Service you've requested.
• Legitimate Interests: Processing for our legitimate business interests, such as improving the Service and preventing fraud.
• Consent: Where you have given us explicit consent to process your data for specific purposes.
• Legal Obligation: Processing necessary to comply with our legal obligations.

5. Data Sharing and Disclosure

We may share your information with:

• Service Providers: Third-party vendors who perform services on our behalf (e.g., hosting, email delivery, analytics).
• Integration Partners: When you choose to connect third-party services, data may be shared as necessary for the integration.
• Legal Requirements: When required by law or to protect our rights, privacy, safety, or property.
• Business Transfers: In connection with any merger, sale, or acquisition of our business.

We do not sell your personal information to third parties.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. We may also retain certain information as required by law or for legitimate business purposes. When you delete your account, we will delete or anonymise your personal data within 30 days, unless retention is required for legal compliance.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. This includes encryption of data in transit and at rest, secure password hashing, and regular security assessments.

8. Your Rights

Under the UK GDPR, you have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data ("right to be forgotten").
• Restriction: Request restriction of processing in certain circumstances.
• Portability: Request transfer of your data to another service provider.
• Objection: Object to processing based on legitimate interests.
• Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise these rights, please contact us at [email protected].

9. International Data Transfers

Your data may be transferred to and processed in countries outside the UK. When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO).

10. Cookies

We use essential cookies to enable core functionality of the Service (e.g., authentication). We do not use tracking or advertising cookies. By using the Service, you consent to our use of essential cookies.

11. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete that information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Composa LTD
Email: [email protected]

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe your data protection rights have been violated.