Privacy Policy

Contents

1. Who we are
2. What information we collect
3. How and why we use your information
4. Automated processing and AI
5. Legal bases for processing
6. Who we share your information with
7. International data transfers
8. How long we keep your information
9. Your rights
10. How we protect your information
11. Cookies and similar technologies
12. Children
13. Changes to this policy
14. How to contact us

1. Who we are

BirthPrint is a personalised profiling service operated by Verity Tech ("BirthPrint", "we", "us", or "our"). This Privacy Policy explains how we collect, use, store, and share your personal information when you use the BirthPrint website and app (the "Service").

We are the data controller for the personal information described in this policy. That means we decide how and why your information is processed.

Contact: marcie@veritytech.xyz

2. What information we collect

We only collect what we need to provide your BirthPrint report and run the Service. Specifically:

Information you give us

Identity details: Your full name as it appears on your birth certificate, any current legal name if different, and a nickname you choose to be called.
Birth details: Your date of birth, time of birth (if you know it), and place of birth (city and country).
Life history data: Optional location snapshots at different ages, and optional life events you choose to share.
Relationship data: If you request a report about another person (for example, a partner or child), you may provide their name, date of birth, and birth location. You are responsible for ensuring you have the right to share that person's information with us.
Preferences: The tone you select for your report, the type of report you order, and your communication preferences.
Account information: When accounts go live, your email address and a password (stored only in hashed form).
Support correspondence: Any messages you send us when you contact support.

Information we collect automatically

Technical data: Your IP address, device type, browser, and operating system. This is used for security, rate limiting, fraud prevention, and basic diagnostics.
Usage data: Which pages you visit, which reports you generate, and when. This helps us improve the Service.
Cookies and local storage: See Section 11 below.

Information we do not collect

We do not collect special category data (such as health, religion, sexual orientation, or biometric data) unless you voluntarily include it in a life event you add to your profile. We do not ask for, and we do not want, any payment card or bank account details — when paid features launch, payments will be handled entirely by a third-party payment processor and we will never see your card details.

3. How and why we use your information

We use your information for the following purposes:

To generate your personalised BirthPrint report. This is the core purpose of the Service. Your birth details and life history are used as inputs to produce a narrative report tailored to you.
To run your account and deliver the Service to you. This includes saving your reports so you can access them later and showing them to you when you return.
To keep the Service secure. We use technical data to protect against fraud, abuse, rate-limit spikes, and unauthorised access.
To improve the Service. We analyse usage patterns in aggregate to understand what works, what doesn't, and what to build next.
To communicate with you. We will send you essential service messages (for example, confirmations and account notices). If you have opted in, we may also send you occasional marketing emails about new features, updates, or offers — you can unsubscribe at any time.
To comply with the law. Where we are legally required to retain, disclose, or act on your information, we will do so.

4. Automated processing and AI

BirthPrint reports are generated using a combination of server-side calculations and a large language model (LLM) provided by Anthropic PBC. This means your report is produced by an automated process.

What this means in practice

When you submit your birth details, our servers calculate a range of structured attributes (for example, date-based and name-based values) locally and privately.
Those calculated attributes, along with your name and a minimal set of supporting details, are then sent to Anthropic's Claude model to generate the narrative text of your report.
Your exact birth time and full raw address are not sent to Anthropic. We deliberately minimise the personal information shared with the model.
Anthropic processes this data only to generate a response for you. Under our agreement with Anthropic, your data is not used to train their models.

Your rights around automated decisions

Under the UK GDPR and EU GDPR (Article 22), you have the right not to be subject to a decision based solely on automated processing where that decision produces legal or similarly significant effects. BirthPrint reports are for entertainment, reflection, and self-understanding. They are not used to make decisions about your employment, creditworthiness, health, insurance, or any other matter with legal or similarly significant effect. If you have any concerns about how your report was generated, please contact us.

5. Legal bases for processing

Under UK and EU data protection law, we need a legal basis to process your personal information. Depending on the activity, we rely on one or more of the following:

Consent. When you tick the consent box during onboarding, you are giving us permission to process your birth details and life history to generate your report. You can withdraw consent at any time (see Section 9).
Contract. We need to process certain information to deliver the Service you have requested — for example, saving your reports so you can come back to them.
Legitimate interests. We use technical data for security and fraud prevention, and we analyse usage in aggregate to improve the Service. We have balanced these interests against your rights and believe they do not override your privacy.
Legal obligation. Where we are required by law to retain or disclose information.

We do not sell your personal information. We share it only with the following categories of recipients, and only to the extent necessary:

Anthropic PBC. Our AI sub-processor, used to generate the narrative text of your report. Anthropic processes your data under a data processing agreement and does not use it to train its models.
Hosting and infrastructure providers. The companies that host our servers and database (for example, Supabase when live). They process your data on our instructions only.
Email and analytics providers. If you have consented, we may share your email address with an email delivery provider and anonymised usage data with an analytics provider.
Payment processors. If you make a purchase, a third-party payment processor will handle your payment. We never see your full card details.
Law enforcement and regulators. Where we are legally required to disclose information.
Professional advisers. Lawyers, auditors, and similar advisers acting under confidentiality obligations.
A buyer or successor. If the business is ever sold or restructured, your information may transfer as part of that transaction. We would notify you in advance.

7. International data transfers

Some of our sub-processors (including Anthropic) are based outside the UK and the European Economic Area. When we transfer your information internationally, we rely on safeguards such as the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, or an adequacy decision where one exists. You can contact us for a copy of the relevant safeguards.

8. How long we keep your information

Your profile and reports: Kept for as long as your account is active, so you can access your reports whenever you want.
After account deletion: If you delete your account, we will permanently delete your personal information within 30 days, except where we are required to retain certain records for legal, accounting, or fraud-prevention reasons.
Consent records: We keep an append-only record of when consent was given and withdrawn, as evidence required by data protection law. These records contain only the consent type and timestamps.
Technical logs: Security and rate-limiting logs are kept for up to 90 days and then deleted or anonymised.
Support correspondence: Kept for up to 2 years after your last contact with us, unless a longer period is required.

9. Your rights

If you are in the UK, the EU, or another jurisdiction that grants similar rights, you have the following rights in relation to your personal information:

Right of access (Article 15). You can ask for a copy of the personal information we hold about you. We provide an in-app export feature for this.
Right to rectification (Article 16). You can ask us to correct information that is inaccurate or incomplete.
Right to erasure (Article 17). You can ask us to delete your personal information. We provide an in-app delete feature for this.
Right to restriction (Article 18). You can ask us to stop processing your information in certain circumstances.
Right to data portability (Article 20). You can ask for your information in a structured, machine-readable format.
Right to object (Article 21). You can object to processing based on legitimate interests or direct marketing. Marketing objections are always honoured.
Right to withdraw consent. Where we rely on consent, you can withdraw it at any time in Settings. Withdrawing consent does not affect the lawfulness of processing before the withdrawal.
Rights related to automated decision-making (Article 22). See Section 4.
Right to lodge a complaint. You have the right to complain to a supervisory authority. In the UK that is the Information Commissioner's Office (ICO) at ico.org.uk. In the EU it is your local data protection authority.

To exercise any of these rights, use the tools in Settings or contact us at marcie@veritytech.xyz. We will respond within 30 days.

10. How we protect your information

All traffic between your device and our servers is encrypted in transit using HTTPS.
Sensitive fields are designed to be encrypted at rest using modern encryption standards.
We apply security headers, rate limiting, and input validation on every request.
We follow the principle of data minimisation — we collect only what we need and share only what is necessary.
Access to personal information inside the company is restricted to those who need it to do their job.
In the unlikely event of a personal data breach that is likely to result in a risk to your rights, we will notify the relevant supervisory authority within 72 hours and, where the risk is high, we will notify you directly.

11. Cookies and similar technologies

We use a small number of cookies and equivalent browser storage. These fall into two categories:

Essential cookies and local storage. Required to run the site, remember your choices (for example, your theme preference and consent decisions), and keep you signed in. These cannot be switched off.
Optional analytics cookies. Used only if you have agreed. These help us understand how the Service is used and what to improve. You can change your choice at any time using the "Manage cookies" link in Settings.

We do not use cookies for cross-site advertising or tracking.

12. Children

BirthPrint is intended for users aged 16 and over. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us and we will delete it.

You may provide a child's birth details to generate a report for your own child (for example, a parent creating a "Their Print" for a young child). In that case, you are responsible for ensuring you have the legal right to share that information with us, and the child's information is treated with the same protections described in this policy.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you in-app or by email before they take effect, and we will update the "Last updated" date at the top of this page. Older versions will be available on request.

14. How to contact us

If you have any questions, concerns, or requests about this Privacy Policy or how we handle your information, please get in touch:

Email: marcie@veritytech.xyz
Subject line: Please start your message with "Privacy" so we can route it quickly.

If you are not satisfied with our response, you can lodge a complaint with your local data protection authority. In the UK that is the Information Commissioner's Office at ico.org.uk.