Privacy Policy
Last updated: 27 February 2026
1. Data Controller
Encyclix Ltd (βweβ, βusβ, βourβ) is the data controller for personal data processed through Encyclix. Contact: privacy@encyclix.com.
2. Data We Collect
We collect the following categories of personal data:
2.1. Account Data
Email address, name, and authentication credentials (managed by Clerk). Subscription tier and billing information (managed by Stripe).
2.2. Usage Data
Pages visited, indicators viewed, features used, session duration, device type, browser type, and approximate location (country level from IP address).
2.3. Preference Data
Theme preference, country selection, My List items, notification preferences, and cookie consent choices.
3. Lawful Basis for Processing
We process your personal data on the following legal bases (GDPR Article 6):
- Contract performance β to provide your subscription and account services.
- Legitimate interests β to improve the platform, prevent abuse, and ensure security.
- Consent β for analytics cookies and marketing communications (where applicable).
- Legal obligation β to comply with applicable laws and regulations.
4. Third-Party Services
We use the following third-party services that process personal data:
- Clerk β authentication and user management. Processes email, name, and session data.
- Stripe β payment processing. Processes payment method details and billing address. Stripe is PCI DSS Level 1 certified.
- Sentry β error monitoring. May receive anonymised usage context when errors occur. No personally identifiable data is intentionally sent.
Each service operates under its own privacy policy and data processing agreements. We do not sell personal data to any third party.
5. Data Retention
We retain personal data only as long as necessary:
- Account data β retained while your account is active. Deleted within 30 days of account deletion.
- Usage analytics β aggregated and anonymised after 24 months.
- Billing records β retained for 7 years as required by law.
- Error logs β automatically purged after 90 days.
6. Your Rights
Under GDPR, you have the following rights regarding your personal data:
- Right of access β request a copy of your personal data.
- Right to rectification β correct inaccurate personal data.
- Right to erasure β request deletion of your personal data.
- Right to data portability β receive your data in a structured, machine-readable format.
- Right to restriction β restrict processing in certain circumstances.
- Right to object β object to processing based on legitimate interests.
To exercise any of these rights, contact privacy@encyclix.com. We will respond within 30 days.
7. Cookies
Encyclix uses cookies for essential functionality, analytics, and preference storage. You can manage your cookie preferences at any time via the Cookie Preference Centre.
For full details on cookie categories and how to manage your preferences, see our Cookie Policy.
8. Security
We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS), secure authentication (Clerk), and access controls on our infrastructure. However, no system is completely secure, and we cannot guarantee absolute security.
9. Contact and Complaints
For privacy-related enquiries, contact privacy@encyclix.com.
If you are not satisfied with our response, you have the right to lodge a complaint with your national data protection authority. In the UK, this is the Information Commissionerβs Office (ICO).