Privacy Policy

Company: RapidFoundry Ltd
Registered Address: Isiodou Gardens Central 13, Unit 401, 3031 Limassol, Cyprus

This Privacy Policy explains how RapidFoundry Ltd ("RapidFoundry", "Company", "we", "us", or "our") collects, uses, stores, shares, and protects your personal data when you access or use any software, platform, application, website, or service operated or provided by us (collectively, "Services"). It applies universally to all products, platforms, tools, and websites launched, operated, or maintained under the RapidFoundry name or brand.

We are committed to protecting your privacy and handling your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable data protection laws of the Republic of Cyprus and the European Union. By using our Services, you acknowledge that you have read and understood this Privacy Policy. This Policy should be read together with our Terms of Service.

1. Who We Are (Data Controller)

RapidFoundry Ltd is the "data controller" responsible for your personal data in respect of the Services, unless stated otherwise for a specific product. Where we process personal data on behalf of a business customer (for example, data that customer uploads about its own end users), we act as a "data processor" and process such data in accordance with that customer's instructions and a separate Data Processing Agreement (see Section 13).

2. Scope of This Policy

This Policy covers personal data we process about visitors, registered users, customers, and prospective customers of our Services. It does not apply to third-party websites, products, or services that we do not own or control, even where they are linked from or integrated with our Services (see Section 9).

3. Definitions

  • "Personal Data" means any information relating to an identified or identifiable natural person.
  • "Processing" means any operation performed on personal data, such as collection, storage, use, disclosure, or deletion.
  • "Data Controller" means the entity that determines the purposes and means of processing personal data.
  • "Data Processor" means an entity that processes personal data on behalf of the controller.
  • "Sub-processor" means a third party engaged by us to process personal data in connection with the Services.
  • "Services" has the meaning given in our Terms of Service.

4. Information We Collect

4.1 Information You Provide Directly

  • Account data: name, username, email address, password (stored in hashed form), and any profile details you choose to add.
  • Billing data: billing name, billing address, VAT/tax identifiers, and transaction records. Full payment card details are processed by our payment provider and are not stored by us (see Section 9).
  • Content: any data, text, files, or other materials you upload, submit, or generate through the Services.
  • Communications: information you provide when you contact us for support, submit feedback, or respond to surveys.

4.2 Information We Collect Automatically

  • Usage data: pages or features accessed, actions taken, timestamps, referring pages, and similar diagnostic data.
  • Device and technical data: IP address, browser type and version, operating system, device identifiers, and language settings.
  • Cookies and similar technologies: as described in Section 8.

4.3 Information From Third Parties

We may receive information about you from third parties, such as authentication or single sign-on providers (where you choose to log in via a third-party account), payment processors, and analytics providers, in accordance with their respective terms and privacy policies.

5. How We Use Your Information

We use personal data for the following purposes:

  • To create and manage your Account and provide the Services;
  • To process payments, manage subscriptions, and send billing-related communications;
  • To operate, maintain, secure, and improve the Services;
  • To provide customer support and respond to your inquiries;
  • To send service-related communications (e.g. security alerts, changes to terms, transactional notices);
  • To send marketing communications where permitted (see Section 11), and to measure their effectiveness;
  • To detect, prevent, and address fraud, abuse, security incidents, and technical issues;
  • To comply with legal obligations and enforce our Terms of Service;
  • To produce aggregated or anonymized statistics that do not identify you.

6. Legal Bases for Processing (GDPR)

We rely on the following legal bases under Article 6 of the GDPR:

  • Performance of a contract: to provide the Services you have requested and to manage your Account and subscription.
  • Legitimate interests: to operate, secure, and improve our Services, prevent fraud and abuse, and conduct direct marketing to existing customers, provided such interests are not overridden by your rights.
  • Consent: for non-essential cookies, certain marketing communications, and any optional processing — which you may withdraw at any time.
  • Legal obligation: to comply with applicable laws, including tax, accounting, and regulatory requirements.

7. Cookies and Similar Technologies

7.1 What We Use

We use cookies and similar technologies to operate the Services, remember your preferences, maintain your login session, and understand how the Services are used. Cookies fall into the following categories:

  • Strictly necessary cookies: required for the Services to function (e.g. authentication, security, load balancing). These cannot be disabled.
  • Preference cookies: remember settings such as language or theme.
  • Analytics cookies: help us understand usage and improve the Services. Set only with your consent where required.

7.2 Managing Cookies

Where required by law, we will request your consent before setting non-essential cookies. You can manage or withdraw your cookie preferences at any time through your browser settings or any cookie controls we provide within the Services. Disabling certain cookies may affect the functionality of the Services.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy, including to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. Account data is generally retained for the duration of your Account and deleted or anonymized within a reasonable period after Account closure, subject to legal retention requirements (for example, invoicing and tax records, which may be retained for the period required by Applicable Law). Backups are retained for a limited period and then overwritten in the ordinary course.

9. How We Share Your Information

We do not sell your personal data. We may share personal data with the following categories of recipients:

  • Service providers / sub-processors: trusted third parties that process data on our behalf, such as cloud hosting, payment processing, email delivery, error monitoring, and analytics providers, under contractual confidentiality and data protection obligations.
  • Payment processors: to process transactions securely. Card data is handled directly by PCI-DSS-compliant processors and is not stored on our systems.
  • Professional advisers and authorities: where necessary to comply with the law, respond to lawful requests, or protect our rights, users, or the public.
  • Business transfers: in connection with a merger, acquisition, restructuring, or sale of assets, in which case personal data may be transferred subject to this Policy.

10. Third-Party Services and Integrations

The Services may integrate with or link to third-party platforms, tools, or websites that we do not control. Your use of any such third-party service is governed by that third party's own terms and privacy policy. We are not responsible for the privacy practices of third parties, and we encourage you to review their policies before providing them with your data.

11. Marketing Communications

Where permitted by Applicable Law, we may send you marketing communications about our Services. You can opt out at any time by using the unsubscribe link in our emails or by contacting us. Opting out of marketing does not affect service-related or transactional communications that are necessary for the operation of your Account.

12. International Data Transfers

Your personal data is primarily stored and processed within the European Union/European Economic Area. Where personal data is transferred to a country outside the EEA that has not been recognized as providing an adequate level of protection, we ensure that appropriate safeguards are in place, such as the European Commission's Standard Contractual Clauses or another lawful transfer mechanism, to protect your data in accordance with the GDPR.

13. Data Processing for Business Customers

Where you use our Services as a business customer and upload or process personal data relating to your own end users, you act as the data controller and we act as your data processor with respect to that data. In such cases, our processing is governed by a Data Processing Agreement ("DPA"), which is available to business customers on request and forms part of our agreement with you where required by the GDPR.

14. Data Security

We implement appropriate technical and organizational measures designed to protect personal data against unauthorized access, disclosure, alteration, loss, or destruction. These measures include encryption in transit, access controls, and regular review of our security practices. However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, affected individuals, in accordance with the GDPR.

15. Your Rights Under the GDPR

Subject to the conditions and exceptions in the GDPR, you have the following rights regarding your personal data:

  • Right of access: to obtain confirmation of whether we process your data and to receive a copy of it.
  • Right to rectification: to have inaccurate or incomplete data corrected.
  • Right to erasure ("right to be forgotten"): to request deletion of your data in certain circumstances.
  • Right to restriction: to request that we limit the processing of your data in certain circumstances.
  • Right to data portability: to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller.
  • Right to object: to object to processing based on legitimate interests or to direct marketing.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: with a supervisory authority (see Section 18).

16. How to Exercise Your Rights

You can exercise your rights by contacting us through our contact form. We may need to verify your identity before responding. We will respond to valid requests within one (1) month, as required by the GDPR, although this period may be extended by up to two further months for complex or numerous requests, in which case we will inform you. We do not charge a fee for handling requests unless they are manifestly unfounded or excessive.

17. Children's Privacy

Our Services are not directed to, and we do not knowingly collect personal data from, children under the age of 16 (or the minimum age required by Applicable Law in your jurisdiction). If you believe that a child has provided us with personal data, please contact us and we will take steps to delete such information.

18. Automated Decision-Making

We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing, including profiling, without a lawful basis. Where any such processing is used (for example, automated fraud or abuse detection), you have the right to request human intervention, express your point of view, and contest the decision.

19. Supervisory Authority

If you are located in the European Union, you have the right to lodge a complaint with your local data protection supervisory authority. As we are established in Cyprus, our lead supervisory authority is the Office of the Commissioner for Personal Data Protection (Cyprus), www.dataprotection.gov.cy. We would, however, appreciate the opportunity to address your concerns directly before you approach a supervisory authority.

20. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. We will post the updated Policy on our website and update the "Last Updated" date. Where changes are material, we will provide additional notice where practicable (for example, by email or in-platform notification). Your continued use of the Services after the effective date of any update constitutes your acknowledgment of the revised Policy.

21. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, you can reach us via our contact form.

We will endeavor to respond to all inquiries within a reasonable timeframe. For urgent matters related to data security or a suspected data breach, please indicate the urgency in your subject line.

These Privacy Policy were last updated on May 25, 2026. By continuing to use any RapidFoundry service after this date, you acknowledge that you have read, understood, and agree to be bound by these Privacy Policy.