Privacy Policy

Privacy Notice
Last updated: 25 August 2025 | Next review: 25 August 2026 | Owner: Directors

Company Information
Data Controller: Firefinch Software Ltd
Address: 5 South Gyle Crescent Lane, Edinburgh, EH12 9EG
Phone: +44 (0) 131 549 9549
Email: contact@firefinch.io
ICO Registration: ZB195673

Scope
Firefinch Software Ltd. (“we”, “our”, “us”, the “Company”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect personal data about business contacts and website visitors. This policy should be read alongside our separate Cookie Policy and any specific notices you may see on forms, emails, or when interacting with us.

This Policy applies to:

    • Business Contacts: Personal data collected by us from business contacts, clients, partners, and prospects, regardless of how that data is collected (email, phone, social media, events, etc.).
    • Website Visitors: Personal data and technical information collected through your use of our website (excluding cookies, which are covered in our separate Cookie Policy).
    • Form Respondents: Personal data collected when you submit information through forms, including HubSpot or Microsoft Forms, as part of our business processes.
    • Meeting Participants: Personal data collected during meetings, including recordings and transcriptions.

Parts of this Policy are only applicable in certain contexts. Please see the references in each section for details.

Data Collection
Firefinch Software Ltd (Company) is a data controller and gathers and uses certain information about you.
We do not process client end‑user personal data as part of our services; we retain only business contact details for relationship management and business development.

BUSINESS CONTACTS

We collect and process business contact information — such as names, job titles, company details, emails, and phone numbers — only for legitimate business purposes (communication, marketing, service provision, contracts).
We receive this information via:

    • Direct inquiries (phone, email, online forms, website contact)
    • Business cards (events, in-person)
    • Social media (e.g., LinkedIn)
    • Clients, prospective clients, and third parties (including bidding processes)
    • Industry events and referrals

WEBSITE VISITORS

When you visit our website, we may automatically collect:

    • Technical identifiers (IP address, device/browser details)
    • Usage data (pages visited, time of visit)

We also collect information you submit directly (e.g., via contact forms).

For further information about cookies and similar technologies used on our website, please see our separate Cookie Policy.

If you decline cookies, your information won’t be tracked using them when you visit this website. A single cookie will be used in your browser to remember your preference not to be tracked

FORM INPUT DATA (HUBSPOT AND MICROSOFT FORMS)

When you interact with forms provided via HubSpot or Microsoft Forms, we collect:

    • Information you submit (name, email, company, phone, etc.)
    • Metadata on form interactions (fields completed, time taken, abandonment)

Form analytics and data processing via HubSpot or Microsoft Forms are in accordance with their own privacy policies and terms:

MEETING RECORDINGS AND TRANSCRIPTION

When you participate in meetings with us (virtual or in-person), with your knowledge and consent, we may:

    • Record meetings for accuracy of notes, action points, and follow-ups
    • Create transcriptions of meetings for internal reference
    • Use artificial intelligence (AI) tools to summarise recordings or transcriptions for:
      • Internal note-taking and project management
      • Creating proposals and service delivery documentation
      • Service improvement and quality assurance

Any recordings, transcriptions, or AI-generated summaries are treated with strict confidentiality and accessed only by staff with a legitimate business need.

Lawful Basis For Processing
We process your data under one or more of:

    • Consent: Where you have given explicit consent (e.g., marketing subscriptions, meeting recordings).
    • Legitimate Interests: For our business operations, communications, marketing, and service provision, provided these do not override your rights.
    • Contract: Where processing data is necessary to fulfill a contract or respond to your direct request.
    • Legal Obligation: Where data retention or disclosure is legally required.

How Your Information Is Used
We may use your personal data to:

    • Respond to enquiries and communicate with you about services or opportunities
    • Send marketing communications (based on consent or legitimate interests)
    • Manage client, partner, or supplier relationships
    • Analyse and improve our business, website, services, and marketing
    • Process a grant, job, or project application
    • Review retention periods and delete data no longer required

Meeting data:

    • Create accurate meeting notes and action points
    • Develop proposals and project documentation based on discussions
    • Improve service delivery and client understanding
    • Maintain records for project management and contractual purposes

Website data:

    • Contact you regarding queries raised via our website
    • Improve website performance and personalise your experience
    • Analyse aggregated usage (see Cookie Policy for details)

Form data:

    • Respond to your specific request or application
    • Aggregate usage patterns for marketing and client understanding
    • Improve our services and communication relevance

 

Data Sharing
We do not sell or rent your data. We may share data with:

    • Third-party service providers (CRMs such as HubSpot, email, cloud storage, analytics providers, AI transcription/summarisation services), subject to contracts ensuring security and privacy
    • Clients or potential clients (basic info and only as necessary, e.g., for bidding processes and as you would expect)
    • Legal authorities or regulators, if required by law

Meeting recordings and transcriptions may be shared with:

    • Internal team members involved in the relevant project or client relationship
    • AI service providers for transcription and summarisation (under strict data processing agreements)

Data Retention

    • Personal and business contact data is held only as long as necessary for business, legal, or contractual needs
    • Meeting recordings and transcriptions are retained for the duration of the relevant project or client relationship, plus a reasonable period for follow-up activities
    • Website and analytics data is retained as per provider schedules and only in aggregated, non-identifiable form
    • Review cycles ensure unnecessary data is deleted promptly

Your Rights
Under UK GDPR, you have the right to:

    • Access your data (including meeting recordings/transcriptions where you are identifiable)
    • Correct inaccurate information
    • Request deletion (“right to be forgotten”)
    • Object to or restrict processing (including AI summarisation of meeting content)
    • Withdraw consent at any time (for processing based on consent)
    • Lodge a complaint with the Information Commissioner’s Office (ICO): https://ico.org.uk/concerns/, Tel: 0303 123 1113

For requests, email: contact@firefinch.io

Data Security
We deploy technical and organisational safeguards to prevent loss, misuse, or unauthorised access to your data. Access is restricted to those with a business need; all personnel are contractually bound to confidentiality.
Meeting recordings and transcriptions are stored securely with access limited to relevant team members. AI processing is conducted through providers with appropriate data protection agreements.

International Transfers
If personal data is transferred outside the UK (such as where our providers host data in another country or AI services process meeting transcriptions), we ensure adequate protections are in place in accordance with GDPR.

Profiling
We may analyse your personal information (including form input data and meeting insights) to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively. We may also use your personal information to detect and reduce fraud and credit risk.

Children
If you are aged 16 or under, please get your parent/guardian’s permission before sharing any personal data with us.

Links To Other Websites
Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website, so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

Policy Updates
This policy is reviewed and updated regularly to ensure legal compliance. If we change how we use your personal data, we will update this policy and communicate it as appropriate.

How To Complain
If you have any queries or concerns about this notice or about our use of your personal information, please contact the Directors at contact@firefinch.io.
If the Directors are not able to address your query or concern, you can contact the Information Commissioner at: