Skip to main content
CSConviction ScoutEvidence-first market intelligence
SearchExplore

Privacy Policy

Last updated: 22 March 2026

1. Who controls your data

Conviction Scout Ltd is the data controller for personal data collected through convictionscout.app and convictionscout.com. We are a UK-incorporated entity and process data under UK GDPR (Data Protection Act 2018).

2. What data we collect

We collect the following categories of personal data:

  • Account data — email address, display name, and password hash (managed by AWS Cognito).
  • Payment data — Stripe customer ID and subscription status. We never store card numbers.
  • Usage analytics — page views and feature usage (only with your consent).
  • Community contributions — corrections, comments, and feedback you submit.
  • Technical data — IP addresses (retained for 90 days in server logs), session tokens.

3. How we collect data

Data is collected when you create an account, use the platform, submit community contributions, or interact with cookie consent controls. We do not purchase data from third parties.

4. Purposes and lawful bases

PurposeLawful basis
Provide and maintain the serviceContract (Art. 6(1)(b))
Process paymentsContract (Art. 6(1)(b))
Product analyticsLegitimate interest (Art. 6(1)(f)) — with opt-out
Marketing emailsConsent (Art. 6(1)(a)) — withdrawable
Analyse public financial commentaryLegitimate interest (Art. 6(1)(f)) — journalism/research

5. Analytics and behavioural data

We use analytics tools only when you have given consent via the cookie banner. You can withdraw consent at any time via the cookie settings link in our footer, or through your account settings.

6. Third-party processors

  • AWS — infrastructure (EU/UK SCCs, London region).
  • OpenAI / Anthropic — LLM inference (zero data retention, no training on API data).
  • Stripe — payment processing (PCI DSS Level 1).
  • Google (YouTube) — public video data only; no user PII sent.

7. International transfers

Your data is stored in the UK (AWS eu-west-2). Where data is transferred to the US (LLM providers, Stripe), we rely on Standard Contractual Clauses with supplementary encryption measures.

8. Retention periods

  • Account data: lifetime of your account + 30 days after deletion.
  • IP addresses: 90 days.
  • Payment records (Stripe ID): 7 years (legal/tax requirement).
  • Community contributions: account lifetime + 2 years archived.

9. Security

All data is encrypted at rest (AES-256 via AWS KMS) and in transit (TLS 1.3). We use role-based access controls and audit logging for all access to personal data.

10. Your rights

Under UK GDPR you have the right to:

  • Access your personal data (we will respond within 72 hours).
  • Rectify inaccurate data (24-hour SLA).
  • Erase your account and data (30-day grace period, then permanent deletion).
  • Data portability — export your data as JSON.
  • Restrict processing of your data.
  • Object to analytics and marketing processing.
  • Withdraw consent at any time.

You can exercise these rights through your account settings or by emailing privacy@convictionscout.com.

11. Complaints

If you are unhappy with how we handle your data, you can complain to the Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint.

12. Contact

For privacy queries: privacy@convictionscout.com