Privacy Policy

The data controller is Charles Horsfall, a sole trader trading as “Council of Elders”. This will become “Horsfall Ventures Ltd, trading as Council of Elders” once the company is registered.

Contact: hello@councilofelders.co.uk · [correspondence address — add a non-home/virtual address before taking payment].

• Account data — your email address, used for authentication (handled via Supabase auth).
• The content you submit — the questions and context you ask the council about, plus any text you upload or paste in.
• Session outputs — the AI-generated debate, consensus, and risk/confidence results, where you save a session.
• Billing data — your subscription status and the payment metadata we receive from Stripe. We do not store full card numbers.
• Basic usage data — limited technical and usage information needed to run the service securely and reliably (for example request logs and feature limits).

• To provide the service (run councils, save your history, manage your account) — lawful basis: performance of a contract with you.
• To take payment and manage subscriptions — lawful basis: performance of a contract.
• To keep the service secure, prevent abuse, and meet legal obligations — lawful basis: legitimate interests and legal obligation.
• To improve and support the service — lawful basis: legitimate interests, balanced against your rights.

We use trusted third-party processors who handle data on our instructions:

• Supabase — hosting, database, and authentication (stores your account, saved questions/context and session outputs).
• OpenAI — AI processing. The questions and context you submit are sent to OpenAI to generate the council’s debate and consensus.
• Stripe — payment processing for paid subscriptions.
• Vercel — application hosting and delivery.

Please note: the content you submit (your questions, context, and any uploaded text) is sent to OpenAI to produce the council output. Do not submit information you are not comfortable sharing with an AI processor, and avoid submitting other people’s personal data unless you have the right to do so.

Some processors may transfer data outside the UK/EEA. Where they do, the transfer is protected by appropriate safeguards (such as the UK International Data Transfer Agreement / addendum or equivalent).

We keep your account and saved sessions for as long as your account is active, and for a reasonable period afterwards to meet legal, accounting, and security needs. You can delete saved sessions, or ask us to delete your account and associated data (see your rights below). Billing records are kept for as long as the law requires.

Under UK GDPR you have the right to:

• Access a copy of the personal data we hold about you;
• Have inaccurate data corrected;
• Have your data erased (the “right to be forgotten”), where applicable;
• Receive your data in a portable format, or have it ported, where applicable;
• Restrict or object to certain processing;
• Withdraw consent where we rely on it (without affecting prior processing).

To exercise any of these, email hello@councilofelders.co.uk. We aim to respond within one month. You also have the right to complain to the UK’s Information Commissioner’s Office (ICO) at ico.org.uk, though we hope you will contact us first.

We use only essential cookies needed to sign you in and keep your session secure (authentication cookies). We do not use advertising cookies. If we add analytics in future, we will update this policy and ask for your consent where required.

Questions about your data or this policy? Email hello@councilofelders.co.uk, or see our Terms of Service.