PIPELINE STUDIO
Privacy Policy
close
Last updated: 23 April 2026

Privacy Policy

Fatarrow is committed to protecting your personal data. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. If you have any questions, contact us at admin@fatarrow.io.

01 · Who We Are

Fatarrow Ltd is the data controller for personal data collected through our platform and website. We are registered in England and Wales. For all data protection enquiries, contact our team at admin@fatarrow.io.

02 · Data We Collect

We collect the following categories of personal data:

  • Account data - your name, email address, company name, and password (stored as a one-way hash) when you register.
  • Billing data - payment method details processed and stored by our payment processor. We do not store card numbers on our servers.
  • Usage data - pages visited, features used, session duration, and browser/device information collected via server logs.
  • Business data - data you connect from third-party platforms (e.g. Shopify orders, Xero invoices) for the purpose of powering your dashboards and automations.
  • Communications - messages you send to our support team and any correspondence we exchange.
  • Cookie data - session tokens and functional cookies required to keep you signed in and the platform working correctly.

03 · Legal Basis for Processing

We process your personal data on the following lawful bases under UK GDPR Article 6:

  • Contract - processing your account and billing data to provide the service you subscribed to.
  • Legitimate interests - improving our platform, detecting fraud, and sending product-related communications you would reasonably expect.
  • Legal obligation - retaining financial records as required by UK tax law and Companies Act obligations.
  • Consent - marketing communications, where we ask for your explicit opt-in.

04 · How We Use Your Data

  • Providing, maintaining, and improving the Fatarrow platform.
  • Processing payments and managing your subscription via our payment processor.
  • Sending transactional emails - account confirmations, invoices, trial reminders, and security alerts.
  • Generating AI-powered insights and reports from your connected business data.
  • Responding to support requests and communicating about your account.
  • Detecting, investigating, and preventing fraud, abuse, or security incidents.
  • Complying with legal obligations and responding to lawful requests from authorities.

05 · Data Sharing & Third Parties

We do not sell your personal data. We share data only with trusted third-party processors under strict data processing agreements. These processors provide services including database hosting, authentication infrastructure, payment processing, transactional email delivery, AI insight generation, and application hosting. All processors are carefully vetted and contractually bound to protect your data in accordance with UK GDPR.

A full list of our current sub-processors is available on request. To request this information, please contact us at admin@fatarrow.io.

We may disclose personal data to law enforcement or regulatory bodies if required by law or to protect the rights, property, or safety of Fatarrow, our users, or others.

06 · International Transfers

Some of our third-party processors are based outside the UK. Where data is transferred internationally, we ensure appropriate safeguards are in place - including UK adequacy decisions and Standard Contractual Clauses (SCCs) - in accordance with UK GDPR Chapter V.

07 · Data Retention

  • Account and business data is retained for the duration of your active subscription and for 30 days after account closure, during which you may request a full export.
  • Financial and billing records are retained for 7 years as required by UK tax law.
  • Support communications are retained for 3 years.
  • AI-generated insights and Q&A history are retained according to your plan's data retention limits (30 days on Starter, 90 days on Growth, 365 days on Scale).

08 · Cookies

We use only strictly necessary cookies required for the platform to function — specifically, a session authentication token to keep you signed in. We do not use advertising or tracking cookies. We do not use third-party analytics or tracking scripts on the platform.

09 · Security

We implement appropriate technical and organisational measures to protect your data, including:

  • TLS encryption for all data in transit.
  • Encryption at rest for all stored data.
  • Row-level security on all database tables - users can only access their own data.
  • API keys and OAuth tokens stored using industry-standard secure storage.
  • Regular security reviews and access controls for our team.

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and affected users without undue delay, as required by UK GDPR Article 33 and 34.

10 · Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access - request a copy of the personal data we hold about you.
  • Right to rectification - request correction of inaccurate or incomplete data.
  • Right to erasure - request deletion of your data, subject to legal retention obligations.
  • Right to restriction - request that we limit processing of your data in certain circumstances.
  • Right to data portability - receive your data in a structured, machine-readable format.
  • Right to object - object to processing based on legitimate interests or for direct marketing.
  • Rights related to automated decision-making - we do not make solely automated decisions with legal or significant effects on you.

To exercise any of these rights, email admin@fatarrow.io. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

11 · Children's Privacy

Fatarrow is intended for business use only. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that a minor has provided us with personal data, we will delete it promptly.

12 · Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you by email at least 14 days before material changes take effect. The latest version is always available at fatarrow.io/privacy. Continued use of the platform after the effective date constitutes acceptance of the updated policy.

13 · Contact & DPO

For all privacy-related questions, data subject requests, or to report a concern, contact us at admin@fatarrow.io. We aim to respond to all requests within 5 business days and will always meet the 30-day statutory deadline.

Fatarrow Ltd · Registered in England & Wales · ICO Registered check I've read this - Close