Legal
Privacy Policy
Last updated: June 2026
Who we are
Ferguson is a landing page audit service operated at useferguson.com. We are the data controller for the personal data described in this policy. If you have any questions, contact us at hello@useferguson.com.
What data we collect
- ·Email address — Provided when you create an account. Used to send your magic link sign-in and occasional service communications.
- ·URLs you submit — The page addresses you ask Ferguson to audit. Stored alongside the resulting report.
- ·Audit reports — The analysis Ferguson produces for each URL, including scores, issues, and recommendations. Stored and linked to your account so you can revisit them.
- ·Usage data — Credits consumed, audit history, and plan information. Used to enforce your plan limits and show you your usage on the account page.
- ·Payment data — Handled entirely by Paddle, our payment processor. We store your Paddle customer ID and subscription status but never see your card details.
Why we process it
- ·Contract performance — Processing your email and submitted URLs is necessary to provide the service you signed up for.
- ·Legitimate interests — We store anonymised, aggregated audit data to understand how the service is used and to improve report quality. No individual user is identifiable from this data.
- ·Legal obligation — We retain transaction records as required for tax and accounting purposes.
Third parties we share data with
We use a small number of third-party services to operate Ferguson. Each acts as a data processor under a data processing agreement with us.
- ·Supabase — Database and authentication. Your account data and audit reports are stored on Supabase infrastructure. Supabase, Inc., USA — standard contractual clauses in place for UK/EU data transfers.
- ·Anthropic — AI model provider. The text content of pages you submit is sent to Anthropic's API for analysis. Anthropic PBC, USA — data processing agreement in place. Page content is not used to train Anthropic's models.
- ·Paddle — Payment processing. Handles all payment card data and issues receipts. Paddle.com Market Ltd, UK — ICO registered.
- ·Resend — Transactional email. Used to deliver your magic link sign-in emails. Resend, Inc., USA — standard contractual clauses in place.
- ·Substack — Email newsletter platform. Used to send occasional product updates and announcements, such as launch news, to signed-up users. Substack Inc., USA.
We do not sell your data to any third party.
How long we keep it
- ·Account data — Kept for as long as your account is active. Deleted when you delete your account.
- ·Audit reports — Kept indefinitely so you can revisit past reports. Deleted when you delete your account.
- ·Payment records — Retained for seven years as required by UK tax law, even if your account is deleted.
Your rights
Under UK GDPR you have the right to:
- ·Access the personal data we hold about you
- ·Correct inaccurate data
- ·Delete your account and associated data (via the account page, or by emailing us)
- ·Receive a copy of your data in a portable format
- ·Object to processing based on legitimate interests
- ·Lodge a complaint with the ICO (ico.org.uk) if you believe we have handled your data unlawfully
To exercise any of these rights, email hello@useferguson.com. We will respond within 30 days.
Cookies
Ferguson uses a single session cookie to keep you signed in. No advertising, tracking, or analytics cookies are set. No third-party cookies are placed by Ferguson itself, though Paddle may set cookies during the checkout flow.
Changes to this policy
We may update this policy from time to time. Material changes will be communicated by email. Continued use of the service after changes take effect constitutes acceptance of the revised policy.
Contact
Data protection enquiries: hello@useferguson.com