Legal

Privacy Policy

Last updated: June 2026

Who we are

Ferguson is a landing page audit service operated at useferguson.com. We are the data controller for the personal data described in this policy. If you have any questions, contact us at hello@useferguson.com.

What data we collect

  • ·Email addressProvided when you create an account. Used to send your magic link sign-in and occasional service communications.
  • ·URLs you submitThe page addresses you ask Ferguson to audit. Stored alongside the resulting report.
  • ·Audit reportsThe analysis Ferguson produces for each URL, including scores, issues, and recommendations. Stored and linked to your account so you can revisit them.
  • ·Usage dataCredits consumed, audit history, and plan information. Used to enforce your plan limits and show you your usage on the account page.
  • ·Payment dataHandled entirely by Paddle, our payment processor. We store your Paddle customer ID and subscription status but never see your card details.

Why we process it

  • ·Contract performanceProcessing your email and submitted URLs is necessary to provide the service you signed up for.
  • ·Legitimate interestsWe store anonymised, aggregated audit data to understand how the service is used and to improve report quality. No individual user is identifiable from this data.
  • ·Legal obligationWe retain transaction records as required for tax and accounting purposes.

Third parties we share data with

We use a small number of third-party services to operate Ferguson. Each acts as a data processor under a data processing agreement with us.

  • ·SupabaseDatabase and authentication. Your account data and audit reports are stored on Supabase infrastructure. Supabase, Inc., USA — standard contractual clauses in place for UK/EU data transfers.
  • ·AnthropicAI model provider. The text content of pages you submit is sent to Anthropic's API for analysis. Anthropic PBC, USA — data processing agreement in place. Page content is not used to train Anthropic's models.
  • ·PaddlePayment processing. Handles all payment card data and issues receipts. Paddle.com Market Ltd, UK — ICO registered.
  • ·ResendTransactional email. Used to deliver your magic link sign-in emails. Resend, Inc., USA — standard contractual clauses in place.
  • ·SubstackEmail newsletter platform. Used to send occasional product updates and announcements, such as launch news, to signed-up users. Substack Inc., USA.

We do not sell your data to any third party.

How long we keep it

  • ·Account dataKept for as long as your account is active. Deleted when you delete your account.
  • ·Audit reportsKept indefinitely so you can revisit past reports. Deleted when you delete your account.
  • ·Payment recordsRetained for seven years as required by UK tax law, even if your account is deleted.

Your rights

Under UK GDPR you have the right to:

  • ·Access the personal data we hold about you
  • ·Correct inaccurate data
  • ·Delete your account and associated data (via the account page, or by emailing us)
  • ·Receive a copy of your data in a portable format
  • ·Object to processing based on legitimate interests
  • ·Lodge a complaint with the ICO (ico.org.uk) if you believe we have handled your data unlawfully

To exercise any of these rights, email hello@useferguson.com. We will respond within 30 days.

Cookies

Ferguson uses a single session cookie to keep you signed in. No advertising, tracking, or analytics cookies are set. No third-party cookies are placed by Ferguson itself, though Paddle may set cookies during the checkout flow.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email. Continued use of the service after changes take effect constitutes acceptance of the revised policy.

Contact

Data protection enquiries: hello@useferguson.com