Privacy Policy

1. Introduction

Castles respects your privacy. This Privacy Policy explains what data we collect, why we collect it, and how we use and protect it. This policy applies to all users of the Castles website, visitors, leads, and users of the Castles platform once it launches.

Castles is committed to complying with global privacy laws including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Australian Privacy Act, and other applicable regulations.

2. Data Controller

Castles is the data controller for all personal data collected through our website and platform. Castles is operated by Jack Phillips.

Contact for privacy matters: jack@tradekix.ai

3. What Data We Collect

The data we collect depends on how you interact with Castles:

Website Visitors

• IP address
• Browser type and version
• Pages visited on our website
• Time and date of visits
• Analytics data (via analytics services)
• Cookies and similar tracking technologies

Lead Capture Forms

• Full name
• Email address
• Company name
• Job title
• Message content (if you use our contact form)

Platform Users (Once Product Launches)

• Account details (name, email, password)
• Organisational data
• Usage logs and activity data
• Content uploaded to Castles (structured knowledge in Castles/Rooms/Artefacts)
• Billing information (processed securely by our payment processor)

4. How We Use Your Data

We use your data for the following purposes:

• To respond to your enquiries and provide requested information
• To send marketing communications about Castles (product updates, newsletters, offers) with your consent
• To provide, maintain, and improve the Castles platform
• To comply with legal obligations and respond to lawful requests
• To analyse website usage patterns and improve user experience
• To prevent fraud and maintain security
• To conduct research and analytics to improve our services

5. Legal Basis for Processing (GDPR)

Under GDPR, we process your data on one or more of the following legal bases:

• Consent: For marketing communications, newsletter subscriptions, and non-essential cookies
• Legitimate Interest: For responding to enquiries, improving our website and services, and analytics
• Contractual Necessity: For providing the Castles platform to paying customers and fulfilling subscription agreements
• Legal Obligation: Where required by law, such as tax, employment, or other regulatory requirements

6. Marketing Communications

We may contact leads who submit their details through our website forms with information about Castles, including product updates, newsletters, and special offers.

Your options:

• Every marketing email includes an unsubscribe link
• You can withdraw consent at any time by emailing jack@tradekix.ai or clicking the unsubscribe link in any email
• We will never sell or rent your personal data to third parties for their own marketing purposes

If you do not wish to receive marketing communications, you can opt out at any time without affecting your access to our website or services.

7. Data Sharing

We may share your data with the following categories of recipients:

• Service providers: Third parties that help us operate Castles, including:
  • Hosting and infrastructure (Vercel)
  • Database services (Supabase)
  • Authentication (Clerk)
  • Payment processing (Stripe)
  • Email services
  • Analytics platforms
• Legal compliance: We may disclose data if required by law, court order, or other legal process
• Business transfers: If Castles is acquired or merged, data may be transferred to the acquiring entity

We do not sell personal data to third parties for commercial purposes. Service providers are contractually bound to use your data only as necessary to provide services to us and must maintain appropriate security.

8. Data Retention

We retain personal data only for as long as necessary:

• Lead data: Retained for 24 months after your last interaction with us, or until you withdraw consent
• Platform user data: Retained for the duration of your subscription plus 90 days after account termination
• Website analytics: Typically retained for 12-24 months

You can request deletion of your data at any time by contacting jack@tradekix.ai. We will comply with deletion requests within 30 days, unless legal obligations require us to retain the data.

9. Your Privacy Rights

Depending on your location, you have certain rights regarding your personal data:

GDPR (European Union, European Economic Area, and United Kingdom)

• Right to access your personal data
• Right to rectify inaccurate data
• Right to erase data (the "right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent at any time

CCPA (California)

• Right to know what data is collected and how it is used
• Right to delete personal data
• Right to opt-out of the sale of personal data (we do not sell data)
• Right to non-discrimination for exercising your privacy rights

Australian Privacy Act

• Right to access personal information held about you
• Right to request correction of inaccurate or incomplete information
• Right to complain to the Office of the Australian Information Commissioner (OAIC) if you believe we have mishandled your data

To exercise any of these rights: Contact jack@tradekix.ai with details of your request. We will respond within 30 days (or as required by applicable law). You may also have the right to lodge a complaint with your local data protection authority.

10. Cookies

Our website uses cookies to enhance your experience and gather analytics:

• Essential cookies: Required for the website to function (login, security, preferences)
• Analytics cookies: Help us understand how visitors use our website

You can manage cookie preferences through your browser settings. Most browsers allow you to refuse cookies or alert you when a cookie is being sent. Please note that disabling essential cookies may affect your ability to use certain features of our website.

Third-party analytics services may set their own cookies; you can opt out of tracking through their privacy settings.

11. International Data Transfers

Castles operates globally, and your data may be processed in Australia, the United States, the European Union, and other countries depending on where our service providers are located.

Where we transfer data internationally, we implement appropriate safeguards including:

• Standard Contractual Clauses (SCCs) for transfers to countries outside the EEA
• Privacy Shield certifications (where applicable)
• Equivalent data protection measures recognized by relevant authorities

By using Castles, you consent to the transfer of your data to countries outside your country of residence, which may have different data protection laws.

12. Children's Privacy

Castles is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a minor has provided us with personal data, we will delete such data and terminate the minor's account.

Parents or guardians who believe their child has provided data to Castles should contact us immediately at jack@tradekix.ai.

13. Security

We take data security seriously and implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, and disclosure. This includes encryption, secure servers, and access controls.

However, no transmission over the internet is completely secure. While we strive to protect your data, we cannot guarantee absolute security. You use our website and services at your own risk.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The "Last updated" date at the top of this policy will be updated whenever material changes are made.

We will notify you of material changes by posting the updated policy on our website and, if required by law, via email. Your continued use of Castles after such changes constitutes your acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or would like to report a data privacy concern, please contact:

Email: jack@tradekix.ai

For EU and UK residents: You also have the right to lodge a complaint with your local data protection authority (your country's supervisory authority under GDPR).

For Australian residents: You can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

For more information about our terms of service, please see our Terms of Service.