Privacy Policy

VentureDeck is a trading name operated by Target Consultants Limited, a company registered in England and Wales. References to “VentureDeck”, “we”, “us”, or “our” in this policy refer to Target Consultants Limited as the data controller.

For data protection enquiries, contact us at: privacy@venturedeck.io

We collect the following categories of personal data:

• Account information: name, email address, and password (hashed)
• Business information: company name, stage, and financial data you voluntarily enter into the platform
• Financial integration data: if you connect Stripe, Xero, or QuickBooks, we receive the data authorised by those integrations
• Contact enquiries: information submitted via our contact form
• Usage data: pages visited, features used, session duration, and browser/device type
• Cookie data: as described in our Cookie Policy

We do not collect sensitive personal data (as defined under UK GDPR Article 9) and do not seek to do so.

We process your personal data on the following lawful bases:

• Contract performance: to provide the VentureDeck platform to you as a subscriber
• Legitimate interests: to improve the platform, prevent fraud, and communicate product updates relevant to your account
• Legal obligation: where processing is necessary to comply with UK law
• Consent: for optional marketing communications, which you may withdraw at any time

We use your data to:

• Provide, maintain, and improve the VentureDeck platform
• Respond to support and contact enquiries
• Send transactional communications (account activity, billing receipts)
• Send product updates and, where you have consented, marketing communications
• Detect and prevent fraudulent or unauthorised use
• Comply with our legal and regulatory obligations

Your financial data entered into the platform is used solely to power the features you use. It is never sold, rented, or shared with third parties for their own commercial purposes, and it is never used to train AI models without your explicit consent.

We share data only where necessary:

• Supabase (database and edge functions): your data is stored and processed on Supabase infrastructure in accordance with their data processing agreement
• Stripe: payment processing for subscriptions; Stripe operates under its own privacy policy
• Integration providers (Xero, QuickBooks): only data you have authorised via OAuth is received; we do not share your data back to these providers
• Analytics providers: anonymised, aggregated usage data only

We may disclose data where required by law, court order, or regulatory authority. We will notify you where legally permitted to do so.

Some of our infrastructure providers operate outside the UK. Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO), or adequacy decisions.

We retain your personal data for as long as your account is active, plus a further period necessary to comply with legal obligations, resolve disputes, and enforce agreements. Typically:

• Account data: retained for the duration of your subscription plus 3 years
• Financial data you have entered: deleted within 30 days of account closure on request
• Contact enquiry data: retained for 2 years from the date of enquiry
• Billing records: retained for 7 years in accordance with UK financial record-keeping requirements

You have the following rights in relation to your personal data:

• Right of access: request a copy of the personal data we hold about you
• Right to rectification: request correction of inaccurate or incomplete data
• Right to erasure: request deletion of your personal data where there is no compelling reason for continued processing
• Right to restriction: request that we restrict how we use your data
• Right to data portability: receive your data in a structured, machine-readable format
• Right to object: object to processing based on legitimate interests or for direct marketing
• Rights in relation to automated decision-making: we do not make solely automated decisions that produce legal or significant effects without human review

To exercise any of these rights, contact us at privacy@venturedeck.io. We will respond within one calendar month.

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Helpline: 0303 123 1113

We would appreciate the opportunity to address your concerns directly before you contact the ICO — please reach out to us first at privacy@venturedeck.io.

We implement technical and organisational measures to protect your personal data, including encryption in transit and at rest, row-level security on all database tables, and access controls limiting data access to authorised personnel. No system is completely secure; if you have security concerns, contact us immediately.

We use cookies and similar technologies as described in our Cookie Policy.

We may update this Privacy Policy from time to time. Material changes will be communicated by email or via a notice within the platform at least 14 days before they take effect. Continued use of VentureDeck after changes take effect constitutes acceptance of the updated policy.

This Privacy Policy is governed by the laws of England and Wales. Any disputes arising from or related to this policy shall be subject to the exclusive jurisdiction of the courts of England and Wales.