What Does This Policy Cover
PRIVACY POLICY
Version 1.0 — Effective: 25 August 2025
1. Who We Are (Controller)
THE REAL DEAL PROVIDERS LTD (“we”, “us”, “our”) is the controller of your personal data when you use visual-foundry.com (the “Site”).
Company number: 16108011 (England & Wales)
Registered office: Dept 6152, 43 Owston Road, Carcroft, Doncaster, United Kingdom, DN6 8DA
Contact: info@visual-foundry.com
2. Scope
This Policy explains how we collect, use, disclose, and safeguard personal data of visitors, account holders, and customers of the Site, including buyers of digital content and purchasers/redeemers of Credits/Tokens.
3. Personal Data We Collect
We collect the following categories of data (depending on your interaction with the Site):
| Category | Examples | Source |
| Account & Identity | Name, account handle, email, password (hashed); business name and VAT (Business Users) | You |
| Contact | Email address; country; support messages | You |
| Transaction | Order ID, purchase amounts/currency (USD/EUR/AUD/CAD), tax/VAT details, fulfilment status | You; PSP |
| Credits/Tokens | Balance, purchase history, redemption logs, expiry | You; Site systems |
| Technical & Usage | IP address, device/OS/browser, language, referral URL, session IDs, access timestamps, feature usage | Your device; analytics; security tools |
| Prompts/Inputs (UGC) | Text prompts, parameters, and uploaded reference files you submit to generate content | You |
| Support & Comms | Tickets, email threads, feedback, complaint records | You |
| Anti‑Fraud & Security | Signals from fraud‑prevention tools, risk scores, velocity checks, chargeback flags | Anti‑fraud vendors; PSP |
4. Purposes and Lawful Bases
We process personal data for the purposes and on the legal bases listed below:
| Purpose | Legal Basis (UK GDPR) | Notes |
| Provide and operate the Site; fulfil orders; deliver digital content; manage Credits/Tokens | Contract (Art. 6(1)(b)) | Includes account creation, order confirmation, delivery, and customer support |
| Fraud prevention, abuse detection, security | Legitimate Interests (Art. 6(1)(f)); Legal Obligation where applicable | We protect users and our service; minimal and proportionate use of signals |
| Analytics and service improvement | Legitimate Interests; Consent for non‑essential cookies | Aggregated statistics to improve performance and UX |
| Marketing communications | Consent (Art. 6(1)(a)); Legitimate Interests for existing customers (soft opt‑in) where permitted | You can opt out at any time |
5. Cookies and Similar Technologies
We use cookies and similar technologies as described in our Cookie Policy. Non‑essential cookies are set only with your consent under PECR and UK GDPR. You can change your preferences at any time in the cookie banner/settings.
6. Automated Decisions and Profiling
We may use automated checks (e.g., fraud‑prevention risk scoring) to help prevent abuse and secure transactions. These checks can affect your ability to complete a purchase or access certain features.
Where required by law, you have the right to obtain human intervention, to express your point of view, and to contest the decision. Contact: info@visual-foundry.com.
7. Disclosures and International Transfers
We share personal data with:
- Payment processors and anti‑fraud providers for transaction processing and risk controls;
- Cloud hosting, CDN, email, and analytics providers to operate the Site;
- Professional advisors and authorities where required by law;
- Successors in the event of a merger, acquisition, or corporate reorganisation (subject to safeguards).
International Transfers: Where personal data is transferred outside the UK (e.g., to the EEA or other countries), we use appropriate safeguards such as the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or other lawful transfer mechanisms. Where applicable, we verify vendor participation in recognised transfer frameworks.
8. Retention
We retain personal data only as long as necessary for the purposes set out in this Policy, and to comply with legal, tax, and accounting requirements.
| Data Category | Typical Retention | Rationale |
| Account data | Active account + 24 months after closure | Service continuity; dispute window |
| Orders & transaction records | 6 years after the end of the tax year | Legal/tax record‑keeping |
| Credits/Tokens logs | 6 years after the end of the tax year | Financial records; audit trail |
| Support tickets | 3 years from last activity | Quality, disputes |
| Technical logs (security) | 12 months | Security monitoring and incident response |
| Analytics (aggregated) | Up to 26 months | Trend analysis |
| Prompts/UGC (non‑reportable) | Up to 24 months, unless you delete sooner | Service improvement and reproducibility |
9. Your Rights
Under UK GDPR, you have the right to request:
- Access to your personal data;
- Rectification of inaccurate data;
- Erasure (in certain cases);
- Restriction of processing;
- Data portability; and
- Objection to processing based on legitimate interests and to direct marketing.
Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
To exercise rights, email: info@visual-foundry.com. We may need to verify your identity.
10. Children
The Site is not intended for individuals under 18. We do not knowingly collect personal data from children. If you believe a child has provided data, contact us to delete it.
11. Security
We employ technical and organisational measures appropriate to risk, including encryption in transit, access controls, least‑privilege principles, logging/monitoring, and vendor due diligence. No system is perfectly secure; we continuously improve our safeguards.
If we are legally required to notify you or authorities of a personal data breach, we will do so without undue delay.
12. How to Contact Us and Complain
Questions or requests: info@visual-foundry.com
You also have the right to complain to the UK Information Commissioner’s Office (ICO). See ico.org.uk for contact details.
13. Changes to this Policy
We may update this Policy from time to time to reflect legal, technical, or business developments. We will post the updated version with a new effective date. For material changes, we will provide reasonable notice (e.g., email or in‑product notice).
Annex A — Data Subject Request (DSR) Process
1) Receive request at info@visual-foundry.com → 2) Verify identity → 3) Triage scope (access/erasure/rectification/etc.) → 4) Retrieve data from core systems and processors → 5) Respond within one month (extend by two months for complexity) → 6) Log request for audit.
Annex B — Sub‑Processor Categories
- Cloud hosting & CDN; • Email service; • Analytics; • Payment processing; • Anti‑fraud & security; • Customer support tooling; • Error monitoring/logging.
We maintain vendor assessments and appropriate data protection safeguards. A current list of categories is available on request.
Annex C — High‑Level Record of Processing Activities (RoPA)
Data subjects: visitors, account holders, customers (consumers and business users).
Recipients: processors and sub‑processors as described above; competent authorities where required.
Transfers: outside UK subject to appropriate safeguards (see Clause 7).
Security: described in Clause 11.
Annex D — Retention Schedule (Detailed Overview)
| Data Type | Examples | Retention | Notes |
| Order & Billing | Invoices, VAT details, currency, amounts | 6 years post tax year | Statutory requirement |
| Credits/Tokens | Purchases, balance, redemptions, expiry | 6 years post tax year | Financial audit trail |
| Support & Complaints | Emails, tickets, resolutions | 3 years | Defence of claims; quality |
| Security Logs | Access logs, IPs, events | 12 months | Security incident management |
| Account Data | Profile, settings | Account life + 24 months | Reactivation window |
| Analytics (aggregated) | Usage metrics | Up to 26 months | Trend analysis; minimisation |
| Prompts/UGC | Text prompts, refs | Up to 24 months | Service reproducibility; you can delete sooner |
