Privacy Policy

Rich Girl Systems operates this platform. We are a UK-based business providing an online founder operating system for women building profitable businesses.

This privacy policy explains how we collect, use, and protect your personal data when you use our platform at richgirlsystems.com.

For any privacy-related questions, contact us at info@richgirlsystems.com.

Account data. Your name, email address, country, timezone, and profile preferences (accountability style, productivity type, business experience level).

Business profile data. Information you provide about your business, including business name, website URL, social media handles (Instagram, TikTok, Pinterest, LinkedIn), business category and stage, country, key business dates (start date, registration date, first sale date, intended launch date), business registration number (if provided), revenue goal, target audience description, and products or services.

Usage and progress data. How you interact with the platform, including programs started and completed, tasks marked done, task reflections and notes you write, milestones unlocked, XP earned, streak counts, and session activity.

Notes. Personal notes and reflections you write within the platform.

AI interaction data. Prompts and responses in your conversations with our Founder Intelligence AI Advisor. To provide context-aware responses, your business profile, recent conversation history, and anonymised mood signals inferred from your inputs (for example, whether you have expressed time pressure or uncertainty) are included in requests sent to our AI provider. Conversation history is stored in your browser and is not saved to our servers.

Integration data. When you connect third-party services, we store the access credentials (OAuth tokens) and the data needed to power those integrations. See Section 6 for details of what each integration accesses.

Payment data. If you subscribe to a membership, payment processing is handled by our payment provider. We do not store your full card details.

Support enquiries. Name, email address, topic, and message content when you submit the contact form.

Activity log. A record of significant account events (such as logins and integration connections) for security and fraud prevention purposes. This log is retained for up to 180 days.

• ◆To operate and deliver the platform. Your account, programs, tasks, and tools depend on us storing your data.
• ◆To personalise your experience. Your progress, momentum, business profile, and program history shape what the platform shows you and how the AI Advisor responds.
• ◆To power AI features. Your business context is sent to our AI provider (Anthropic) to generate Founder Intelligence responses. Anthropic processes this data as a processor on our behalf.
• ◆To display integration data. Data from connected services is fetched and displayed within your dashboard. We do not use integration data for any purpose other than showing it to you.
• ◆To communicate with you. Service updates, account notifications, and, with your consent, product updates.
• ◆To improve the platform. Aggregated, anonymised usage patterns help us understand what works and what to build next.
• ◆For security and fraud prevention. Activity logs are used to detect and prevent unauthorised access.

• ◆Contract. We process your account and usage data to fulfil our agreement with you.
• ◆Legitimate interest. We analyse platform usage to improve the product and maintain security logs to protect all users.
• ◆Consent. For any marketing communications and for optional analytics cookies. You can withdraw consent at any time.

We use the following providers who process data on our behalf:

• ◆Supabase. Our database infrastructure and authentication provider. Stores all account and progress data.
• ◆Anthropic. The AI infrastructure behind our Founder Intelligence feature. Receives your business profile and conversation context to generate AI responses.
• ◆Stripe. Payment processing for membership subscriptions.
• ◆Google. When you connect Google Calendar or Google Analytics. Data is accessed only for the purposes described in Section 6.
• ◆Meta (Instagram/Facebook). When you connect your Instagram business account. Accesses profile statistics and post-level insights.
• ◆TikTok. When you connect your TikTok account. Accesses basic profile information and video statistics.
• ◆YouTube. When you connect your YouTube channel. Accesses channel and video analytics.
• ◆Microsoft. When you connect Outlook Calendar or Teams. Accesses calendar events and meetings.
• ◆Zoom. When you connect Zoom. Accesses scheduled meetings.
• ◆Calendly. When you connect Calendly. Accesses scheduled events.
• ◆Shopify. When you connect your Shopify store. Accesses store metrics, order counts, and product counts to display in your dashboard.

We require all processors to handle your data securely and in accordance with applicable law.

When you connect an integration, we access only what is needed to power that feature. Here is what each integration accesses:

• ◆Google Calendar. Upcoming calendar events (title, time, location) for the next 14 days. Used to display your schedule in the dashboard.
• ◆Google Analytics. Sessions, users, page views, and top pages from your own connected GA4 property. Used to display your website analytics in the dashboard.
• ◆Instagram. Your Instagram business account ID, follower count, media count, 30-day reach and impressions, and individual post engagement metrics (likes, comments, captions). Used to display your social performance in the dashboard.
• ◆Shopify. Store name, 30-day order count, revenue metrics, and product count. We also receive order data via webhooks when customers purchase your products. This may include your customers' email addresses and order details.
• ◆TikTok, YouTube, Microsoft, Zoom, Calendly. Basic profile information and relevant performance or scheduling data for display in your dashboard.

OAuth access credentials (tokens) for each integration are stored securely in our database. We access your connected accounts only to fetch data for display in your dashboard and never for any other purpose. You can disconnect any integration at any time from Settings, which removes all stored credentials and ceases all data access for that service.

We retain your data for as long as your account is active. If you close your account, we delete or anonymise your personal data within 90 days, except where we are required to retain it for legal or accounting purposes.

Security and activity logs are retained for up to 180 days and then automatically deleted, even if your account remains active.

AI conversation history is stored in your browser only and is cleared when you clear your browser data or use the clear history option in the AI Advisor.

Under UK GDPR, you have the right to:

• ◆Access your personal data.
• ◆Correct inaccurate data.
• ◆Delete your data (right to be forgotten).
• ◆Restrict or object to processing.
• ◆Data portability (download a copy of your data).
• ◆Withdraw consent where consent is the legal basis.

To exercise any of these rights, visit richgirlsystems.com/data-permissions or email info@richgirlsystems.com. We will respond within 30 days.

You can download your data directly from richgirlsystems.com/data-export.

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Some of our processors are based outside the UK. Where data is transferred internationally, we ensure appropriate safeguards are in place, such as UK adequacy decisions or standard contractual clauses.

We may update this privacy policy from time to time. We will notify you of significant changes by email or by displaying a notice in the platform.