Strong Social
Start free

Privacy Notice

Last updated: 17 May 2026

This Privacy Notice explains how Ellen Grace Stafford, sole trader based in the United Kingdom, trading as Strong Social AI ("we", "us", "our"), collects, uses, and protects your personal data when you use the Strong Social AI service (the "Service"). We act as the data controller for the personal data described below.

1. Personal data we collect

  • Account data: name, email address, password hash, display name.
  • Authentication data: login timestamps, OAuth identifiers if you sign in via Google.
  • Usage data: generated prompts and outputs, feature usage, generation counts, timestamps.
  • Technical data: IP address, browser type, device identifiers, error logs.
  • Support data: messages you send to us.
  • Billing data: handled by Paddle (see "Sharing"); we receive only subscription status, plan, billing period, and a Paddle customer reference.

2. Why we use your data and our legal basis

  • Provide the Service (account creation, AI generation, saving outputs) — necessary for performance of the contract.
  • Billing & subscription management — necessary for performance of the contract and our legal obligations.
  • Security, fraud prevention, and abuse detection — legitimate interests in protecting the Service and our users.
  • Customer support — necessary for performance of the contract.
  • Product improvement and analytics — legitimate interests in improving the Service; aggregated where possible.
  • Marketing emails — only with your consent, which you can withdraw at any time.

3. Who we share your data with

  • Subprocessors / hosting: Supabase (database & auth, EU region), Cloudflare (hosting & CDN).
  • AI providers: Google (Gemini) and OpenAI process your prompts to generate outputs.
  • Merchant of Record: Paddle.com Market Ltd processes payments, manages subscriptions, handles tax, refunds, and invoicing. See Paddle's privacy notice.
  • Professional advisers: accountants and lawyers, where necessary.
  • Authorities: where required by law or to defend our legal rights.

4. International transfers

Some recipients (e.g. OpenAI, Google) process data outside the UK/EEA. Where data is transferred outside the UK/EEA, we rely on adequacy decisions or Standard Contractual Clauses with appropriate safeguards.

5. Retention

We keep your personal data for as long as your account is active. If you delete your account, we delete or anonymise your data within 30 days, except where we are required to keep it longer for legal, accounting, or fraud-prevention purposes (typically up to 6 years for billing records).

6. Your rights (UK GDPR)

You have the right to:

  • access your personal data and request a copy;
  • have inaccurate data corrected;
  • request erasure of your data ("right to be forgotten");
  • restrict or object to processing;
  • data portability;
  • withdraw consent at any time (where processing is based on consent);
  • complain to the UK Information Commissioner's Office (ico.org.uk).

To exercise any of these rights, email hello@strongsocialai.com. We will respond within one month.

7. Security

We use appropriate technical and organisational measures to protect your data, including encryption in transit, row-level security in our database, and access controls.

8. Cookies

We use only essential cookies required to keep you signed in and remember your session. We do not use third-party advertising or tracking cookies.

9. Contact

Ellen Grace Stafford, United Kingdom — hello@strongsocialai.com