DRAFT — awaiting UK solicitor review. This is a structural scaffold with grounded placeholder copy. Every legal-effect decision is marked
<!-- SOLICITOR: ... -->. Do not treat as final or publish-announce until a qualified UK solicitor has reviewed and the frontmatterstatusisPUBLISHED.
1. Who we are
FirstWeek ("we", "us") provides guidance for people in the UK facing redundancy. We are the data controller for the personal data described below.
- Controller: [OPERATOR: legal entity name and UK Companies House number, if applicable]
- Contact: privacy@firstweek.co.uk (used in-product, incident runbook, and UAT consent copy; deliverability not verified in-repo)
- Postal address: [OPERATOR: UK postal or service address for the data controller]
2. What personal data we collect
- Account / identity: your email address (for the magic-link sign-in).
- Questionnaire responses: age, length of service, salary, industry, jurisdiction, situation flags (e.g. mortgage, dependants, pregnancy), ranked concerns, and termination date.
- Generated content: the action plan / report produced for you.
- Payment data: handled by Stripe; we receive transaction metadata (status, amount, customer/charge IDs), not your full card number.
- AI chat: the questions you type. We strip your name and exact salary before sending context to the AI provider (see §5).
- Technical: IP address (for rate-limiting/abuse prevention) and basic browser/device data.
- Analytics: anonymised product events (e.g. "report viewed").
3. Why we collect it — lawful basis (UK GDPR Art. 6)
- Account/auth & delivering the report — Contract (Art. 6(1)(b)).
- Payment processing & statutory record-keeping — Contract + Legal obligation.
- Rate-limiting, security, debugging — Legitimate interests (Art. 6(1)(f)).
- Product analytics — Consent (via cookie/consent banner) .
4. How we use it
To run the service, send your magic-link, generate and display your action plan, process payments, prevent abuse, debug crashes, and improve the product.
5. Who we share it with
We use the following processors. Each has its own privacy notice.
| Processor | Purpose | Region |
|---|---|---|
| Supabase | Auth + database (your account/questionnaire/report data) | EU (London eu-west-2 per DEPLOY.md) |
| Stripe | Payments + fraud/3DS | UK/EU |
| DeepSeek | AI chat (fallback) — PII stripped before sending (sanitizeAiProfile) |
API: api.deepseek.com |
| Moonshot (Kimi) | AI chat (primary) — PII stripped before sending (sanitizeAiProfile) |
API: api.moonshot.ai (default in app/api/chat/route.js) |
| PostHog | Product analytics + session replay (input masking on) | EU (eu.i.posthog.com default in components/PostHogProvider.jsx) |
| Vercel | Hosting + CDN | US |
| Upstash | Rate-limit store (hashed IP/user key only) | eu-west-1 (documented in CLAUDE_CODE_FIX_P0_SEQUENTIAL_PROMPT.md) |
We do not sell your personal data.
6. International transfers
Some processors are outside the UK (notably the AI providers in China and Vercel in the US).
7. How long we keep it
- Questionnaire/report data: while your account is active + 12 months after last sign-in.
- Payment records: 6 years (UK statutory record-keeping).
- PostHog session replays: 90 days.
- AI chat logs: not persisted to our database in the current implementation (messages go to the AI provider only); .
8. Your rights
You can ask to access, correct, erase, port, restrict, or object to processing of your data, and withdraw consent. To exercise any right, email privacy@firstweek.co.uk. You can also complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.
9. Children
The service is intended for adults.
10. Cookies and tracking
- Essential (localStorage):
firstweek-profile(in-progress questionnaire),firstweek-chat-count. - Auth (cookies):
sb-*-auth-token(Supabase session; set by Supabase SSR). - Analytics: PostHog — only initialises when
NEXT_PUBLIC_POSTHOG_KEYis set (components/PostHogProvider.jsx); replays mask all inputs. No separate cookie-consent UI is implemented in-repo today.
11. Contact
Data protection enquiries: privacy@firstweek.co.uk (see §1; inbox monitoring not verified in-repo) .
12. Changes to this policy
We will update the version and effective_date above for any material change and
notify users .