Legal
Privacy Policy
Effective date: 20th April 2026 · Last updated: 20th April 2026
Data Shigoto Limited (trading as "Fude" or "Fude AI"), a company registered in England and Wales with company number 13401476 ("Fude", "we", "us", "our"), is committed to protecting your personal data. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and your rights under UK data protection law.
This Policy applies to our website, our SaaS platform and related services (the "Service").
We are the data controller for personal data processed in connection with our website, marketing, and the administration of customer accounts. Where we process personal data contained in customer inputs on behalf of a business customer, we act as a data processor and the customer is the controller; those processing activities are governed by our Data Processing Agreement.
1. Who we are
- Controller: Data Shigoto Limited, a company registered in England and Wales with company number 13401476.
- Registered office: [REGISTERED ADDRESS]
- Contact for privacy matters: hello@fude-ai.com
- Data Protection Officer: We are not required to appoint a Data Protection Officer under Article 37 of the UK GDPR and have not appointed one. For all privacy matters, please contact hello@fude-ai.com.
2. Personal data we collect
We collect the following categories of personal data:
Account and identity data — name, business email, password (hashed), profile preferences.
Billing data — billing name, billing address, VAT number, subscription and invoice history. Card details are collected and stored directly by our payment processor; we do not store full card numbers.
Usage data — log files, IP address, device and browser information, pages viewed, features used, timestamps, referring URLs, session identifiers, diagnostic and performance data.
Content data (Customer Data) — inputs you submit to the Service (briefs, prompts, documents, URLs, reference materials) and the AI Outputs generated in response. These may contain personal data if you choose to include it. You must not submit special category data (as defined under UK GDPR) or any unnecessary personal data to the Service.
Communications data — emails, support tickets, feedback, survey responses and records of your interactions with us.
Marketing data — your preferences for receiving marketing from us and your engagement with our marketing (e.g. email opens and clicks, where measured).
Cookie and analytics data — see Section 9 below.
3. How we collect personal data
- Directly from you — when you register, subscribe, use the Service, contact us, or attend our events.
- Automatically — through cookies, analytics and server logs when you use the Service.
- From third parties — such as payment processors, identity verification providers, authentication providers (e.g. Google/Microsoft SSO where used), and publicly available sources for business-to-business marketing.
4. Purposes and lawful bases for processing
We process personal data for the following purposes, relying on the lawful bases under Article 6 of the UK GDPR:
| Purpose | Lawful basis |
|---|---|
| Creating and administering your Account | Performance of a contract |
| Providing the Service (including generating Outputs) | Performance of a contract |
| Taking payment and managing billing | Performance of a contract; legal obligation (tax, accounting) |
| Providing customer support | Performance of a contract; legitimate interests (running our business) |
| Securing the Service and preventing fraud or abuse | Legitimate interests (protecting our Service and users); legal obligation |
| Monitoring performance and improving the Service | Legitimate interests (improving our product) |
| Sending service communications (e.g. updates, outages) | Performance of a contract; legitimate interests |
| Sending B2B marketing to existing customers about similar services | Legitimate interests (soft opt-in under PECR) |
| Sending marketing to prospects | Consent (where required) or legitimate interests for B2B corporate contacts |
| Complying with legal and regulatory obligations | Legal obligation |
| Establishing, exercising or defending legal claims | Legitimate interests; legal obligation |
Where we rely on legitimate interests, we have carried out a balancing test to ensure our interests do not override your rights and freedoms. You can contact us for more information on that assessment.
5. AI processing — how your inputs are used
- We process your inputs to generate Outputs through third-party AI model providers (see Section 6).
- We do not use your Customer Data or Outputs to train foundation AI models. Where we use third-party model providers, we contract for equivalent protections where commercially available.
- Inputs and Outputs are stored in your Account so that you can access and manage them, and are retained in accordance with Section 8.
- Aggregated and anonymised usage statistics (which do not identify you) may be used to monitor and improve the Service.
6. Who we share personal data with
We share personal data only where necessary, with the following categories of recipient:
Service providers (processors acting on our instructions):
- Cloud hosting and infrastructure providers
- AI model providers (for generating Outputs)
- Payment processors
- Email and communications providers
- Analytics and product telemetry providers
- Customer support tooling providers
- Security, fraud prevention and logging providers
A current list of sub-processors is available on request.
Professional advisers — lawyers, accountants, auditors and insurers, where necessary.
Authorities — where required by law, court order, or to protect our rights or the safety of others.
Corporate transactions — a potential or actual buyer, investor, or successor in connection with a merger, acquisition, reorganisation or sale of assets, subject to appropriate confidentiality obligations.
We do not sell personal data.
7. International transfers
Some of our service providers, including certain AI model providers, are located outside the UK (including in the United States and the EEA). Where personal data is transferred outside the UK to a country not deemed adequate by the UK government, we put in place appropriate safeguards, such as:
- the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses; and
- where applicable, supplementary measures such as encryption.
You can request a copy of the safeguards in place by contacting us.
8. Retention
We retain personal data only for as long as necessary for the purposes set out in this Policy, including:
- Account data — for the duration of your Account and for up to 12 months after closure, unless a longer period is required by law.
- Billing and tax records — for at least 6 years, as required by UK tax law.
- Customer Data (inputs/outputs) — for the duration of your Subscription and for up to 30 days after termination, after which it is deleted or anonymised, unless you request earlier deletion.
- Support communications — for up to 3 years from closure of the ticket.
- Security and audit logs — for up to 12 months.
- Marketing data — until you opt out or become inactive for 24 months.
After the retention period, data is deleted, anonymised, or (where deletion is not immediately technically feasible, e.g. in backups) securely isolated and deleted on the next retention cycle.
9. Cookies and similar technologies
We use cookies and similar technologies to operate the Service, remember your preferences, analyse usage and (where applicable and with your consent) measure marketing performance.
- Strictly necessary cookies — required to operate the Service (e.g. authentication, security). These do not require consent.
- Analytics cookies — help us understand how the Service is used. We use these only with your consent.
- Marketing cookies — used with your consent.
You can manage your preferences via our cookie banner and your browser settings.
10. Your rights
Under UK data protection law, you have the following rights in relation to your personal data:
- Access — to request a copy of your personal data.
- Rectification — to have inaccurate data corrected.
- Erasure ("right to be forgotten") — to request deletion in certain circumstances.
- Restriction — to restrict processing in certain circumstances.
- Portability — to receive your data in a structured, commonly used format.
- Objection — to object to processing based on legitimate interests or for direct marketing.
- Withdraw consent — where processing is based on consent, at any time (without affecting lawfulness of prior processing).
- Not be subject to solely automated decisions — that produce legal or similarly significant effects without appropriate safeguards.
To exercise any of these rights, contact us at hello@fude-ai.com. We will respond within one month, although this period may be extended by up to two further months for complex requests.
If your personal data is contained in content submitted by a business customer of ours, please contact that customer directly; we will assist them in responding to your request.
We do not use personal data to make solely automated decisions that produce legal or similarly significant effects.
Complaints. You have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk or on 0303 123 1113. We would appreciate the opportunity to address your concerns first.
11. Security
We implement appropriate technical and organisational measures to protect personal data, including encryption in transit and at rest (where applicable), access controls, logging, regular reviews, and personnel training. We follow industry-standard security practices appropriate to the nature of the Service. No system is completely secure, and we cannot guarantee absolute security.
12. Children
The Service is intended for business users and is not directed at children under 18. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us.
13. Changes to this Policy
We may update this Policy from time to time. Where changes are material, we will take reasonable steps to notify you by email or through the Service before the changes take effect. The "Last updated" date above indicates when the Policy was most recently revised.
14. Contact us
Data Shigoto Limited
[REGISTERED ADDRESS]
Email: hello@fude-ai.com