This privacy statement explains how we handle information about you and your household.
One of our company’s founding beliefs is that technology can empower people – as long as it’s used with good intentions.
All companies say they take privacy seriously. And yet, not all of them really do – particularly those that make money by selling their users’ data, or selling access to their users based on who they are. Coincidentally, those companies’ privacy policies are often rather difficult to understand, unless you’re a solicitor. (And if you are, what you read might make you livid.)
We are not like them. We don’t make our money through advertising or selling data. We earn money from your subscriptions, which means our interests are closely aligned with yours. And we believe we best act in your interests by being completely transparent about how we store and process your personal information.
That’s why we’ve written this privacy statement in plain English. It explains what we do, and why we do it, without glossing over the important details, or counting on you glazing over. We hope you’ll find it simple, informative and fair, but if you have any questions at all, ask us at firstname.lastname@example.org.
We use technologies to help us understand how visitors use our website.
Some enable our servers to recognise your web browser, and to know how and when you visit our website, or use our app or service. For instance, we set a number of “cookies” – small pieces of data, usually text files, placed on your computer, tablet, phone or similar device – which we can read when you use our service, even if some time has passed since the cookie was set.
We also supplement information we collect from you with information received from third parties. This includes third parties that place their own cookies on your device(s) while you have browsed other websites or used other services (see Third party cookies).
If we weren’t able to set cookies, we wouldn’t understand how our services were being used, and we’d be unable to deliver them properly. That’s why, in legal and business terms, we view these cookies as “essential”.
Why do we do this? In short, we set cookies to deliver our service. For example, they help to make pages load quickly, and to allow you to live chat with us. Cookies also help ensure safety and security. Some enable us to make sure your information is secure, and that only you can access it when you use our service.
In order to fulfil our contractual obligations to you and all our customers, in legal terms we have a legitimate interest in ensuring an operational and safe website for all visitors.
We may also use this information to improve our business and service for customers and visitors (see General development).
Third party cookies. Some cookies are set by third parties on our behalf including: Segment (https://segment.com/legal/privacy/), Google (Analytics) (https://policies.google.com/privacy), Sentry (https://sentry.io/privacy/), Hotjar (https://www.hotjar.com/privacy/).
If you’ve given us your email address when you join – we use it to manage your account (for example, in order to contact you about household utility providers), and to send you information about our business (including marketing content). Any marketing emails will have an unsubscribe option.
In legal terms, it’s our legitimate interest to promote our service to you, and we need your email address to fulfil our contractual obligations to you if you are one of our customers.
To send emails, we work with a third party called Customer.io (https://customer.io/legal/privacy-policy/). Customer.io may include a small image (also known as a tracking pixel) in each email, which lets us know when you’ve opened that email.
If you use our website, app or service, we collect and process information about you and your household in order to serve you. This includes the following kinds of information:
The reason we need this information before you become a customer is to deliver a free personalised service to you. If you decide to become a customer of our premium service, we need to manage the service you and your household receive, to process payments, and for audit and quality assurance purposes.
In legal terms, it’s our legitimate interest to attract new customers and show how our service can help them. We also need these kinds of information to fulfil contractual obligations to you.
Sharing data with third parties. We share parts of this information with third parties, where it’s necessary for us to provide our services:
Your mobile device, web browser or whatever other method you use to connect to our website, app or service, automatically sends information to our systems. This includes IP address, browser version and app version (as appropriate), which is automatically collected and stored in “log” files.
The reason we store log files is they help us maintain and optimise our website, as well as allowing us to detect faults and fraudulent or other criminal activity.
In legal terms, we do this because it’s our legitimate interest to maintain a functional website, prevent its misuse and improve it for visitors.
All log information is automatically deleted 3 months after it is collected, unless we need it in order to investigate a fault, criminal activity or some other problem (in which case we keep it no longer than necessary to investigate and take appropriate action).
Some of the same information – your IP address, for example – is also collected by our analytics tools (see Cookies and tracking).
We use all the information we collect (other than server logs), including information from cookies and information about households, to help us develop our business.
The reason for storing this information is that it helps us improve our existing services. We use it to identify new services, options and business opportunities that we might offer, and to support their development. We also use it to identify suitable audiences for our marketing efforts. When household data has been anonymised (see Reporting and insights) we may use it to publish information which may be of general public interest.
In legal terms, it’s our legitimate interest to develop and promote our business in this way.
If you’ve created an account with us, we keep all information about the account for a maximum of three years after it’s closed (so that, for instance, we can resolve any dispute we might have with you, or a third party, relating to the account). This includes any information you’ve shared with us on the account, or that we have received from third parties (for example, from household utility providers).
All data other than account data and server logs (which are deleted in short rotation – see Storing server logs) will eventually be subject to one or more routine deletion periods. At this early stage of our business, we don’t yet know for certain what data we may need to retain and over what periods of time. However, we promise we will have carried out a review of our data retention and have made a decision about this before the end of 2022, committing to specific time periods.
We carry out routine system backups, which are deleted in rotation over time. All information we process will be part of any backup. Our backup data will only be used as a result of emergencies (such as a critical system failure) and is not routinely accessible to us.
We work with companies that supply us with technology and data processing services, and we may share the information we have about you with them. Whenever we do this, we make sure we have a contractually binding agreement that prohibits our supplier from processing the data – unless we specifically tell them otherwise – and ensures they take proper care of your data.
The current list of suppliers includes: Amazon Web Services, Segment, Google (Analytics), Amplitude, Webflow, Vercel, Sentry, Hotjar, and Customer.io. This list may grow in future as we add more tools that help us operate our website, app and service.
We use cloud services who may be based in (or at least have servers in) countries other than the United Kingdom. So we may need to transfer some of your information to other countries. When we transfer information about you to countries within the European Economic Area, we protect your data in the same way we would do within the United Kingdom. All countries in this area have systems of data protection law that provide equivalent protection to the law of the United Kingdom.
Some of our cloud services have servers based in the USA, so we may also transfer some information about you to the USA, where the systems of data protection law do not provide equivalent protection. In that case, we require a signed, binding agreement with the third party, protecting the data at least as well as if it were still in the United Kingdom, and allowing you to take legal action against them if they do not. In legal terms, this means that our contracts with these third parties include the standard clauses which UK law requires.
Depending on the data and the nature of the service, we will also include additional safeguards we think appropriate. For example, by ensuring that information is encrypted in transit, or is encrypted while stored in the USA.
The household information we collect has value beyond providing our service. Viewed collectively, we can use pooled household data to spot patterns, track how households are adjusting their behaviour in response to cost of living pressures, and identify opportunities which could benefit all – even households which do not use our services directly.
In order to do this, we anonymise all personal and household information we collect (for example, by aggregating it with others’ data or stripping out personally identifiable markers), so that it is no longer possible to identify its relation to you. Once anonymised, data is no longer “personal data”. We use aggregated data to carry out statistical analysis and we may publish reporting and insights which are of general public interest (for example, in an index of financial impacts on households as a result of pricing changes in a particular industry category).
In legal terms, it’s our legitimate interest to anonymise personal data by aggregation in order to offer useful services to the public and to help promote our business.
Under the UK General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:
For further information on each of those rights, including circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation
If you would like to exercise any of those rights, please:
The General Data Protection Regulation also gives you the right to lodge a complaint with the Information Commissioner who may be contacted at https://ico.org.uk/make-a-complaint/your-personal-information-concerns/ or telephone: 0303 123 1113
We are Eighteen and a Half Limited (company number 13236360), trading under the name “Nous”. Our registered address is 18½ Sekforde St., London EC1R 0HL, but it is probably more convenient to contact us at email@example.com or (if you are a customer) using the app.