Privacy Policy

Effective Date: 17/07/2026

Last Updated: 17/07/2026

This Privacy Policy explains how Thrive Theory Ltd (Company No. 15782970) trading as Steddi (“Steddi”, “we”, “us” or “our”) collects, uses, stores and protects personal data.

It applies to: our website; the Steddi platform; customer accounts; implementation and consultancy services; support services; marketing communications; events, webinars and demonstrations; and any other interactions with us.

This Privacy Policy explains how we process personal data where Thrive Theory Ltd acts as a data controller.

Where our customers use Steddi to process personal data relating to their own customers, employees or contacts, we generally act as a data processor on their behalf. That processing is governed by our Data Processing Addendum, not this Privacy Policy.

1. Who We Are

Data Controller: Thrive Theory Ltd. Company Number: 15782970. Website: https://staysteddi.com. Enquiries: privacy@[INSERT DOMAIN].

If you have questions about this Privacy Policy or how we process your personal data, please contact us using the details above.

2. The Information We Collect

The personal data we collect depends on how you interact with us.

Information you provide

You may provide information including: name; business name; email address; telephone number; job title; billing information; company information; account credentials; support enquiries; communications with us; survey responses; implementation information; files and documents you choose to share.

Information collected automatically

When you visit our website or use the Platform we may collect: IP address; browser type; operating system; device information; pages visited; referring website; date and time of access; interactions with our website; Platform usage information; diagnostic information; cookie identifiers.

Information from third parties

We may receive information from third-party providers including: Stripe; HighLevel; Google; Microsoft; Meta; Twilio; OpenAI; Make.com; analytics providers; authentication providers; integration partners.

3. How We Use Personal Data

We use personal data to: provide our Services; create and manage customer accounts; process subscriptions and payments; deliver implementation and consultancy services; provide customer support; communicate with customers; improve our Platform; maintain security; investigate technical issues; develop new features; provide AI functionality requested by customers; send service notifications; comply with legal obligations; protect our legal rights.

Where permitted by law, we may also use personal data to send marketing communications about our products and services.

4. Lawful Bases

Where UK GDPR requires a lawful basis, we rely on one or more of the following.

Performance of a contract

Including: providing subscriptions; delivering Professional Services; processing payments; managing customer accounts.

Legitimate interests

Including: improving our Services; securing the Platform; fraud prevention; customer support; product analytics; internal reporting; business administration.

Where we rely on legitimate interests, we consider your rights before processing your personal data.

Consent

We rely on consent where required, including: marketing emails where required by law; marketing SMS where required; non-essential cookies. You may withdraw consent at any time.

Legal obligation

We process personal data where necessary to comply with legal obligations, including accounting, taxation, fraud prevention and regulatory requirements.

5. Customer Data

The Steddi Platform enables customers to store and manage information relating to their own businesses. In most cases, we process this information solely on behalf of our customers.

Our customers determine: what personal data is processed; why it is processed; how long it is retained.

In these situations: our customer is the data controller; Thrive Theory Ltd acts as the data processor.

If you believe your personal data has been processed by one of our customers, you should contact that customer directly.

6. Artificial Intelligence

The Platform includes AI-powered features. Where AI functionality is used: prompts and related Customer Data may be processed by third-party AI providers; processing occurs solely to generate the requested output; Thrive Theory Ltd does not use Customer Data to train its own artificial intelligence models.

AI-generated outputs should always be reviewed before being relied upon.

7. How We Share Information

We do not sell personal data. We may share personal data with trusted service providers who help us operate our business.

These may include providers of: cloud infrastructure; customer relationship management; payment processing; authentication; communications; artificial intelligence; analytics; customer support; automation; security; professional advisers.

An up-to-date list of key subprocessors and service providers is available at: [INSERT SUBPROCESSOR PAGE].

We may also disclose personal data: where required by law; to protect our legal rights; during a merger, acquisition or business sale; with your consent.

8. International Transfers

Some of our service providers process personal data outside the United Kingdom. For example, certain services provided through the Steddi Platform rely upon infrastructure hosted in the United States.

Where personal data is transferred internationally, we implement appropriate safeguards required by applicable data protection law. Further information is available upon request.

9. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy.

Typical retention

Website enquiries: [INSERT PERIOD]. Customer account information: duration of the account plus legal retention periods. Billing records: as required by law. Marketing preferences: until consent is withdrawn or no longer required. Platform Customer Data: governed by customer instructions and our Data Processing Addendum. Closed customer workspaces: ordinarily deleted approximately 90 days after the subscription ends unless longer retention is required by law.

Where retention is no longer necessary, personal data is securely deleted or anonymised.

10. Security

We take appropriate technical and organisational measures designed to protect personal data. These measures include administrative, technical and physical safeguards appropriate to the nature of the personal data processed.

The Platform is built using secure third-party infrastructure. No online service can guarantee absolute security.

You are responsible for maintaining the security of your account credentials and connected third-party services.

11. Cookies and Similar Technologies

We use cookies and similar technologies to: operate our website; remember preferences; understand website usage; improve our Services; measure marketing performance.

We currently use technologies including: Google Analytics 4; Meta Pixel; Microsoft Clarity.

Non-essential cookies are used only where you have provided any required consent. Further information is available in our Cookie Policy.

12. Marketing Communications

Where permitted by law, we may send information about our products and services.

You can unsubscribe at any time by: using the unsubscribe link in our emails; following the instructions contained within SMS messages; contacting us directly.

Even if you opt out of marketing, we may continue sending important service-related communications.

13. Your Rights

Depending on your location and applicable law, you may have rights including: access to your personal data; correction of inaccurate information; deletion of personal data; restriction of processing; objection to processing; data portability; withdrawal of consent; lodging a complaint with a supervisory authority.

Where we process personal data on behalf of one of our customers, requests should generally be directed to that customer.

To exercise your rights relating to personal data controlled by Thrive Theory Ltd, please contact: privacy@[INSERT DOMAIN].

14. Automated Decision Making

We may use automated systems, including AI functionality, to assist in generating reports, recommendations and other outputs.

We do not use solely automated decision-making that produces legal or similarly significant effects about individuals within the meaning of UK GDPR.

15. Children’s Privacy

The Services are intended for business users aged 18 years or older. We do not knowingly collect personal data from children.

If you believe we have received personal data relating to a child, please contact us so we can investigate and, where appropriate, delete the information.

16. Third-Party Websites

Our website and Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties.

We encourage you to review their privacy policies before providing personal data.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Where changes are material, we will publish the updated version on our website and revise the “Last Updated” date.

Continued use of the Services following publication of the updated Privacy Policy constitutes acknowledgement of the revised policy.

18. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact: Thrive Theory Ltd (Trading as Steddi). Company Number: 15782970. Email: privacy@[INSERT DOMAIN]. Website: https://staysteddi.com.

If you remain dissatisfied with how we handle your personal data, you may have the right to lodge a complaint with the Information Commissioner’s Office (ICO). Website: https://ico.org.uk.

Create a free website with Framer, the website builder loved by startups, designers and agencies.