Legal

Privacy Policy

Last updated: 4 April 2026

1. Data Controller

OnOur ("we", "us", "our") is operated by Bloodstone Ltd, a company registered in England and Wales. Our registered address is 33 Cavendish Square, Mayfair, London W1G 0PW.

For any data protection queries, please contact us at hello@onour.co.uk.

2. Information We Collect

2.1 Quiz Data

When you complete our brand health quiz, we collect the answers you provide across all 16 questions. This includes information about your business type, online presence, marketing activities, and goals.

2.2 Contact Information

At the end of the quiz, we ask for your name, email address, website URL, and optionally your Instagram handle and phone number. Your email address is required to receive your results.

2.3 Website and Technical Data

If you purchase a Quick Scan or Full Audit, we may scan your publicly available website, social media profiles, and Google Business Profile to generate your report. We also collect standard technical data including IP address, browser type, and referring URL.

2.4 Payment Data

Payments are processed securely by Stripe. We do not store your full card details on our servers. We receive confirmation of payment, transaction IDs, and your billing email from Stripe.

2.5 Cookies and Analytics

We use cookies and similar technologies to operate the site, remember your preferences, and understand how visitors use OnOur. We use Google Analytics 4 and Vercel Analytics for website analytics. You can manage your cookie preferences via the cookie consent banner displayed on your first visit.

3. How We Use Your Information

We use your information to:

  • Calculate and deliver your brand health score and results
  • Generate audit reports (Quick Scan, Full Audit)
  • Process payments for paid products and services
  • Send you your results and, if you have opted in, follow-up emails with tips and offers related to your audit
  • Improve our scoring algorithms and service quality
  • Comply with legal obligations

4. Legal Basis for Processing

We process your data under the following legal bases (UK GDPR):

  • Contract: Processing your quiz submission and delivering paid products you have purchased.
  • Legitimate interest: Improving our service, analytics, and fraud prevention.
  • Consent: Sending marketing emails and setting non-essential cookies. You can withdraw consent at any time.

5. Email Marketing

If you opt in, we may send you a short nurture email sequence after your quiz (typically 3 emails over 10 days) with tips related to your results and information about our paid services. Every email includes an unsubscribe link. You can opt out at any time by clicking unsubscribe or emailing hello@onour.co.uk.

6. Data Sharing

We do not sell your personal data. We share data only with the following categories of service providers who process data on our behalf:

  • Stripe: Payment processing
  • Supabase: Database hosting
  • Resend: Transactional and marketing emails
  • Vercel: Website hosting and analytics
  • Google: Analytics (GA4)
  • HubSpot: CRM and lead management
  • Anthropic: AI analysis for audit reports

All third-party processors are contractually bound to protect your data and only process it on our instructions.

7. Data Retention

We retain your quiz data and contact information for up to 24 months after your last interaction with us. Payment records are retained for 7 years to comply with UK tax and accounting requirements. You can request earlier deletion at any time (subject to legal retention obligations).

8. Your Rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate data
  • Request erasure of your data
  • Restrict processing of your data
  • Data portability (receive your data in a structured format)
  • Object to processing based on legitimate interest
  • Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, email us at hello@onour.co.uk. We will respond within 30 days.

9. International Transfers

Some of our service providers may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions, to protect your data.

10. Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), secure database hosting with row-level security, and access controls for our team.

11. Children

OnOur is not directed at individuals under the age of 18. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this privacy policy from time to time. The "Last updated" date at the top of this page indicates when the policy was last revised. We encourage you to review this page periodically.

13. Complaints

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

14. Contact

Bloodstone Ltd
33 Cavendish Square, Mayfair, London W1G 0PW
Email: hello@onour.co.uk