Privacy Policy

Last updated: April 27, 2025

Flourishing World Ltd (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use Flourish (“the Platform”).

If you have any questions about this Privacy Policy or our privacy practices, please contact us at: privacy@flourishingworld.com

1. Who We Are

Flourishing World Ltd is a company registered in England and Wales (Company No: 14794272) with a registered office at Science Park Square, Falmer, Brighton, East Sussex, England, BN1 9SB.

We operate Flourish, a SaaS platform that provides AI-assisted compliance and sustainability tools for enterprises.

2. What Data We Collect

Category: Identity Data

Example: Name, username, company name, job title

Category: Contact Data

Example: Email address, phone number, billing address

Category: Technical Data

Example: IP address, device type, browser type, time zone, usage logs

Category: Profile Data

Example: User preferences, account settings, feedback responses

Category: Communication Data

Example: Messages sent via support, chat, or feedback forms

Category: Uploaded Content

Example: Documents, files, and materials uploaded to the Platform

Category: Compliance Data

Example: Metadata relating to legislative queries, compliance searches, audit trails

3. How We Collect Your Data

We collect data through:

  • Direct Interactions: Filling out forms, creating an account, contacting support.
  • Automated Technologies: Cookies, server logs, and analytics tools.
  • Third Parties: Authentication providers (e.g., Google sign-in if enabled), payment processors.

4. How We Use Your Data

We use your data to:

  • Provide, operate, and maintain Flourish
  • Personalise your user experience
  • Communicate with you about updates, services, and offers
  • Ensure compliance with legal obligations
  • Improve our Platform based on usage analytics and feedback
  • Detect, prevent, and address technical issues or security incidents

We will only use your personal data where we have a lawful basis to do so, typically under:

  • Performance of a contract (providing services to you)
  • Legitimate interests (improving our platform, ensuring security)
  • Legal obligations (regulatory compliance)
  • Consent (for optional marketing communications)

5. How We Share Your Data

Recipient: Cloud Infrastructure Providers

Purpose: Hosting and storage (e.g., Amazon AWS, Bubble.io)

Recipient: AI Processing Providers

Purpose: Document analysis (e.g., OpenAI, OpenRouter)

Recipient: Vector Database Providers

Purpose: Data indexing (e.g., Pinecone)

Recipient: Analytics Providers

Purpose: Usage insights (e.g., Google Analytics, Firecrawl)

Recipient: Payment Processors

Transaction management (e.g., Stripe)

Recipient: Legal and Compliance Advisors

Purpose: Regulatory advice and audits

All vendors are required to adhere to strict data protection obligations.

6. International Data Transfers

Some of our service providers operate outside the UK and EEA.

Whenever we transfer your personal data internationally, we ensure it is protected by:

  • Adequacy decisions (where applicable)
  • Standard Contractual Clauses (SCCs) approved by the UK ICO and EU Commission
  • Additional technical and organisational safeguards

7. Data Security

We apply appropriate security measures to protect your data, including:

  • End-to-end encryption (for data in transit and at rest)
  • Role-based access controls
  • Regular penetration testing
  • Secure development lifecycle practices

Despite these efforts, no system can guarantee absolute security. We encourage you to protect your password and access credentials.

8. Data Retention

We retain your personal data only as long as necessary to fulfil the purposes we collected it for, including:

  • Active account usage
  • Compliance with legal, accounting, or reporting requirements
  • Internal analytics and historical record-keeping

When data is no longer needed, it is securely deleted or anonymised.

9. Your Legal Rights

Under UK GDPR and EU GDPR, you have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing
  • Request data portability
  • Withdraw consent at any time (where processing is based on consent)

You can exercise your rights by contacting privacy@flourishingworld.com.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) in the UK or your local supervisory authority.

10. Cookies

We use cookies and similar technologies to enhance your experience.

For more information, please see our separate Cookie Policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

Material changes will be communicated via email or Platform notification.

The latest version will always be available at: https://www.flourishingworld.com/privacy-policy

Questions about these Terms can be directed to: legal@flourishingworld.com

Flourish Logo
Products
Copyright © 2025 Flourishing World Ltd.
All rights reserved.