Privacy Policy for Frthst, Ltd / Frthst AI / Frthst (frthst.com)

Last updated: 29 March 2026

Frthst (“we”, “us”, “our”) is committed to protecting and respecting your privacy. This policy explains what personal data we collect from you, how we use it, and your rights in relation to that data. This policy applies to our website, frthst.com, and Crit products (customer accounts and subscriptions).

1. Who We Are
Frthst is a technology lab based in Norwich, United Kingdom.

2. Data We Collect
We may collect the following personal data from you:
Contact Form: Your name, email address, phone number (optional), reason for contact, and any other information you provide in the message field.
Newsletter Sign-ups: Your email address and your name, if provided.
Crit Accounts: Your name, email address, and password as provided during account creation.
Crit Subscriptions: Unique identifiers provided by Stripe to manage your subscription (e.g., Stripe Customer and Subscription ID) and your subscription status.
Note: We do not process or have access to financial information provided to Stripe. You can manage your subscription via the Credit Card Icon in Crit that links to Stripe Customer Portal; their privacy policy is available at stripe.com/gb/privacy.
Automatic Data: Information about your device and browsing actions collected through cookies and similar technologies.

3. How We Use Your Data
We use your data for the following purposes:
To respond to inquiries and requests received via our Contact Form regarding our services or solutions.
To facilitate access to Crit accounts and maintain your subscription.
For record-keeping and to analyse audience trends using aggregated or pseudonymised data.
To send and personalise our newsletter, and to track engagement (opens/clicks) to improve future content.

4. Legal Basis for Processing
Our legal basis for processing your personal data is:
Legitimate Interests (Contact Form & Accounts): We have a legitimate interest in responding to inquiries and facilitating access to Crit services while resolving any technical issues. We believe this processing is necessary and balanced against your rights.
Contract (Subscriptions): By subscribing to a Crit account, you enter into a contract with us. We process your data to fulfill our obligations to provide and maintain that subscription.
Consent (Newsletter): We process your email address based on your explicit consent when you sign up. You may withdraw this consent at any time.

5. Data Sharing
We do not sell your personal data. We share it only with trusted third-party service providers, including:
Google Workspace: For communications and storage (emails, forms, files).
Fluent Forms: For collecting contact form details.
Brevo: For newsletter distribution.
WordPress: Our website platform.
AWS (Germany): For hosting account information (name, email, password).
Stripe (Ireland/US): For processing monthly subscription payments.
Legal Authorities: Where required by law or a valid legal request.

6. International Data Transfers
Many of our providers are based outside the UK. Your information may be transferred to and stored at destinations outside the UK. We ensure protection via legally compliant mechanisms, such as Standard Contractual Clauses (SCCs) or adequacy decisions.

7. Data Security
We implement appropriate technical and organisational measures to protect your data from unauthorised access, loss, or misuse.

8. How Long We Keep Your Data
Contact Form: Generally retained for 18 months from the date of inquiry, then anonymised or deleted.
Crit Accounts: Data is retained for 12 months from your last login, after which it is permanently deleted. If you cancel your account, personal data is permanently deleted after 90 days.
Subscription Identifiers: Unique identifiers from Stripe are kept for up to 6 years post-cancellation for UK contract and dispute resolution requirements.
Newsletter Sign-ups: Retained as long as you are subscribed. If you unsubscribe, your email is removed from the mailing list promptly.

9. Your Rights Under the UK GDPR
You have the right to:
Access your information.
Rectify inaccurate data.
Erase your data in certain circumstances.
Restrict or Object to processing.
Data Portability.
Withdraw Consent for communications.
To exercise these rights, please contact us via our contact page. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

10. Cookies
Our website uses cookies to enhance your experience; these can be managed through your browser settings.

11. Contact Us
For questions about this policy or our data practices, please contact us via our contact form at the bottom of this page.