TheyPromised
Log InStart Free

Privacy Policy

Last updated: 14 March 2026

TheyPromised (“we”, “us”, “our”) is operated by SynqForge Ltd, a company registered in England and Wales. This policy explains how we collect, use, and protect your personal data when you use TheyPromised.app. We are committed to compliance with UK GDPR and the Data Protection Act 2018.

1. Data we collect

Account information: Email address, full name, phone number, postal address (used as letter sender address).

Case data: Details of your complaint(s), organisation names, case titles, descriptions, desired outcomes, reference numbers.

Interaction logs: Records of your contacts with organisations — dates, times, channels, summaries, promises, outcomes.

Evidence files: Documents, photographs, audio recordings, and other files you upload to support your case.

Generated letters: Letters created using our AI tools, which incorporate your case data.

Payment information: Handled entirely by Stripe. We do not store card details.

Usage data: Pages visited, features used, session duration, browser and device type. Collected via Vercel Analytics and PostHog (analytics opt-in).

2. How we use your data

  • ✓ To provide and improve the TheyPromised service
  • ✓ To generate drafted letters and case insights from your case data
  • ✓ To send email reminders and alerts you have configured
  • ✓ To process subscription payments through Stripe
  • ✓ To comply with legal obligations
  • ✓ To detect and prevent fraud and abuse

3. Third-party processors

Supabase — Database and file storage. Data hosted in the EU (Ireland region). Privacy policy

Stripe — Payment processing. Your card data is processed by Stripe and never stored on our servers. Privacy policy

Anthropic (Claude API) — Letter drafting and case insights. Your case data is sent to Anthropic to generate content. Anthropic does not use API inputs to train their models. Privacy policy

Hugging Face — Text summarisation and classification for interaction summaries. Privacy policy

Resend — Transactional email delivery. Used to send reminders and notifications. Privacy policy

Vercel — Hosting and deployment. Privacy policy

PostHog — Product analytics. Anonymised usage data with opt-in analytics. Self-hosted or EU-region option. Privacy policy

4. Your rights under UK GDPR

You have the right to:

  • Access — request a copy of all personal data we hold about you
  • Rectification — correct any inaccurate data
  • Erasure — request deletion of your account and all associated data
  • Data portability — export your data in machine-readable format (available from Account Settings)
  • Restriction — restrict processing of your data in certain circumstances
  • Object — object to processing based on legitimate interests
  • Withdraw consent — for any processing based on consent (e.g. marketing emails)

To exercise any of these rights, email privacy@theypromised.app. We will respond within 30 days.

5. Data retention

We retain your data for as long as your account is active. When you delete your account:

  • All case data, interactions, letters, and evidence are deleted immediately
  • Payment records are retained for 7 years for tax purposes (as required by HMRC)
  • Anonymised, aggregated analytics data may be retained indefinitely

6. Cookies

We use essential cookies only by default:

  • Authentication session cookies (Supabase)
  • CSRF protection

Analytics cookies (PostHog) are opt-in only. We do not use advertising or third-party tracking cookies.

7. Contact

Data controller: SynqForge Ltd, England, UK.
Privacy questions: privacy@theypromised.app
You also have the right to lodge a complaint with the UK Information Commissioner's Office at ico.org.uk.

We use cookies to improve your experience and understand how TheyPromised is used. You can change your preference at any time in Privacy Settings.

Privacy Policy