Privacy Policy
Effective Date: February 18, 2026
Company Name: Beespoke Services Ltd (trading as Backona)
Website: backona.com, backona.ai and subdomains
Contact Email: [email protected]
Company Address: 4th Floor, 18 St. Cross Street, London, United Kingdom, EC1N 8UN
At Beespoke Services Ltd, trading as Backona ("Backona," "we," "us," or "our"), we are committed to safeguarding the privacy and security of your personal data. This Privacy Policy outlines how we collect, use, and protect the personal data of users who interact with our website and use our products and services—including Backona AI, Backona CMP (Consent Management Platform), Backona CA (Clever Analytics), Backona SST (Server Side Tagging), and our consulting and other services—in compliance with the UK General Data Protection Regulation (UK GDPR), the EU GDPR, and relevant international data privacy laws.
1. Data Controller Information
Beespoke Services Ltd is the data controller for the personal data processed through our products, services, and website. For any inquiries regarding data protection, please contact us at [email protected].
2. Personal Data We Collect
We collect and process the following categories of personal data:
2.1 Data Collected via Backona Products and Services
- User Input Data: Information you provide when interacting with our products (e.g. Backona AI queries and commands, configuration in Backona CMP, Backona CA, or Backona SST). This data is processed to deliver the requested functionality and insights.
- Interaction Logs: Data related to your usage of our products and services, such as interaction history, frequency of use, and session duration. This information helps us improve functionality and user experience.
- Technical Data: Information about the device and software you use to access our products and website, including IP address, device type, browser information, and operating system.
- AppSumo Data: If you purchase Backona AI through a third-party marketplace such as AppSumo, we may receive limited personal data (such as your name, email address, and plan tier) for the purpose of activating and managing your access. This data is used strictly to fulfil our contractual obligations and will not be used for unrelated marketing without consent.
- Google API Data: Where a product supports it (e.g. Backona AI), we access and process users' enabled Google API data through authorized OAuth connections, strictly limited to the scopes explicitly consented to by users. This may include data from Google Analytics 4 (website traffic and engagement metrics), Google Search Console (search performance, queries, impressions, click-through data), and Google Ads (campaign performance, keyword data, ad spend, and demographic insights), depending on which integrations you enable.
- Facebook Marketing API Data: Where a product supports it (e.g. Backona AI), if you choose to connect your Facebook account, we access data from the Facebook (Meta) Marketing API through an authorized OAuth connection. This includes advertising account metadata (account name, currency, timezone), campaign data (status, budgets, objectives), performance insights (impressions, clicks, spend, reach, conversions), and pixel tracking data. Access is strictly limited to the scopes you explicitly consent to during the Facebook authorization process (
ads_read,ads_management). We store only your OAuth access token and its expiration date; we do not collect your Facebook profile information (such as name, email, or profile picture).
2.2 Data Collected via the Website
- Identification and Contact Data: Information you provide through forms on our website, such as name, email address, and other contact details, typically during registration, inquiries, or newsletter sign-ups.
- Usage Data: Information about your interaction with our website, including pages visited, time spent on the site, and navigation patterns. This data is collected through cookies and similar technologies.
- Technical Data: Information related to the device you use to access our website, such as IP address, browser type, and operating system.
2.3 Organization and Team Member Data
When you create an organization or invite users to join your workspace in products that support this (e.g. Backona AI), we process the following personal data:
- Name, email address, and role of invited users
- Metadata such as invitation date, inviter's email, and whether the invite was accepted
- Login data if the invitee joins the platform
You confirm that you have appropriate permission to provide personal data of others when inviting team members. The invitee may choose to access Backona using a different email address from the one you provided. This data is used solely for facilitating access to our products and will not be used for marketing without explicit consent.
3. Purpose and Legal Basis for Processing
We process your personal data for the following purposes and under the following legal bases:
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Name, Email | Account setup and support | Contractual necessity |
| Invitee emails | Team collaboration | Legitimate interest |
| Analytics data | Improve user experience | Legitimate interest |
| Marketing preferences | Email campaigns | Consent |
| Google API data (GA4, Search Console, Ads) | Deliver product features (e.g. analytics, insights) | Contractual necessity / Consent |
| Facebook Marketing API data | Deliver advertising analytics features | Contractual necessity / Consent |
3.1 Backona Products and Services
- Performance of a Contract: To provide the Backona products and services you request, including processing your inputs, configurations, and data to deliver tailored insights, consent management, analytics, and other functionality.
- Legitimate Interests: To analyze usage patterns, improve our products' functionality, and develop new features based on user interactions.
- Inviting Team Members and Managing Organizations: Where a product supports teams (e.g. Backona AI), we process the personal data of invited users under our legitimate interests in enabling team collaboration and managing user accounts. It is the inviter's responsibility to ensure they have the invitee's consent or authority to share their information.
3.2 Website
- Performance of a Contract: To manage your account, respond to inquiries, and provide you with information and services.
- Legitimate Interests: To monitor and improve our website, personalize your experience, and conduct marketing activities.
- Consent: For sending marketing communications and storing non-essential cookies on your device. You can withdraw your consent at any time by contacting us at [email protected].
- Transactional Communications on Behalf of Users: Our products (e.g. Backona AI) may send system-generated emails (e.g. team invitations) to users on behalf of another user. These are transactional and necessary to enable product functionality, and not considered marketing communications.
4. Cookies and Similar Technologies
We use cookies and similar tracking technologies on our website and in our products to collect data and improve user experience.
4.1 Types of Cookies
- Necessary: Essential for the operation of our website and our products. These cookies enable core functionalities like security, network management, and accessibility.
- Statistics: Help us understand how you interact with our website and products, enabling us to improve functionality and performance.
- Marketing: Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns.
| Tool / Infrastructure | Purpose | Frontend / Backend / Other | Integration type with Backona platform | Processing of User Related Data via Cookies | Data for AI Model Training? |
|---|---|---|---|---|---|
| OpenAI | LLM models integration | Backend | Based on application setup | No | No |
| Anthropic Claude | LLM models integration | Backend | Based on application setup | No | No |
| LangChain | LLM models interaction logging and testing | Backend | Permanent | N/A | N/A |
| Google Analytics API | Integration with Customer GA4 API | Backend | Based on user authorization | N/A | N/A |
| Google Search Console API | Integration with Customer Google Search Console for search performance analytics | Backend | Based on user authorization | N/A | N/A |
| Google Ads API | Integration with Customer Google Ads accounts for advertising performance analytics | Backend | Based on user authorization | N/A | N/A |
| Facebook Marketing API | Integration with Customer Facebook Ads accounts for campaign analytics and insights | Backend | Based on user authorization | N/A | N/A |
| Google GCP Services | User app authentication and authorization | Backend | Permanent | Yes | N/A |
| Stripe | Subscription plans and user payment processing | Backend | Permanent | Yes | N/A |
| AppSumo | Subscription plans and user payment processing | Backend | Permanent | Yes | N/A |
| HotJar | Track user interactions with the tool | Frontend | Permanent | Yes | N/A |
| Matomo | Track user purchase path from Landing Page to Tool | Frontend | Permanent | Yes | N/A |
| GA4 Analytics | Monitor user interactions on the website | Frontend | Permanent | Yes | N/A |
| Google Ads | Marketing tool to gather interest | Frontend | Permanent | Yes | N/A |
| Facebook Pixel | Marketing tool to gather interest | Frontend | Permanent | Yes | N/A |
| LinkedIn Marketing | Marketing tool to gather interest | Frontend | Permanent | Yes | N/A |
| Microsoft Clarity | Track user interactions with the tool | Frontend | Permanent | Yes | N/A |
| OVH | Infrastructure for solution hosting | Infrastructure | Permanent | N/A | N/A |
| DockerHub | Application packages distribution | Infrastructure | Permanent | N/A | N/A |
| GitHub | Storing source code | Infrastructure | Permanent | N/A | N/A |
| ClickUp | Internal CRM and management | External Tool | Separate from application | N/A | N/A |
| Mailer Lite | Allowing contact and SignUp for app usage | External Tool | Separate from application | N/A | N/A |
| Sender | Newsletter and email communication with users | External Tool | Separate from application | N/A | N/A |
| Google Workspace | Internal and external communication, Customer support | External Tool | Separate from application | N/A | N/A |
5. Data Sharing and Transfers
5.1 Data Sharing with Third-Party Service Providers
We do not sell your personal data. We may share your data with trusted third-party service providers who process data on our behalf, including:
- Infrastructure Providers: Such as cloud infrastructure providers for hosting and Docker images repository for code distribution.
- AI Model Integrations: Including OpenAI and Anthropic Claude for AI processing, and LangChain for interaction logging.
- Analytics and Marketing Tools: Such as Google Analytics, Matomo, Clarity, Google Ads, Facebook Pixel, and LinkedIn Marketing.
- Google APIs: If you enable Google integrations in a product that supports them, data is exchanged with Google via the Google Analytics API, Google Search Console API, and/or Google Ads API to retrieve your analytics, search performance, and advertising data. This data is transmitted securely and processed solely to deliver the relevant product features.
- Facebook (Meta) APIs: If you connect your Facebook Ads account to a product that supports it (e.g. Backona AI), data is exchanged with Meta via the Facebook Marketing API to retrieve your advertising account information, campaign data, and performance insights. This data is transmitted securely and processed solely to deliver the relevant product features.
- Marketplace Platforms: If you register through AppSumo, we may receive and share minimal personal data with AppSumo to confirm license validity and usage for fraud prevention or technical support purposes.
When transferring data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs).
5.2 AI/ML Models Training
We do not retain user data obtained through Google Workspace APIs or other third-party APIs for the purpose of developing, improving, or training generalized AI or machine learning models. We strictly use data in accordance with user permissions and only to deliver the core functionalities of our products. The use of raw or derived user data received from Workspace APIs will adhere to the Google User Data Policy, including the Limited Use requirements. The use of other APIs data will adhere to the API provider's terms of service and privacy policy.
5.3. Google Workspace API Data Usage
Backona's use and transfer of information received from Google Workspace APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use of user data requirements.
5.4. Facebook (Meta) Marketing API Data Usage
Where a product supports the Facebook Marketing API (e.g. Backona AI), we access it solely to provide advertising analytics and campaign management features. Data retrieved from the Facebook Marketing API (including ad account details, campaign information, performance metrics, and pixel data) is:
- Used exclusively to deliver the core analytics functionalities of that product as requested by the user.
- Not sold, leased, or transferred to any unrelated third party.
- Not used for developing, improving, or training generalized AI or machine learning models.
- Not used for purposes unrelated to the service the user has authorized.
Our use of the Facebook Marketing API complies with Meta's Platform Terms and the Meta Developer Policies. You may revoke Backona's access to your Facebook data at any time by disconnecting your Facebook account in the product's settings or by removing the app from your Facebook Business Integrations settings.
6. Data Retention
We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, and reporting obligations. Team invitation metadata is retained for audit and security purposes, even if the invitation is not accepted. Users may request deletion of unaccepted invites by contacting us.
7. Data Security
We implement robust security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:
- Encryption of data in transit using TLS/SSL protocols.
- Secure storage of authentication tokens and credentials with restricted access.
- Use of CSRF protection and state validation for third-party OAuth flows (e.g., Google, Facebook).
- Regular review of access controls and security practices.
- Infrastructure hosted with reputable providers that maintain industry-standard physical and network security.
While we take reasonable steps to safeguard your data, no method of electronic transmission or storage is completely secure. We encourage users to take their own precautions, such as using strong passwords and keeping login credentials confidential.
8. Your Rights Under GDPR
You have the following rights concerning your personal data:
- Right to Access: Obtain a copy of your personal data.
- Right to Rectification: Correct any inaccurate or incomplete personal data.
- Right to Erasure: Request deletion of your personal data under certain circumstances.
- Right to Restrict Processing: Request limited use of your data under certain conditions.
- Right to Object: Object to the processing of your personal data based on our legitimate interests.
- Right to Data Portability: Request your data in a structured, commonly used format.
- Right to Withdraw Consent: Withdraw any consent given for processing at any time.
- Right to Lodge a Complaint: Lodge a complaint with the UK Information Commissioner’s Office (ICO): www.ico.org.uk / Tel: +44 303 123 1113
To exercise these rights, please contact us at [email protected].
9. Third-Party Purchases and Marketplace Deals
If you access any Backona product (e.g. Backona AI) through a third-party deal platform such as AppSumo, your rights under this policy remain unaffected. However, your interactions with the marketplace itself (e.g. refunds, purchases) are governed by their privacy and data practices.
10. Revoking Third-Party Integrations
You may disconnect or revoke any third-party integration at any time:
- Google: Revoke access from your Google Account permissions or by disconnecting within the relevant Backona product's settings (e.g. Backona AI Settings).
- Facebook (Meta): Revoke access from your Facebook Business Integrations settings or by disconnecting within the relevant Backona product's settings (e.g. Backona AI Settings).
Upon revocation, Backona will no longer be able to access data from the disconnected service. Previously retrieved data may be retained in accordance with Section 6 (Data Retention) unless you request its deletion.
10.1 Facebook Data Deletion
If you wish to have your Facebook-related data deleted from Backona, you may do so in any of the following ways:
- From within the product: In the Backona product that uses Facebook (e.g. Backona AI), navigate to Settings and disconnect your Facebook account. This will immediately remove your stored Facebook OAuth access token and revoke Backona's ability to access your Facebook data.
- From Facebook directly: Go to your Facebook Settings > Business Integrations, find "Backona" in the list, and click Remove. This revokes Backona's access. To also delete the data already stored by Backona, please follow up with a deletion request as described below.
- By contacting us: Send an email to [email protected] with the subject line "Facebook Data Deletion Request". Please include the email address associated with your Backona account. We will process your request and delete all Facebook-related data associated with your account within 30 days, in accordance with applicable data protection laws.
What data is deleted: Upon a deletion request, we remove your Facebook OAuth access token, access token expiration data, Facebook Ads account configuration, and any cached Facebook advertising data (campaign data, insights, and pixel data) associated with your account.
Confirmation: Once the deletion is complete, we will send a confirmation to the email address associated with your Backona account.
11. International Representation and B2B Requests
If you are located in the EU and require local representation under Article 27 of the GDPR, or if you are a business customer requesting a Data Processing Addendum (DPA), please contact us at [email protected].
12. U.S. State Privacy Notice
Backona does not sell or share personal data of users, including those located in California or other U.S. states. U.S. users may contact us at [email protected] with any rights requests under applicable state privacy laws. We will comply to the extent required under applicable law.
Contact Information
Beespoke Services Ltd (trading as Backona)
4th Floor, 18 St. Cross Street,
London, United Kingdom, EC1N 8UN
[email protected]