BASIC

Privacy Policy

Last updated: 7 March 2026

1. Who We Are

BASIC (“we”, “us”, “our”) is the data controller responsible for your personal data. We are registered in England and Wales. For data protection enquiries, contact us at privacy@usebasic.com.

2. What Data We Collect

We collect and process the following categories of personal data:

  • Account data: name, email address, avatar (via Google OAuth)
  • Workspace data: contacts, companies, deals, projects, tasks — entered by you
  • Usage data: activity logs within your workspace (what actions you take)
  • Billing data: processed by Stripe; we store only subscription references, not card details

3. Legal Basis for Processing

We process your data under the following lawful bases (UK GDPR Article 6):

  • Contract: to provide the BASIC platform and fulfil our obligations to you
  • Legitimate interest: to improve our services, prevent fraud, and ensure security
  • Legal obligation: to comply with applicable laws and regulations

4. Third-Party Data Processors

We share personal data with the following third-party processors:

  • Google: authentication (OAuth sign-in)
  • Stripe: payment processing and subscription management
  • Storage providers: Dropbox, Google Drive, or SharePoint (only if you connect them)
  • Email provider: transactional email delivery

All processors are bound by data processing agreements and comply with UK GDPR.

5. Data Retention

We retain your personal data for as long as your account is active. Deleted records (contacts, companies, etc.) are soft-deleted and permanently purged after 90 days. Activity logs are retained for 2 years for audit purposes. You can request immediate erasure at any time (see Your Rights below).

6. Your Rights

Under UK GDPR, you have the right to:

  • Access: request a copy of your personal data
  • Rectification: correct inaccurate data
  • Erasure: request deletion of your data (“right to be forgotten”)
  • Portability: receive your data in a machine-readable format (JSON)
  • Object: object to processing based on legitimate interest
  • Restrict: request restricted processing in certain circumstances

To exercise any of these rights, email privacy@usebasic.com or use the data management tools in your account settings.

7. Cookies

We use only essential cookies required for authentication and security (session management, CSRF protection). We do not use analytics, advertising, or tracking cookies. See our Cookie Policy for details.

8. Security

We implement appropriate technical and organisational measures to protect your data, including: AES-256 encryption for sensitive credentials, HTTPS in transit, role-based access controls, and regular security reviews. See our security practices for more detail.

9. Complaints

If you have concerns about how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk/make-a-complaint