Continuly ("we", "us", "our") is the data controller for the personal information you provide when you use Continuly. This policy explains what we collect, why, how we protect it and the rights you have under the UK General Data Protection Regulation ("UK GDPR") and the Privacy and Electronic Communications Regulations ("PECR").
1. What we collect
- Account data — email address, name, hashed password.
- Life-organisation data you choose to enter — records about your finances, insurance, property, health, family and estate; documents you upload; trusted contacts; life-event checklists; timeline milestones.
- Technical data — device, browser, IP-derived region, minimal logs required to run the service and investigate abuse.
- Security audit data — a record of when sensitive fields are revealed and by which authentication method (see "Security").
We do not collect: full bank account numbers, online banking credentials, passwords for other services, security answers, PINs, or full card details. We do not ask for them and Continuly is not designed to store them.
2. Lawful basis for processing
We process your personal data under the following UK GDPR bases:
- Contract (Art. 6(1)(b)) — providing the Continuly service you signed up for.
- Legitimate interests (Art. 6(1)(f)) — securing the service, preventing fraud and abuse, product analytics on aggregated data.
- Consent (Art. 6(1)(a)) — optional marketing emails and any non-essential cookies (PECR).
- Legal obligation (Art. 6(1)(c)) — where we must respond to lawful requests.
Health-related information you choose to add is "special category" data under Art. 9. We rely on your explicit consent (Art. 9(2)(a)) to process it, which you can withdraw at any time by deleting the relevant records.
3. How we use your data
- To deliver the app and your dashboard.
- To send transactional emails (renewals, expiries, security alerts).
- To detect and prevent fraud, abuse and security incidents.
- To improve Continuly using aggregated, non-identifying usage statistics.
We do not sell your data. We do not use your content to train AI models.
4. Cookies and similar technologies (PECR)
Continuly uses only strictly necessary cookies for authentication and session security. We do not set advertising or third-party analytics cookies without your consent.
5. Storage and international transfers
Data is stored on managed cloud infrastructure inside the UK/EU where possible. Where a sub-processor operates outside the UK/EU, transfers are protected by UK IDTA / EU SCCs and equivalent safeguards.
6. Retention
We keep your data for as long as your account is active. When you delete your account we remove your personal data within 30 days, except where we are legally required to retain a limited record (typically no more than 6 years for financial/legal reasons). See our Security & Retention page for details.
7. Your rights
You have the right to:
- Access the personal data we hold about you.
- Have inaccurate data corrected.
- Have your data erased ("right to be forgotten").
- Export your data in a portable, machine-readable format.
- Restrict or object to certain processing.
- Withdraw consent for consent-based processing.
- Complain to the UK ICO — ico.org.uk.
You can exercise access, export and deletion directly from Settings → Your data. For anything else, email privacy@continuly.app.
8. Contact
Data controller: Continuly. Contact: privacy@continuly.app.