ProfuiSign in

Privacy Policy

Profui Ltd · Company number 08843526

Effective 5 June 2026

1. Who we are

Profui Ltd (“Profui”, “we”, “us”), a company registered in England and Wales (company number 08843526), registered office Silverstream House, 4th Floor, 45 Fitzroy Street, Fitzrovia, London, England, W1T 6EB, operates the Profui application and the website at profui.com. This policy explains how we handle personal data and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Our two roles: controller and processor

This distinction matters for who is responsible for what:

  • We are the controller for personal data about our account holders and users — for example, the name and email you register with, your billing details, and how you use the Service.
  • We are a processor for the personal data you enter about your stakeholders (for example, their names, email addresses and shareholdings). For that data, you are the controller and we process it on your behalf and on your instructions, as described in our Terms and any Data Processing Agreement.

3. The personal data we collect

Account and profile data

Your name, email address, password (stored only in hashed form by our authentication provider), and any multi-factor authentication settings.

Billing data

When you subscribe to a paid plan, payment is handled by Stripe. We do not store your full card details. We receive limited billing information from Stripe (for example, your billing name, country, the last four digits and brand of your card, your plan, and your VAT/tax ID if you provide one).

Customer Data you enter

Information you add about your companies and stakeholders, which may include the personal data of third parties. We process this on your behalf as your processor.

Usage and technical data

Information generated as you use the Service, such as log data, device and browser information, IP address, and an internal audit log of significant actions taken in your account (used for security and integrity).

4. How we use personal data and our legal bases

  • Provide and operate the Service (accounts, cap-table features, support) — performance of a contract with you.
  • Process payments and manage subscriptions — performance of a contract; compliance with legal obligations.
  • Secure the Service, prevent abuse, and keep the audit log — our legitimate interests in the security and integrity of the Service.
  • Send service and transactional emails (e.g. sign-in, billing, account notices) — performance of a contract; legitimate interests.
  • Comply with legal, tax and accounting obligations — compliance with legal obligations.
  • Improve and maintain the Service — our legitimate interests in improving our product.

5. Sharing and sub-processors

We do not sell your personal data. We share it only as needed to run the Service: with trusted third-party providers who process data on our behalf under contract, and where required by law. The categories of providers we use are:

  • Cloud hosting and database providers, which store and serve the application and your data.
  • A payment processor (Stripe), which handles subscription billing and card processing.
  • An email delivery provider, used to send service and transactional emails.
  • Security and abuse-prevention services, such as rate limiting.

These providers process personal data only to provide their services to us and are bound by contractual confidentiality and data-protection obligations. A current list of our named sub-processors is available on request, and is provided to business customers as part of our Data Processing Agreement.

6. International transfers

Some of our providers may process personal data outside the UK. Where we transfer personal data outside the UK, we rely on appropriate safeguards — such as the UK’s adequacy regulations, the International Data Transfer Agreement (IDTA), or the UK Addendum to the EU Standard Contractual Clauses — to ensure your data remains protected.

7. How long we keep personal data

  • Account data: for as long as your account is active, and for a reasonable period afterwards.
  • Customer Data: for as long as you keep it in the Service; you can export and delete it using the tools we provide, and we delete or de-identify it after account closure in line with applicable law.
  • Billing records: for the period required by tax and accounting law.
  • Audit and security logs: for a limited period appropriate to their security purpose.

8. Your rights

Subject to conditions and exemptions under UK GDPR, you have the right to: access your personal data; have it corrected; have it erased; restrict or object to processing; data portability; and to withdraw consent where we rely on consent. We have built export and deletion tools into the Service to help you exercise these rights directly.

Where we act as a processor for your stakeholders’ data, requests from those individuals should usually be directed to you as the controller; we will assist you in responding as required.

To exercise your rights, contact us at support@profui.com. You also have the right to complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk, or to your local data protection authority.

9. How we protect personal data

We use technical and organisational measures appropriate to the risk, including: encryption of data in transit; role-based access controls and database-level row security so users only see data they are authorised to; optional multi-factor authentication; and an append-only audit log of significant actions. No system is perfectly secure, but we work to protect your data and to respond promptly to any incident.

10. Cookies and similar technologies

We use cookies and similar technologies that are strictly necessary to operate the Service, such as keeping you signed in and protecting against abuse. We do not currently use advertising cookies. If we introduce analytics or other non-essential cookies, we will update this policy and, where required, ask for your consent.

11. Children

The Service is intended for business use by adults and is not directed at children under 18. We do not knowingly collect personal data from children.

12. Changes to this policy

We may update this policy from time to time. If we make material changes we will take reasonable steps to notify you. The “Effective” date above shows when this version took effect.

13. Contact us

If you have questions about this policy or how we handle personal data, contact: Profui Ltd, Silverstream House, 4th Floor, 45 Fitzroy Street, Fitzrovia, London, England, W1T 6EB. Email: support@profui.com.