Privacy Policy
Last updated: 22nd July 2025
1. Who We Are
PFMJOI Ltd ("we", "usv, "our") operates Ressq accessible at getressq.com. Our registered address is EC1V, London, UK. You can reach us at contact@getressq.com.
2. What This Policy Covers
This policy explains what personal data we collect, why we collect it, how we use it, and your rights. It applies to our website, apps and services (collectively, the "Service").
3. Data We Collect & Why
Account data
- Examples: name, email, password hash
- Source: you
- Why: create and manage your account
- Legal basis: contract necessity
Payment data
- Examples: transaction IDs, last4 of card, billing address (via Stripe)
- Source: you / Stripe
- Why: process payments, prevent fraud, keep accounting records
- Legal basis: contract necessity / legitimate interests / legal obligation
Usage & analytics data
- Examples: pages viewed, clicks, events, session duration
- Source: PostHog, Vercel Analytics, Firebase
- Why: understand how the product is used and improve it
- Legal basis: legitimate interests / consent (where required)
Device & cookie data
- Examples: IP address, user agent, cookies/local storage IDs
- Source: collected automatically
- Why: security, debugging, ad personalisation (Google Ads)
- Legal basis: legitimate interests / consent
Support communications
- Examples: emails, chat transcripts
- Source: you
- Why: respond to enquiries and provide support
- Legal basis: legitimate interests / contract
5. Ads & Analytics
- Google Ads / AdSense: Google may use cookies or device identifiers to serve personalised or non‑personalised ads. Users in the EEA/UK must be offered a clear choice.
- PostHog & Vercel Analytics: used to understand feature usage and improve performance. Configure IP anonymisation and respect Do Not Track where applicable.
- Firebase: specify the modules you use (Auth, Firestore, Analytics, Crashlytics, Cloud Functions, etc.) and the data each collects.
Each vendor acts as a processor or independent controller depending on context. Review their privacy policies and data processing terms. International data transfers are protected via SCCs/UK Addendum or equivalent safeguards.
6. Payments (Stripe)
We never store full card numbers. Stripe processes your payment information on our behalf. We retain transaction metadata for accounting and fraud prevention. See Stripe’s privacy policy for details.
7. How Long We Keep Data
We keep personal data only as long as necessary for the purposes above, then delete or anonymise it. Typical retention periods:
- Accounts: while active + 24 months
- Transaction records: 7 years (tax/legal)
- Analytics events: 18 months
9. International Transfers
If we transfer data outside the UK/EU, we rely on Standard Contractual Clauses (SCCs), the UK Addendum, or another valid mechanism. Details available on request.
10. Your Rights
Depending on your location, you may have the right to access, correct, delete, or port your data; object to or restrict processing; withdraw consent; or opt out of certain data sharing (“sale”/“sharing” under US state laws).
To exercise rights, email contact@getressq.com with the subject line “Data Request” and include: (1) which right you’re exercising, (2) what data it concerns, and (3) proof of identity. We’ll respond within applicable legal deadlines.
11. Children
We do not knowingly collect data from individuals under 18. If you believe we have collected such data, contact us and we will delete it.
12. Changes to This Policy
We may update this policy from time to time. If we make material changes, we will notify you (e.g., by email or a banner). Check the “Last updated” date at the top.
13. Contact Us
Questions or concerns? Email contact@getressq.com or write to us at EC1V, London, UK.