Privacy Policy
Effective 16 July 2026
- Company
- Comerzia LTD
- Website
- https://comerzialtd.com
- Comerziauk@gmail.com
- Effective date
- 16 July 2026
- Registered office
- Unit 7 Initial Business Centre, Wilson Business Park, Manchester, United Kingdom, M40 8WN
This Privacy Policy explains how Comerzia LTD ("Comerzia", "Company", "we", "us", or "our") collects, uses, stores, discloses, and protects personal data when individuals visit https://comerzialtd.com, create an account, submit a business brief, purchase an AI-generated business plan, contact us, or otherwise interact with us. It also explains the role played by the third-party artificial intelligence provider that we use to generate the business plans we deliver.
1. Introduction and Scope
This policy is intended to be comprehensive and commercially practical. It addresses website visitors, registered account holders, prospective customers, paying customers, business contacts, and any other person whose personal data we process in connection with the operation of our website and the supply of our AI-generated business plans.
Our service is a digital product. You select a package or configure a custom plan, you provide a written brief describing your business, you pay once, and an automated artificial intelligence system generates a business plan document which is made available to you for download, ordinarily within minutes. Understanding that flow is important to understanding this policy, because the information you type into your brief is the single largest category of data we handle.
Where local law grants you stronger protections than those described here, those legal protections will apply in addition to this policy. This document should be read together with our Terms and Conditions, Cookie Policy, Disclaimer, and Refund Policy.
2. Who We Are and How to Contact Us
The data controller for the purposes of this website and our core business activities is Comerzia LTD, a private limited company incorporated and registered in England and Wales under company number 16068070, whose registered office is at Unit 7 Initial Business Centre, Wilson Business Park, Manchester, United Kingdom, M40 8WN.
Our contact address for all privacy matters is Comerziauk@gmail.com. We operate as an online business and do not maintain a telephone support line; email is our sole channel for enquiries, support, and formal notices, and it is monitored during normal business hours in the United Kingdom. Writing to us at that address is sufficient for any purpose under this policy, including exercising any of the rights described in section 16, and no other method of contact is required.
We have not appointed a statutory Data Protection Officer, as we are not required to do so under applicable law. Privacy enquiries are handled by the company officers using the email address above.
3. Categories of Personal Data We Collect
We may collect personal data directly from you, automatically from your device and browser, and indirectly from the service providers that support our operations. The categories of data may include the following:
- Identity data, such as your name, the name of your business or proposed business, your job title or role, and any username or account identifier you create.
- Contact data, such as your email address, billing address, and country of residence or establishment.
- Account data, such as your hashed password, account creation date, authentication records, and order history.
- Brief data, being the free-text business information you submit at checkout so that a plan can be generated. This is described further in section 4.
- Order and transaction data, including the package or custom configuration selected, the price, the currency, the order reference, payment status, timestamps, and limited payment metadata supplied to us by our payment provider. We do not intend to store full payment card numbers on our own systems.
- Generated output data, being the business plan document produced for you and the record of the parameters used to produce it.
- Technical data, such as IP address, browser type, device identifiers, language settings, operating system, referring URLs, timestamps, and diagnostic or error information.
- Usage data, such as pages viewed, orders started or abandoned, download events, and navigation patterns on our website.
- Communications data, including the content of emails you send to us, support requests, refund requests, and our replies.
- Marketing and communications preferences, including records of consent and any suppression or opt-out request.
4. Your Business Brief and What You Should Not Include In It
The brief you complete at checkout is customer-submitted business data. It typically describes your business concept, market, products or services, target customers, operating model, financial assumptions, and objectives. It is supplied by you, on your initiative, and its content is within your control. It is used for one primary purpose: to instruct the automated system that writes your plan.
A brief may incidentally contain personal data - for example, your own name, or the names of founders, directors, or shareholders. Please provide only what is genuinely necessary to produce a useful plan. In particular, you should not submit special category personal data, meaning information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health data, or data concerning a person's sex life or sexual orientation, and you should not submit criminal offence data. We do not require any of it, and our service is not designed to process it.
You should also not submit personal data about third parties unless you have a lawful basis and, where required, their knowledge and agreement, and you should not submit confidential information belonging to another person or organisation that you are not entitled to disclose. Where you provide personal data about any other individual, you confirm that you are entitled to do so and that you have provided them with any notice required by applicable data protection law. You remain responsible for the content of what you submit, and we may decline or remove content that is unlawful or clearly excessive.
5. How We Collect Personal Data
We collect personal data when you register an account, configure a package or custom plan, complete a brief, place and pay for an order, download a delivered plan, use the order tracking function, contact us by email, or otherwise communicate with us.
We also collect certain technical and usage data automatically through server logs and comparable technologies operated by our hosting provider. Please read our Cookie Policy for detail on what does and does not run on the website in this respect.
In some cases we may receive limited personal data from service providers that assist with website hosting, database services, payment processing, email delivery, security, and fraud prevention.
6. Purposes of Processing
We process personal data only where we have a lawful basis to do so and for legitimate, specified purposes. These purposes may include: creating and administering your account; taking, confirming, and fulfilling your order; transmitting your brief to our artificial intelligence provider so that your plan can be generated; delivering the generated document to you and enabling you to download it; retaining a copy of your order and output so that you can access it again and so that we can evidence what was supplied; processing payments and issuing receipts; handling refund, regeneration, and support requests; maintaining accounting and tax records; operating, securing, and improving the website; preventing fraud and abuse; complying with legal obligations; and establishing, exercising, or defending legal claims.
We may also use personal data to send service-related communications, including order confirmations, delivery notifications, policy updates, and administrative notices, and, where permitted, marketing communications relating to our own similar products. You may opt out of non-essential marketing communications at any time.
We do not sell personal data, and we do not share personal data with third parties for their own independent marketing purposes.
7. Legal Bases for Processing
Depending on the context, our legal bases under applicable privacy law, including the UK GDPR and the Data Protection Act 2018, may include: the performance of a contract with you, or taking steps at your request before entering into a contract, which is the basis on which we process your brief, order, and delivery data in order to supply the plan you have bought; compliance with a legal obligation, such as tax and accounting record-keeping; your consent, where we ask for it; and our legitimate interests in operating, securing, promoting, and improving our business, provided those interests are not overridden by your rights.
Where we rely on legitimate interests, we have considered the impact on you and consider the processing to be proportionate and within your reasonable expectations. You may object to processing based on legitimate interests as described in section 16.
When we rely on consent, you may withdraw that consent at any time, although withdrawal will not affect the lawfulness of processing already carried out before withdrawal.
8. Special Category Data and Third-Party Personal Data
Our service is not intended to require special category personal data or criminal offence data as a routine matter, and we do not ask for it at any point in the order flow. As explained in section 4, you should not include it in a brief.
If special category data or third-party personal data is nevertheless volunteered in a brief, it will in practice be transmitted to our artificial intelligence provider along with the rest of that brief, because the brief is passed through as a single body of instructions. We will handle such content with appropriate confidentiality and only to the extent reasonably necessary to supply the plan you ordered and as legally permitted, but the most effective protection is not to submit it in the first place. To the fullest extent permitted by law, we do not accept responsibility for the consequences of a customer choosing to submit such data contrary to this policy.
9. Artificial Intelligence Generation and Our Use of a Sub-Processor
The business plans we supply are generated by an automated artificial intelligence system. We do not operate that system ourselves. We use a third-party artificial intelligence provider, Anthropic, as a processor acting on our behalf and on our documented instructions. Anthropic's relevant operations are conducted in the United States.
When you place an order, the contents of your brief, together with the configuration parameters for your package, are transmitted to Anthropic's application programming interface so that the plan text can be generated. The generated output is returned to us, assembled into a downloadable document, and made available to you. This transmission is necessary for the performance of our contract with you: without it, the product you have purchased cannot be produced.
We access this service under commercial API terms, which at the date of this policy provide that inputs and outputs submitted through the API are not used to train that provider's models, and which impose confidentiality and security obligations on the provider. Providers may nevertheless retain input and output data for a limited period for the purposes of service delivery, abuse monitoring, and legal compliance in accordance with their own published terms. We keep our arrangements with our sub-processors under review, and we may change or add sub-processors where reasonably necessary to operate the service.
10. Automated Decision-Making and Profiling
The generation of your business plan is an automated process, in the sense that the text of the document is written by software rather than by a human author. However, this is the product you have ordered rather than a decision taken about you.
We do not carry out automated decision-making that produces legal effects concerning you or similarly significantly affects you within the meaning of applicable data protection law. We do not use automated processing to profile you, to score you, or to decide whether to grant you credit, funding, employment, or any other benefit. Any decision that a bank, investor, grant body, immigration authority, or other third party may take after reading a plan we generated is a decision taken by that third party, not by us, and we have no involvement in or control over it.
11. Sharing and Disclosure of Personal Data
We may share personal data with trusted service providers and processors that support our operations. In practice these may include:
- Our artificial intelligence provider, Anthropic, for the purpose of generating the plan you have ordered, as described in section 9.
- Our website hosting and serverless infrastructure provider, which hosts the site and processes requests to it.
- Our database provider, which stores account, order, brief, and output records.
- Our payment provider or providers, which process your payment and provide us with limited payment metadata. Your card details are handled by the payment provider under its own terms and are not stored on our systems.
- Our email delivery provider, which transmits transactional messages such as order confirmations and delivery notifications.
- Professional advisers, such as accountants, auditors, insurers, and lawyers, where reasonably necessary and subject to appropriate duties of confidentiality.
12. Other Disclosures
We may also disclose personal data where required by law, regulation, court order, or lawful request by a public authority, or where disclosure is reasonably necessary to protect rights, property, or safety, to investigate fraud or abuse, to enforce our Terms and Conditions, or to establish, exercise, or defend legal claims.
If our business or assets are transferred, merged, acquired, reorganised, or sold, personal data may be transferred as part of that transaction, subject to the recipient being bound to handle it in a manner consistent with this policy or as otherwise required by law.
13. International Transfers
Some of our service providers process data outside the United Kingdom. In particular, and as explained in section 9, briefs are transmitted to our artificial intelligence provider whose relevant processing operations are conducted in the United States. Our hosting, database, and email providers may also process data outside the United Kingdom, including in the United States and the European Economic Area.
Where personal data is transferred outside the United Kingdom, we take reasonable steps to ensure an adequate level of protection as required by applicable law, including reliance on adequacy regulations where they apply, on the International Data Transfer Agreement or the UK Addendum to the European Commission's Standard Contractual Clauses, or on another lawful transfer mechanism, together with supplementary measures where appropriate.
By using a globally accessible website and by purchasing a product that is produced using a United States-based artificial intelligence provider, you acknowledge that data may be processed in more than one jurisdiction. We nevertheless aim to ensure that privacy protections travel with the data as required by law. You may request further information about the safeguards we rely on by contacting us at Comerziauk@gmail.com.
14. Data Retention
We retain personal data only for as long as reasonably necessary for the purposes for which it was collected, including to satisfy legal, accounting, tax, dispute-resolution, and record-keeping requirements. Retention periods may vary according to the nature of the data and the business relationship.
As a practical guide: account data is retained for as long as your account remains open and for a reasonable period afterwards; briefs and the business plans generated from them are retained in association with your order so that you can access and re-download your purchase and so that we can evidence what was supplied and handle any dispute; order and financial records are retained for the period required by tax and accounting law, which in the United Kingdom is ordinarily six years from the end of the relevant accounting period; and general enquiry correspondence is retained for a reasonable period to manage follow-up.
You may ask us to delete a stored brief or generated plan earlier than this by contacting us at Comerziauk@gmail.com. We will do so where we are able, subject to any overriding obligation to retain transaction records and subject to our need to retain sufficient information to defend legal claims. You should retain your own copy of any delivered document; deletion at your request may mean the document can no longer be re-supplied to you.
15. Data Security
We use reasonable technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access. Such measures may include encryption of data in transit, hashing of account passwords, access controls and authentication, reliance on the security measures of established infrastructure providers, restriction of access to those who need it, software updates, and proportionate monitoring for misuse or abuse.
No internet transmission or storage system is guaranteed to be entirely secure. You should therefore also take care to protect your own devices, account credentials, and communications when interacting with us online, and you should choose a strong and unique password for your account.
Where a personal data breach occurs and it is likely to result in a risk to the rights and freedoms of individuals, we will notify the Information Commissioner's Office as required by law, and we will notify affected individuals where the breach is likely to result in a high risk to them.
16. Your Privacy Rights
Subject to applicable law, you may have the right to request access to your personal data, request correction of inaccurate or incomplete data, request erasure, request restriction of processing, object to processing carried out on the basis of legitimate interests, object to direct marketing at any time, request portability of data you provided to us, withdraw consent where we rely on it, and complain to a supervisory authority.
To exercise any of these rights, contact us at Comerziauk@gmail.com. We may need to verify your identity before completing your request, and we may ask you to specify the information your request relates to. In some cases, legal exemptions or overriding rights may apply, and some rights may be limited where the data is contained within a completed transaction record we are required to keep. We will respond within the time required by law, ordinarily one month, and will explain any lawful limitation where relevant.
We do not charge a fee for handling a request unless it is manifestly unfounded or excessive, in which case we may charge a reasonable fee or decline to act, in each case as permitted by law.
17. Marketing Communications
Where permitted by law, we may contact existing customers about our own similar products, insights, or updates. Where consent is required, we will obtain it before sending marketing communications. We will honour opt-out requests and maintain suppression records where needed to ensure you no longer receive non-essential marketing communications. Every marketing email will include a means of unsubscribing.
Transactional or service-related messages, including order confirmations, delivery notifications, receipts, refund correspondence, security notices, and policy updates, may still be sent where necessary even if you opt out of marketing, because they form part of our performance of the contract with you.
18. Cookies and Similar Technologies
As at the effective date of this policy, our website does not set cookies for analytics, advertising, or tracking purposes. We rely on a small amount of strictly necessary browser storage to keep you signed in and to remember your currency preference, and on server logs maintained by our hosting provider for security and reliability.
For a full and current explanation of what runs on the website, why, and what controls are available to you, please refer to our Cookie Policy. If we introduce non-essential technologies in the future, we will update that policy and, where the law requires consent, obtain it before those technologies are activated.
19. Children's Privacy
Our website and products are intended for adults and business users, and our Terms and Conditions require you to be at least 18 years old to place an order. We do not knowingly solicit or collect personal data from children.
If you believe that a child has provided personal data to us in error, please contact us at Comerziauk@gmail.com so that we can take appropriate steps, which may include deleting the data and closing any associated account.
20. Third-Party Websites and Embedded Content
Our website may contain links to third-party websites, payment interfaces, or other external content. We are not responsible for the privacy practices of third parties, and you should review their privacy notices separately before submitting personal information to them.
Where you are directed to a payment provider to complete a transaction, the handling of the information you enter there is governed by that provider's own privacy notice and security standards.
21. Complaints
If you are dissatisfied with the way we handle your personal data, we encourage you to contact us first at Comerziauk@gmail.com so that we can attempt to resolve the issue promptly and fairly.
If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner's Office, which is the United Kingdom supervisory authority for data protection. The Information Commissioner's Office can be contacted through its website at ico.org.uk. You may also have the right to complain to the supervisory authority in the country where you live or work, or where the alleged breach took place. Contacting us first does not affect your right to complain to a supervisory authority at any time.
22. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in law, technology, our business operations, our sub-processors, or our risk management practices. When we do so, we will update the effective date and publish the revised version on the website. Material changes may also be communicated by additional notice where appropriate.
We encourage you to review this policy periodically. Continued use of the website or our products after a revised policy takes effect indicates that you have read it, to the extent permitted by law.
Comerzia LTD · Unit 7 Initial Business Centre, Wilson Business Park, Manchester, United Kingdom, M40 8WN · Comerziauk@gmail.com
Comerzia LTD is a private limited company registered in England and Wales, company number 16068070. Registered office as shown. Not currently VAT registered; prices include any tax that applies.