← Back to BioGain

Privacy Policy

Last updated: 10 March 2026

This Privacy Policy explains how Soda Creative Studios Ltd ("we", "us", "our") collects, uses, and protects your personal data when you use BioGain at biogain.uk ("Service").

We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Controller

Soda Creative Studios Ltd is the data controller for personal data processed through this Service.

Contact: max@sodastudios.com

2. What Data We Collect

DataWhenWhy
Email addressAccount registrationAuthentication, communications
Password (hashed)Account registrationAuthentication — stored as SHA-256 hash, never plaintext
Site boundary coordinatesDrawing on mapGenerating BNG assessment reports
Saved projects & assessmentsUsing the ServiceProviding project history and continuity
Payment informationPurchasing a planProcessing payments — handled entirely by Stripe, we never see full card details
Usage dataBrowsing the siteCloudflare analytics (no personal identifiers)

3. Legal Basis for Processing

  • Contract: Processing your data to provide the Service you signed up for (account, projects, reports)
  • Legitimate interest: Site analytics, security, and service improvement
  • Consent: Marketing communications (if you opt in)

4. How We Use Your Data

  • To provide and maintain the Service
  • To authenticate your account
  • To generate and store your BNG assessment reports
  • To process payments via Stripe
  • To communicate important service updates
  • To improve the Service based on usage patterns

We do not sell your personal data. Ever.

5. Data Storage and Security

  • Account and project data is stored on Cloudflare D1 (EU West region)
  • Passwords are hashed using SHA-256 before storage
  • All data in transit is encrypted via TLS/SSL
  • The site is served through Cloudflare's CDN with DDoS protection

6. Third-Party Services

ServicePurposeData shared
CloudflareHosting, CDN, securityIP address, usage data
StripePayment processingEmail, payment details
MapboxMap renderingMap interactions (anonymised)
ElevenLabsOnboarding voice narrationNo personal data — text-to-speech only
Natural England, EA, BGS, NBN AtlasEnvironmental data queriesGeographic coordinates only (no personal data)

7. Data Sharing

We share data with third parties only as described above. We do not:

  • Sell personal data to advertisers or data brokers
  • Share your site assessments with other users (unless you create a shareable link)
  • Use your data for AI training

8. Data Retention

  • Account data: Retained while your account is active, deleted within 30 days of account closure
  • Project data: Retained while your account is active
  • Shared reports: Public share links remain accessible until deleted by you or account closure
  • Payment records: Retained for 7 years as required by UK tax law

9. Your Rights (UK GDPR)

You have the right to:

  • Access — Request a copy of your personal data
  • Rectification — Correct inaccurate data
  • Erasure — Request deletion of your data ("right to be forgotten")
  • Portability — Receive your data in a structured, machine-readable format
  • Object — Object to processing based on legitimate interest
  • Restrict processing — Request limitation of processing

To exercise any of these rights, email max@sodastudios.com. We will respond within 30 days.

10. Cookies

We use minimal cookies and localStorage. See our Cookie Policy for details.

11. Children

The Service is not intended for users under 16. We do not knowingly collect data from children.

12. International Transfers

Your data is primarily stored in Cloudflare's EU West region. Some third-party services (Stripe, Mapbox) may process data in the US under appropriate safeguards (Standard Contractual Clauses).

13. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or notice on the website.

14. Complaints

If you're unhappy with how we handle your data, you can complain to the Information Commissioner's Office (ICO):

ico.org.uk/make-a-complaint

15. Contact

Soda Creative Studios Ltd
Email: max@sodastudios.com

Terms of Service Cookie Policy Back to BioGain