Last updated 24 August 2025

This policy explains how Pitchd.ai collects, uses, stores, and protects the data processed through our platform, ensuring compliance with applicable UK and EU data protection laws (including UK GDPR and the Data Protection Act 2018).

1. Purpose of this Policy

Safeguard the confidentiality, integrity, and availability of all data, and ensure lawful, transparent processing.

2. Scope

This applies to all users and all data processed through the Pitchd.ai platform.

3. Data We Collect

• → User Account Data: name, email, role, encrypted password, activity logs.
• → Pitch Process Data: briefs, proposals, scoring sheets, contracts, metadata.
• → System Data: IP addresses, device/browser info, cookies, aggregated usage analytics.

4. Lawful Basis for Processing

Performance of a contract, legitimate interest, consent where required.

5. How We Use Data

Facilitate pitch management, enable secure sharing, provide aggregated analytics, comply with legal obligations.

6. Data Sharing & Transfers

Internal access by authorised staff; external sharing only with consent or legal requirement; UK/EU-compliant vendor contracts; safeguards for international transfers.

7. Data Retention

User account data retained while active + 12 months; pitch content retained per contract or deleted on request; backups cleared after 90 days.

8. Data Security

Encryption in transit (TLS 1.2+) and at rest (AES-256), access control by least privilege, regular security monitoring.

9. User Rights

Access, correction, deletion, objection, portability; requests to data@pitchd.ai within 30 days.

10. Data Breach Notification

We will notify affected users and the ICO within 72 hours of becoming aware of a personal data breach that poses a risk to rights and freedoms.

11. Contact

Data Protection Officer (DPO)
Pitchd.ai
Email: data@pitchd.ai