Privacy Policy

Last updated: April 2026  ·  UK GDPR compliant  ·  ICO registered

1
Who we are

The SaaS factory is operated by John Reddie t/a The SaaS Factory as data controller. Our services are hosted on servers located in the United Kingdom.

Data protection enquiries: data@thesaasfactory.net

2
What data we collect

We collect only the data necessary to operate our services:

  • Account data — your email address and encrypted password when you register.
  • Payment data — payment records (amount, currency, date, status). Card details are processed by Stripe and never stored on our servers.
  • Chat messages — messages sent through teleCast widgets are stored to support chat history on reconnect. Messages are retained for up to 90 days.
  • Usage data — translation credit usage and cache statistics, used to calculate your balance and generate your monthly statement.
  • Session data — a standard PHP session cookie (PHPSESSID) is set when you sign in. This expires when you close your browser.
3
How we use your data
  • To provide and operate the teleCast service
  • To process payments and maintain your credit balance
  • To send transactional emails (registration, payment receipts, password reset, monthly statements)
  • To respond to support requests

We do not use your data for advertising, profiling, or any purpose beyond operating the service.

4
Third-party services

Stripe — payment processing. Stripe is PCI-DSS compliant. See Stripe's privacy policy.

DeepL — translation of chat messages. Message content is transmitted to DeepL for translation. We use DeepL's Pro API which provides enhanced data protection guarantees. See DeepL's privacy policy.

Telegram — messages are bridged to and from Telegram groups. Telegram's own privacy policy applies to content within their platform.

We do not use Google Analytics, Facebook Pixel, or any other tracking or advertising services.

5
Data retention

Account data is retained for as long as your account is active. Chat messages are retained for up to 90 days. Payment records are retained for 7 years to meet legal accounting obligations. You can request deletion of your account and personal data at any time — see section 7.

6
Data security

Passwords are hashed using bcrypt and never stored in plain text. Bot tokens are encrypted at rest using AES-256-GCM. All data is transmitted over TLS. Our servers are located in the United Kingdom and are not accessible to third parties.

7
Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Object to or restrict processing
  • Data portability

To exercise any of these rights, email data@thesaasfactory.net. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

8
Changes to this policy

We may update this policy from time to time. We will notify registered users by email of material changes. The current version is always available at this URL.

9
Contact

Data protection enquiries: data@thesaasfactory.net
General enquiries: hello@thesaasfactory.net

← Back