Privacy Policy | Powerhause

Who we are: Powerhause is a SaaS platform operated by Powerhause Ltd, helping service-based founders build, launch, and grow their online businesses. This policy covers: powerhause.io (BizOS), powerhauseacademy.com (Academy), and all associated mobile and desktop applications.

Our commitment: We take your privacy seriously. This policy explains clearly and honestly what data we collect, why we collect it, how we protect it, and your rights over it under UK GDPR and the UK Data Protection Act 2018.

1. Who We Are

Powerhause Ltd ("Powerhause", "we", "us", or "our") is the data controller responsible for your personal data when you use our platforms.

Registered company:: Powerhause Ltd
Platforms:: powerhause.io (BizOS — Business Operating System) and powerhauseacademy.com (Powerhause Academy)
Contact email:: hello@powerhause.io
Data protection enquiries:: hello@powerhause.io (subject line: Data Protection)

If you have any questions about how we handle your personal data, please contact us at hello@powerhause.io. We aim to respond to all data-related enquiries within 30 days.

2. Personal Data We Collect

We only collect data that is necessary for the purposes described in this policy.

2.1 Account and Identity Data

Full name
Email address
Password (encrypted — we never store plain-text passwords)
Profile photo (if uploaded)
Username and display name (community platform)
Google, Facebook, or Apple account identifiers (if you use social sign-in)

2.2 Business and Professional Data

Business or brand name
Business description and service details
Packages, pricing, and offerings you create on your landing page
Booking calendar links (Cal.com, Calendly, or Google Calendar URLs you provide)
Custom domain preferences
Your Power Hour profile (lifestyle and schedule preferences you voluntarily provide)

2.3 Payment and Billing Data

Subscription plan and billing history (Basic or Pro)
Payment method details — handled entirely by Stripe; we do not store card numbers
Stripe Connect account ID (if you connect Stripe to receive client payments)
Transaction records for platform fee calculations

2.4 Usage and Technical Data

IP address and approximate location (country/city level)
Browser type and version
Device type and operating system
Pages visited and features used within the platform
Login timestamps and session data
Error logs and performance data

2.5 Community and Content Data

Posts, comments, replies, and reactions you create in the community
Messages and content within founder communities you join or create
Profile information visible to other community members
PowerCoins balance and transaction history
Leaderboard rankings

2.6 Communications Data

Emails you send to our support team
Support tickets and bug reports you submit
Feedback, suggestions, and improvement requests
Survey responses (if you participate in research)

2.7 Client Data (Data You Process Through Our Platform)

When your clients purchase packages from your landing page, the following data passes through our platform:

Client name and email address (via Stripe Checkout)
Payment confirmation details

You are the data controller for your clients' data. We act as a data processor on your behalf. Please ensure you have your own privacy policy in place for your clients.

2.8 Data We Do Not Collect

We do not collect or process the following special categories of personal data:

Racial or ethnic origin
Political opinions
Religious or philosophical beliefs
Trade union membership
Genetic or biometric data
Health data
Sexual orientation or gender identity

Exception: Our Power Hour questionnaire asks about family situation (e.g. whether you have children). This is entirely voluntary and used solely to personalise your dashboard experience. You may skip it at any time.

3. How We Collect Your Data

3.1 Data You Provide Directly

When you create an account or sign up via Google, Facebook, or Apple
When you complete the launch wizard or Power Hour questionnaire
When you configure your landing page, packages, or booking settings
When you contact our support team
When you participate in the community (posts, comments, reactions)

3.2 Data Collected Automatically

When you visit powerhause.io or powerhauseacademy.com, we automatically collect technical data (IP address, browser, device) via server logs. Session cookies are set when you log in to maintain your authenticated session. Usage analytics help us understand how features are used.

3.3 Data From Third Parties

Stripe: payment processing data, connected account status, and transaction information
Google, Facebook, Apple: basic profile data (name, email, profile picture) when you use social sign-in
Cal.com, Calendly, Google Calendar: your public booking URL, which you provide to us
SendGrid: email delivery confirmation and open/click statistics

4. Our Lawful Basis for Processing

Under UK GDPR, we must have a lawful basis for every type of data processing:

Contract performance

Processing your account data, subscription data, and payment data is necessary to provide you with the Powerhause service you have signed up for.

Legitimate interests

We process usage and technical data to improve our platform, prevent fraud, ensure security, and send transactional communications. We have assessed that our legitimate interests do not override your rights.

Consent

We rely on your consent for marketing emails, optional questionnaire data (Power Hour), and non-essential cookies. You may withdraw consent at any time.

Legal obligation

We may process data to comply with applicable laws, respond to lawful requests from authorities, or meet our tax and accounting obligations.

5. How We Use Your Data

5.1 To Provide and Improve the Platform

Creating and maintaining your account
Operating the launch wizard and generating your landing page
Processing subscription payments and managing your plan
Enabling Stripe Connect so your clients can pay you
Displaying your Power Hour profile and personalised dashboard
Operating the community platform and PowerCoins system
Sending transactional emails (receipts, confirmations, notifications)

5.2 To Communicate With You

Sending platform notifications (new community activity, payment confirmations)
Sending the weekly community digest email (if you have opted in)
Responding to your support tickets and enquiries
Sending product updates and feature announcements (you may unsubscribe at any time)

5.3 For Security and Fraud Prevention

Monitoring for suspicious login activity
Preventing abuse of the platform, community, and referral system
Maintaining audit logs of administrative actions

5.4 For Analytics and Product Development

Understanding how features are used to improve them
Aggregated, anonymised analytics to inform business decisions
We do not sell your data for advertising purposes

5.5 What We Will Never Do

Sell your personal data to any third party
Use your data to train AI models without your explicit consent
Share your data with advertisers or data brokers
Send you unsolicited marketing without your consent

6. Who We Share Your Data With

We do not sell your personal data. We share it only with the following trusted third-party service providers, strictly to deliver the Powerhause service:

Supabase (Supabase Inc.)

Our primary database and authentication provider. Your account data, content, and platform data is stored on Supabase infrastructure hosted in the EU. Data is processed under UK GDPR-compliant standard contractual clauses.

Stripe (Stripe, Inc.)

Payment processing for subscriptions and Stripe Connect for founder payments. Stripe handles all payment card data directly. We receive only transaction metadata. Stripe is PCI DSS Level 1 certified.

Twilio SendGrid

Email delivery for transactional emails, notifications, and marketing communications.

Vercel (Vercel Inc.)

Hosting and deployment infrastructure for powerhause.io. Vercel processes request logs and performance data.

Bluehost

Domain name management for powerhause.io and powerhauseacademy.com.

NeonDB

Database infrastructure for powerhauseacademy.com.

All third-party processors are contractually bound to process your data only on our instructions, maintain appropriate security measures, and not use your data for their own purposes.

We may also disclose personal data where required by law, court order, or lawful request from a public authority, or where disclosure is necessary to protect the safety of any person.

7. International Data Transfers

Some of our service providers are based outside the United Kingdom. Where we transfer your personal data internationally, we ensure appropriate safeguards are in place, including:

UK International Data Transfer Agreements (IDTA) or EU Standard Contractual Clauses with a UK Addendum
Transfers to countries with UK adequacy decisions
Transfers to providers certified under appropriate frameworks

Supabase stores data in the EU (adequate protection); Stripe processes payments in the US (covered by standard contractual clauses); Vercel and SendGrid operate under contractual safeguards. You may request details by contacting hello@powerhause.io.

8. How Long We Keep Your Data

Active account dataRetained for the duration of your account and for 2 years after account deletion.

Transaction and billing recordsRetained for 7 years to comply with HMRC and financial record-keeping requirements.

Community contentRetained while your account is active. Deleted posts are removed from public display immediately; server-side deletion occurs within 30 days.

Support ticket dataRetained for 3 years from the date of ticket closure.

Marketing consent recordsRetained for 5 years from the date of consent or withdrawal.

Server and access logsRetained for 90 days.

PowerCoins ledgerRetained for the duration of your account plus 2 years for dispute resolution.

9. Your Rights Under UK GDPR

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the following rights:

Right of Access (Article 15)

You have the right to request a copy of all personal data we hold about you. We will provide this within 30 days, free of charge, in a commonly used electronic format.

Right to Rectification (Article 16)

You have the right to correct any inaccurate or incomplete personal data we hold about you. You can update most profile information directly in your account settings.

Right to Erasure / Right to be Forgotten (Article 17)

You have the right to request deletion of your personal data. Exceptions apply where we need to retain data to comply with legal obligations.

Right to Restriction of Processing (Article 18)

You have the right to ask us to restrict how we use your data in certain circumstances.

Right to Data Portability (Article 20)

Where we process your data by automated means, you have the right to receive it in a structured, machine-readable format.

Right to Object (Article 21)

You have the right to object to processing based on legitimate interests. We will stop unless we can demonstrate compelling legitimate grounds.

Right Not to be Subject to Automated Decision-Making (Article 22)

We do not make automated decisions about you that produce significant legal effects.

Right to Withdraw Consent

Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise your rights, email hello@powerhause.io with the subject line "Data Rights Request". We will respond within 30 days.

If you are unhappy with our response, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

10. Cookies and Tracking Technologies

10.1 What Cookies We Use

Strictly necessary cookies

Required for the platform to function, including session authentication cookies, CSRF protection tokens, and cookies used for the Stripe payment flow. These cannot be disabled.

Functional cookies

Remember your preferences, such as language settings and dashboard configuration.

Analytics cookies

Help us understand how the platform is used. We use anonymised, aggregated data only. You may opt out.

Community join intent cookie (ph_community_join)

A temporary cookie set when you click to join a founder community before logging in. Expires after 7 days.

10.2 Managing Cookies

You can manage your cookie preferences via your browser settings. Disabling strictly necessary cookies will prevent you from logging in. To opt out of analytics cookies, visit your account settings at powerhause.io/settings.

11. How We Protect Your Data

All data transmitted between your browser and our servers is encrypted using TLS (HTTPS)
Passwords are hashed using PBKDF2 with a unique salt — we never store plain-text passwords
Database access is restricted by row-level security policies
Authentication uses industry-standard OAuth 2.0 and JWT tokens
Third-party providers (Stripe, Supabase) maintain their own security certifications
Administrative actions are logged in an immutable audit trail
Employee access to production data is restricted on a need-to-know basis

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and notify affected users without undue delay.

12. Children's Privacy

Powerhause is intended for adults aged 18 and over. We do not knowingly collect personal data from children. If you believe a child under 18 has created an account, please contact us at hello@powerhause.io and we will take prompt action.

13. Third-Party Links and Integrations

Our platform allows you to connect third-party services including Cal.com, Calendly, Google Calendar, Stripe, and social sign-in providers. When you connect these services, their own privacy policies apply. We encourage you to review their policies before connecting them to your account.

14. Founder Communities and Community Platforms

Pro plan founders can create their own communities on the Powerhause platform. As a community founder:

You are a data controller for your community members' personal data and must have your own privacy policy in place.
Powerhause acts as a data processor — we store and serve the data but do not use it for our own purposes.
If you charge for community access, your members' payment data is processed by Stripe Connect.
Powerhause administrators retain the right to moderate content that violates our Terms of Service or Community Guidelines.

15. PowerCoins and Rewards System

Powerhause operates a PowerCoins system that rewards platform engagement. We process your coin balance and transaction history, the actions that triggered coin awards, monthly leaderboard rankings, and referral relationships. Leaderboard rankings are public to other logged-in Powerhause users. To opt out, contact hello@powerhause.io.

16. Marketing Communications

We may send marketing communications only where you have explicitly consented or where you are an existing customer and have not opted out. You can unsubscribe at any time by clicking the "Unsubscribe" link in any email, updating your notification preferences in account settings, or emailing hello@powerhause.io.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date, display a notice on the Powerhause dashboard for 30 days, and send an email notification for significant changes. Your continued use of Powerhause after changes are posted constitutes acceptance of the updated policy.

18. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy:

Email: hello@powerhause.io (subject: Privacy Policy)

Data rights requests: hello@powerhause.io (subject: Data Rights Request)

We aim to respond within 30 days. If you are not satisfied, you have the right to complain to the ICO at ico.org.uk or by calling 0303 123 1113.

POWERHAUSE LTD · powerhause.io · hello@powerhause.io

This policy is effective from 28 May 2026