Privacy Policy

Last updated: 21 May 2025

1. Who we are

nonoodle.com (trading as BSchecker.ai) is a limited company registered in England & Wales.
Contact for all privacy matters: hello@bschecker.ai

2. What data we collect

Category	What we collect	Why we need it	Lawful basis
Identity & contact	First name, last name, email address, WhatsApp phone number	• Create and manage your account • Send fact-check results and service updates	Contract
Payment metadata	Stripe customer ID, subscription tier, billing postcode, last-4 card digits	• Process subscription payments • Issue invoices and refunds	Contract / Legal obligation (tax)
Usage data	Site actions, page views, error logs, IP address, device/browser info	• Keep the service secure • Understand feature use • Fix bugs	Legitimate interests

* Collected automatically by analytics/error-tracking tools (see Section 10).

3. Special-category & children's data

We do not collect special-category data (e.g. health, race) or knowingly collect data from anyone under 16. If you believe a child has supplied data, email us so we can delete it.

4. Why we process your data

Provide the BSchecker.ai service (check videos, deliver results).
Take payment for subscriptions and manage plan changes.
Send essential service notices (renewals, technical issues).
Send our own marketing (offers, new features, tips) — you may opt out.
Run analytics and adverts to improve reach and performance.
Comply with UK tax and accounting law.

5. Marketing practices

We email product news only with your opt-in (or "soft opt-in" for existing customers).
We may upload hashed email addresses to Meta (Facebook/Instagram), TikTok, Google Ads, LinkedIn and Amazon Ads to build Custom / Matched Audiences for our own advertising.
Because we do not have restrictive processor-only agreements with those platforms, regulators treat this as sharing data that the platforms may also reuse in their wider ad-targeting ecosystems.
You can ask us to exclude you at any time.

6. Sharing & international transfers

Partner	Service	Data shared	Location / safeguard
Stripe Payments UK Ltd	Payments & customer portal	Email, Stripe ID, limited billing info	USA — SCCs
Vercel Inc.	Hosting & edge delivery	IP, cookies, log files	USA + global edge — SCCs
Supabase (EU region)	Database & authentication	Name, email, phone, auth tokens, transcripts	EU only
WhatsApp Business (Meta)	Message delivery	Phone number, message content	USA — SCCs
Meta, TikTok, Google Ads/Tag Mgr, LinkedIn, Amazon Ads	Pixels & Custom Audiences	Hashed email, browsing events, IP	USA / Singapore — SCCs / DPF
PostHog Cloud	Product analytics	Pseudonymised usage data	EU data centre
Microsoft Clarity	Heat-maps	Usage data	USA — SCCs
Sentry	Error tracking	Error logs, IP	USA — SCCs
YouTube (Google)	Embedded videos	IP, device info	USA — DPF

Transfers outside the UK/EU are protected by Standard Contractual Clauses (SCCs) or the EU–US Data Privacy Framework (DPF).

7. Retention & deletion

Data set	Retention rule
Payment & tax records	6 years after the end of the financial year
Active account data	While subscription is live
Dormant / cancelled accounts	Delete / anonymise after 24 months of inactivity
Support tickets & WhatsApp chats	Delete after 18 months
Marketing-consent log	Kept until you opt out
Custom-audience files	Deleted immediately after upload; refreshed monthly

Automated scripts run monthly or quarterly to enforce these limits.
Users may email hello@bschecker.ai at any time to request deletion; we respond within one month.

8. Cookies & similar technologies

We use:

First-party cookies to keep you logged in and remember you between visits.
Third-party cookies from the tools listed in Section 6 (analytics, advertising, payments, error tracking).

You can manage consent through our banner or your browser settings. Full details are in our Cookie Tables.

9. Security measures

We apply industry-standard safeguards, including TLS encryption, role-based access, hashed & salted passwords, least-privilege API keys, regular patching, and automated intrusion monitoring.
We do not yet support multi-factor authentication (MFA) — please seek legal confirmation on whether this is sufficient for your risk profile.

10. Your rights

Access the data we hold about you
Correct inaccurate data
Erase your data ("right to be forgotten")
Restrict or object to processing
Port your data to another service
Withdraw marketing consent at any time
Complain to the UK ICO

11. How to exercise your rights

Email hello@bschecker.ai. We aim to respond within one month.
To stop marketing: click "unsubscribe" in any email or reply "STOP BS" to a WhatsApp message.

12. Complaints

If you're unhappy, contact us first. You may also complain to the Information Commissioner's Office (ICO): ico.org.uk | +44 (0)303 123 1113.

Loading...

Please wait while we prepare your content.

2. What data we collect

Category	What we collect	Why we need it	Lawful basis
Identity & contact	First name, last name, email address, WhatsApp phone number	• Create and manage your account • Send fact-check results and service updates	Contract
Payment metadata	Stripe customer ID, subscription tier, billing postcode, last-4 card digits	• Process subscription payments • Issue invoices and refunds	Contract / Legal obligation (tax)
Usage data	Site actions, page views, error logs, IP address, device/browser info	• Keep the service secure • Understand feature use • Fix bugs	Legitimate interests

* Collected automatically by analytics/error-tracking tools (see Section 10).

4. Why we process your data

Provide the BSchecker.ai service (check videos, deliver results).

Take payment for subscriptions and manage plan changes.

Send essential service notices (renewals, technical issues).

Send our own marketing (offers, new features, tips) — you may opt out.

Run analytics and adverts to improve reach and performance.

Comply with UK tax and accounting law.

5. Marketing practices

We email product news only with your opt-in (or "soft opt-in" for existing customers).

We may upload hashed email addresses to Meta (Facebook/Instagram), TikTok, Google Ads, LinkedIn and Amazon Ads to build Custom / Matched Audiences for our own advertising.

Because we do not have restrictive processor-only agreements with those platforms, regulators treat this as sharing data that the platforms may also reuse in their wider ad-targeting ecosystems.

You can ask us to exclude you at any time.

6. Sharing & international transfers

Partner	Service	Data shared	Location / safeguard
Stripe Payments UK Ltd	Payments & customer portal	Email, Stripe ID, limited billing info	USA — SCCs
Vercel Inc.	Hosting & edge delivery	IP, cookies, log files	USA + global edge — SCCs
Supabase (EU region)	Database & authentication	Name, email, phone, auth tokens, transcripts	EU only
WhatsApp Business (Meta)	Message delivery	Phone number, message content	USA — SCCs
Meta, TikTok, Google Ads/Tag Mgr, LinkedIn, Amazon Ads	Pixels & Custom Audiences	Hashed email, browsing events, IP	USA / Singapore — SCCs / DPF
PostHog Cloud	Product analytics	Pseudonymised usage data	EU data centre
Microsoft Clarity	Heat-maps	Usage data	USA — SCCs
Sentry	Error tracking	Error logs, IP	USA — SCCs
YouTube (Google)	Embedded videos	IP, device info	USA — DPF

Transfers outside the UK/EU are protected by Standard Contractual Clauses (SCCs) or the EU–US Data Privacy Framework (DPF).

7. Retention & deletion

Data set	Retention rule
Payment & tax records	6 years after the end of the financial year
Active account data	While subscription is live
Dormant / cancelled accounts	Delete / anonymise after 24 months of inactivity
Support tickets & WhatsApp chats	Delete after 18 months
Marketing-consent log	Kept until you opt out
Custom-audience files	Deleted immediately after upload; refreshed monthly

Automated scripts run monthly or quarterly to enforce these limits.
Users may email hello@bschecker.ai at any time to request deletion; we respond within one month.

9. Security measures