Found CTRL Found CTRL
Home
Ctrl / + H

Legal

Privacy Policy

Last updated: March 31, 2026

This Privacy Policy explains how Found CTRL Limited ("Found CTRL," "we," "us," or "our") collects, uses, stores, and protects information in connection with the foundctrl.com website and its associated public surfaces (collectively, the "Service"). Found CTRL Limited is a company incorporated in England and Wales (company no. 17079973).

As a privacy-focused studio, we build systems with consequence in mind, and that principle begins here. We do not use aggressive tracking, we do not bundle third-party analytics that sell your data, and we do not request information we do not need to operate the Service.

1. Scope

This Privacy Policy applies to:

  • the foundctrl.com website and all pages within it;
  • the journal, work, and informational content we publish;
  • direct email contact and project enquiry messages you send to us; and
  • any email or other communications you initiate with us through the Service.

This Privacy Policy does not cover third-party websites, services, or platforms that may be linked from the Service. Those providers operate under their own terms and privacy policies.

2. Our Privacy Model

The foundctrl.com website is a static marketing surface. We do not operate logins, user accounts, or persistent sessions. We do not sell your personal data to third parties. Any information we process is limited to what is necessary to respond to your enquiry, maintain the stability and security of the Service, or, where applicable, understand how the Service is being used.

3. Information We Collect

3.1 Enquiry and contact messages

When you contact us directly by email or send us project enquiry details through any contact channel we make available on the Service, we may collect:

  • your name;
  • your email address;
  • your organisation name (if provided);
  • a description of your project, budget range, or timeline (if provided); and
  • any other information you voluntarily include in your message.

3.2 Technical and usage data

When you visit the Service, our hosting infrastructure may automatically collect standard server-side technical data, which may include your IP address, browser type, referring URL, pages visited, and timestamps. This data is collected at the infrastructure level and is used for availability monitoring, security, and abuse prevention. It is not used to build personal profiles or to serve targeted advertising.

3.3 Communications you initiate

If you email us directly, we receive and retain the contents of your email, your address, and any attachments you include, for the purpose of responding to and managing your enquiry.

4. How We Use Information

We use the information we collect for the following purposes:

  • to respond to your project enquiry or message;
  • to maintain the security, availability, and performance of the Service;
  • to investigate abuse, fraud, or security incidents;
  • to comply with applicable legal obligations; and
  • to improve the Service, including how content is structured and delivered.

We do not use your information to send unsolicited marketing, to sell to third parties, or to build advertising profiles.

5. Legal Bases for Processing

Where the UK GDPR or other applicable data protection law requires a lawful basis, we rely on one or more of the following:

  • Legitimate interests — operating and securing the Service, responding to correspondence, and preventing abuse.
  • Performance of a pre-contractual step — handling your project enquiry at your request, ahead of any formal engagement.
  • Legal obligation — retaining records where required by law.
  • Consent — where you have clearly opted into a specific use we have described at the point of collection.

6. Third-Party Services

The Service may use third-party infrastructure for hosting and email routing. These providers process limited technical and communication data on our behalf and are subject to appropriate data processing terms. We do not use third-party behavioural analytics platforms or advertising networks on this Service.

The Service may contain links to third-party sites not operated by us. We have no control over and accept no responsibility for those sites' privacy practices.

7. Data Retention

We retain enquiry and contact data for as long as reasonably necessary to respond, follow up, and maintain operational records — typically no longer than 24 months unless an ongoing engagement or legal obligation requires otherwise.

Technical server logs are typically retained for a shorter period consistent with infrastructure and security practices. Where we are required by law to retain certain records, we do so for the legally mandated period.

8. Security

We take reasonable administrative, technical, and organisational measures to protect information against unauthorised access, loss, disclosure, or misuse. These include using TLS encryption for data in transit, restricting internal access to contact submissions, and choosing hosting and infrastructure providers with appropriate security standards.

No method of transmission over the internet is perfectly secure. You remain responsible for how you compose and send information to us.

9. International Transfers

Found CTRL is based in England and Wales. If you access the Service from outside the UK, your information may be processed in the UK or passed to providers operating in other jurisdictions. Where such transfers occur, we take reasonable steps to ensure appropriate protections are in place in line with applicable data protection law.

10. Children

The Service is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If we become aware that we have inadvertently received data from a minor, we will take steps to delete it promptly.

11. Your Rights

Depending on applicable law, you may have rights in relation to personal data we hold about you, including:

  • the right to access the personal data we hold about you;
  • the right to correct inaccurate or incomplete data;
  • the right to request deletion of your data where we have no overriding legitimate reason to retain it;
  • the right to restrict or object to certain processing;
  • the right to data portability where processing is based on consent or contract; and
  • the right to lodge a complaint with the Information Commissioner's Office (ICO) in the United Kingdom, or with the relevant supervisory authority in your jurisdiction.

To exercise any of these rights, contact us using the details in section 13 below.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the Service, applicable law, or our practices. The version published on this page is the current controlling version. We encourage you to review this page periodically.

13. Contact

For privacy questions, data requests, or concerns about how we handle your information, contact us at:

Found CTRL Limited
Registered in England & Wales (No. 17079973)
Email: hello@foundctrl.com
Website: foundctrl.com