Short version: We collect only what we need to run the service. We don't sell your data. We don't use tracking cookies. We use Plausible for privacy-friendly analytics. You have full rights over your data under UK GDPR.
Who We Are
ForeShiloh Ltd is the data controller for personal data collected through Shiloh Watch (shilohwatch.com). We're a company registered in England and Wales, based in Sheffield, UK.
This Privacy Policy explains how we collect, use, and protect your personal data when you use our service, and what rights you have under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
If you have questions about this policy or how we handle your data, contact us at hello@foreshiloh.com.
Data We Collect
| Category | What we collect | How it's collected |
|---|---|---|
| Account data | Email address, name (if provided), account preferences | When you register |
| Payment data | Subscription status, billing history (card details handled by Stripe, not us) | When you subscribe |
| Usage data | Pages visited, features used, session duration (anonymised via Plausible) | Automatically during use |
| Communications | Messages you send us (support, feedback) | When you contact us |
| Technical data | Browser type, device type, country (no IP stored by Plausible) | Automatically during use |
We don't collect sensitive personal data (such as health information, financial status beyond billing, or biometric data). We don't collect data about your actual trades or brokerage accounts.
Legal Basis for Processing
Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following:
- Contract performance: Processing your account data and payment information to provide the service you've subscribed to
- Legitimate interests: Analysing aggregate usage patterns to improve the service, detecting fraud, and maintaining security
- Legal obligation: Retaining billing records as required by UK tax law
- Consent: Sending you marketing emails (you can withdraw consent at any time)
Where we rely on legitimate interests, we've assessed that our interests don't override your rights and freedoms. You can request details of this assessment by contacting us.
How We Use Your Data
We use your data to:
- Create and manage your account
- Process subscription payments and manage billing
- Provide customer support and respond to your enquiries
- Send you service-related emails (account confirmation, payment receipts, important notices)
- Send you product updates or marketing emails (where you've given consent, with an opt-out on every email)
- Improve the service by understanding how it's used in aggregate
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations
We don't use your data for automated decision-making that has a legal or significant effect on you. We don't sell your data to third parties. Ever.
Third Parties
We work with a small number of trusted services to run Shiloh Watch. Here's who they are and what they do with data:
| Provider | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing | Email, billing info. Stripe stores card details; we don't. Stripe Privacy Policy |
| Plausible Analytics | Privacy-friendly website analytics | No personal data. No cookies. No IP addresses stored. EU-hosted. Plausible Privacy Policy |
| Email provider | Transactional and marketing emails | Email address and name (if provided) |
We only share data with third parties who have agreed to handle it in accordance with UK GDPR. We don't share data with advertisers, data brokers, or analytics platforms that track individuals across the web.
If we're ever required to disclose data by law (for example, in response to a court order), we'll notify you unless legally prohibited from doing so.
Data Retention
We retain your data for as long as your account is active, plus a reasonable period after closure to handle any outstanding queries or disputes. Specific retention periods:
- Account data: Kept for the duration of your account, then deleted within 90 days of account closure (unless a legal hold applies)
- Billing records: Retained for 7 years as required by UK tax law (HMRC requirements)
- Support communications: Retained for 2 years, then deleted
- Analytics data: Plausible retains aggregate (non-personal) analytics indefinitely for trend analysis
When your data reaches the end of its retention period, it's securely deleted or anonymised.
Your Rights Under UK GDPR
You have the following rights regarding your personal data. To exercise any of them, contact us at hello@foreshiloh.com. We'll respond within 30 days.
Request a copy of the personal data we hold about you (a Subject Access Request).
Ask us to correct inaccurate or incomplete data about you.
Ask us to delete your personal data ("right to be forgotten"), subject to legal retention requirements.
Request your data in a structured, machine-readable format to transfer to another service.
Ask us to pause processing your data in certain circumstances.
Object to processing based on legitimate interests, including marketing.
If you're not satisfied with how we handle your data request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk or call 0303 123 1113.
Cookies
We keep our cookie usage minimal. Here's exactly what we use:
- Session cookies: Essential for keeping you logged in during a visit. These are deleted when you close your browser.
- Authentication cookies: To remember your login session across visits (these expire after a set period or on logout).
We don't use advertising cookies, tracking cookies, or third-party cookies that follow you around the web. Plausible Analytics, our analytics provider, is cookieless by design and doesn't set any cookies in your browser.
Because we only use essential cookies necessary for the service to function, we don't require a cookie consent banner. If that changes, we'll update this policy and add the appropriate notices.
Security
We take reasonable technical and organisational measures to protect your data against unauthorised access, loss, or disclosure. These include:
- HTTPS encryption across the entire site
- Passwords stored using industry-standard hashing (never in plain text)
- Payment data handled entirely by Stripe (we never see or store card details)
- Access to production data limited to necessary personnel only
No system is 100% secure. If we become aware of a security breach that affects your personal data, we'll notify you and the ICO as required by law, within 72 hours of becoming aware.
ICO Registration
ForeShiloh Ltd is registered with the Information Commissioner's Office (ICO) as required under the Data Protection Act 2018. We take our data protection obligations seriously and operate in accordance with UK GDPR principles.
If you have concerns about how we handle your data that we haven't been able to resolve, you can contact the ICO directly:
- Website: ico.org.uk
- Phone: 0303 123 1113
- Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Data Requests and Contact
For any data protection requests or questions about this policy, please contact us:
- Email: hello@foreshiloh.com (subject: "Data Request" or "Privacy Enquiry")
- Company: ForeShiloh Ltd
- Location: Sheffield, UK
We'll respond to Subject Access Requests and other data rights requests within 30 days. In complex cases, we may extend this by up to two additional months, in which case we'll let you know within the first 30 days and explain why.
This Privacy Policy may be updated from time to time. We'll notify you of material changes by email. The "last updated" date at the top of this page always reflects the current version.