Privacy Notice
VERSION 1 — JULY 2026
Who we are
VenturePressure, operated by [FULL LEGAL NAME / TRADING NAME], is the data controller for personal data processed through this site and its assessments. Contact: hello@venturepressure.com. We are registered with the UK Information Commissioner's Office (ICO).
What we collect and why
If you take an assessment: your name, email address, and role (provided by your engagement lead); your 96 card responses and their response timings; the device type used; and your consent record. Purpose: producing your individual pressure profile and your team's engagement report, and — in anonymised or pseudonymised form — improving and validating the instrument.
If you contact us: your email address and message contents, used to respond to you.
We do not collect special-category data, and the assessment is not a medical, clinical, or diagnostic instrument. We use no advertising trackers.
Lawful basis
Assessment data: your consent, given explicitly before the assessment begins and withdrawable at any time. Engagement administration and correspondence: our legitimate interest in operating the service. Retention of anonymised or pseudonymised configuration data for validation: our legitimate interest in instrument quality, balanced against your rights (see below).
Automated processing and AI — plain statement
Scoring is deterministic and rule-based: your responses are scored by a fixed, versioned algorithm, not machine learning, and every score is reproducible and inspectable. AI assists only in drafting report narrative from the already-computed findings, with names replaced by pseudonyms before any external processing; every report is reviewed and authored by the practitioner before delivery — delivery is mechanically blocked until review is complete. No solely automated decision producing legal or similarly significant effects is made about you, and outputs are contractually barred from use in employment selection.
Who sees your data
- Your engagement team: your individual profile is shared within your engagement only as agreed with your team, as stated at consent.
- Our processors: Supabase (database hosting, EU — Frankfurt), Cloudflare (site delivery and email routing), Postmark (transactional email, when used), and Anthropic (AI narrative drafting, pseudonymised data only). Each processes under contract on our instructions.
- Nobody else. We do not sell or share personal data for marketing.
International transfers
Assessment data is stored in the EU. Where a processor involves transfer outside the UK/EEA (e.g. pseudonymised report drafting via Anthropic, US), transfers rely on appropriate safeguards including standard contractual clauses.
How long we keep it
Identifiable assessment data: 24 months after your engagement closes, then erased automatically, unless you separately consent to outcome follow-up. Anonymised or pseudonymised configuration data (scores without your name or email): retained for instrument validation. In small teams such data may remain pseudonymous rather than fully anonymous; it is protected to the same standard as personal data. Correspondence: up to 24 months. Delivered report links expire after 90 days.
Your rights
You may at any time: access the personal data we hold about you; ask us to correct it; ask us to erase your identifiable data; withdraw consent (this stops future processing; it does not make prior processing unlawful); object to processing based on legitimate interests; ask us to restrict processing; and request portability of data you provided. To exercise any right: hello@venturepressure.com. We respond within one month. Erasure requests are actioned against identifiable data; anonymised configuration data, which cannot be linked back to you, may be retained.
Complaints
If you're unhappy with how we handle your data, contact us first and we'll try to put it right. You also have the right to complain to the UK Information Commissioner's Office: ico.org.uk/make-a-complaint.
Security
Data is protected by row-level access controls, hashed single-use invitation and report tokens, rate limiting, encrypted transport, and audit logging of administrative actions. Assessment links grant access only to the session they name.
Changes
We'll post updates to this notice here with a new version number. The consent text you accepted is versioned and retained with your record.