Privacy

Last updated: 2026-05-11

Fiuto is a user research platform for product teams, operated by Fiuto Ltd, a company in formation in England & Wales. This policy explains what personal data we collect through the marketing site at fiuto.ai and through the wishlist signup process. It does not cover the alpha product, which is not yet available.

In summary: we collect your email address and a small set of optional details so that we can grant you access when the alpha opens. We store a salted hash of your IP address to deter automated abuse. We do not load analytics unless you have accepted the cookie banner. You may delete the data we hold about you at any time, through any email we send.

What we collect

If you join the wishlist, we record:

  1. Your email address, together with a record confirming that the confirmation email was sent and opened.
  2. The role you select from a short predefined list.
  3. The company size you select from a short predefined list.
  4. A salted hash of your IP address, used to rate-limit automated submissions without storing the raw address.
  5. Whether you opted in to marketing emails, and the exact consent wording shown to you at the time, so that we have a record of what you agreed to.
  6. The referrer URL and any UTM parameters present on the link that brought you to the site.

If you accept the cookie banner, PostHog records page-view events on fiuto.ai. Autocapture and session recording are not enabled. PostHog hosting is in the EU.

If you decline the banner, or if your browser sends a Do-Not-Track or Global Privacy Control signal, the analytics SDK is not loaded.

What we do with it

  1. We send the wishlist confirmation email.
  2. We send occasional product updates, but only if you opted in to marketing emails. Replying with "unsubscribe" removes you from the list.
  3. We use your role and company size to plan the order and pace of alpha access.
  4. We do not sell, share, or profile your data beyond the uses listed above.

How long we keep it

  1. If you confirm your email: we retain your record indefinitely, until you erase it. We will revisit this retention period when the alpha opens and a full account system is in place.
  2. If you do not confirm within 14 days: the record is deleted automatically.
  3. If you erase your data or unsubscribe: we retain a hashed marker to prevent the same address from being re-added by accident. No readable personal data is kept.

How to delete your data

Every email we send includes a one-click erasure link in the footer. Clicking it removes your record. Alternatively, you may email [email protected] from the address you signed up with.

Who we share it with

We rely on the following data processors:

  1. Supabase: database and edge functions (EU region).
  2. Cloudflare: site hosting and edge network.
  3. Resend: email delivery.
  4. PostHog: analytics (EU hosting; loaded only after cookie banner acceptance).

We do not share your data with any other parties.

Your rights

Under UK GDPR, you may ask us to provide a copy of, correct, or delete the personal data we hold about you. You may also complain to the Information Commissioner's Office at ico.org.uk if you are dissatisfied with how we have handled your data. The fastest route is to email [email protected].

When this changes

We may update this page. If we change what we collect or how we use it, we will notify confirmed wishlist members by email and update the date at the top.

Contact

[email protected] for any questions about this policy.