Privacy Policy

1 Who we are

Outfox is a sole trader bill review service operated by Jack Mullen. We act as the data controller for any personal data you provide to us.

Contact: jack@getoutfox.co.uk
Website: getoutfox.co.uk
ICO Registration Number: ZC126547

We are registered with the Information Commissioner's Office (ICO) as a data controller, as required under UK GDPR.

2 What data we collect

We collect the following categories of personal data:

Category	Examples	How collected
Contact details	Name, email address, phone number, postcode	Intake form
Service information	Current provider, monthly cost, contract status, speed tier	Intake form
Bill documents	PDF or image copies of your broadband, mobile or TV bills	Uploaded via intake form or emailed to us
Preferences and goals	Switching priorities, effort level, Sprive/Airtime Rewards awareness	Intake form
Payment information	Transaction records (card details handled by Stripe — we never see or store them)	Payment link
Communications	Emails and messages you send us	Direct contact

      Bill documents: Your bills may contain sensitive financial details including account numbers, usage history and payment information. We treat these with particular care — they are used solely to verify your current spend and are deleted within 90 days of your report being delivered.
    

3 Why we collect your data and our lawful basis

We collect and process your data for the following purposes, each with an appropriate lawful basis under UK GDPR:

Purpose	Lawful basis
Conducting your bill review and producing your savings report	Contract — processing is necessary to perform the service you requested
Verifying your current spend from bill documents	Contract — necessary to calculate accurate savings
Sending your report and associated follow-up communications	Contract / Legitimate interests
Processing payment and maintaining financial records	Legal obligation (required for tax and accounting purposes)
Occasional follow-up to check your progress or ask for a testimonial	Legitimate interests — you can opt out at any time

We do not use your data for unsolicited marketing, do not sell your data, and do not share it with third parties for their own commercial purposes.

4 Who we share your data with

To deliver our service, your data is processed by the following trusted third-party platforms. Each has a Data Processing Agreement in place with us, and all handle your data in accordance with UK GDPR or equivalent standards.

Service	Purpose	Location
Airtable	Client database (CRM)	United States (SCCs in place)
Make.com	Workflow automation	EU / United States (SCCs in place)
Brevo	Email communications	European Union
Anthropic (Claude API)	AI-assisted report drafting	United States (SCCs in place)
Stripe	Payment processing	United States (SCCs in place)
Google Workspace	Business email (jack@getoutfox.co.uk)	United States (SCCs in place)
Netlify	Website hosting	United States (SCCs in place)

SCCs = Standard Contractual Clauses, the approved mechanism for lawful international data transfers under UK GDPR.

We will never share your personal data with any other third party without your explicit consent, except where required to do so by law.

5 How long we keep your data

Data type	Retention period
Bill documents (PDFs / images)	Deleted within 90 days of your report being delivered
Contact details and service information	24 months from the date of your review, then deleted
Payment records and invoices	7 years (required by HMRC for tax purposes)
Email correspondence	24 months, then deleted

You can request early deletion of your data at any time — see your rights below.

6 Your rights

Under UK GDPR, you have the following rights in relation to your personal data:

Right to access You can request a copy of all personal data we hold about you at any time.
Right to rectification You can ask us to correct any inaccurate or incomplete data we hold.
Right to erasure You can ask us to delete your personal data. We will do so promptly unless we are legally required to retain it (e.g. payment records).
Right to restrict processing You can ask us to stop using your data in certain ways while a dispute is resolved.
Right to data portability You can request your data in a structured, machine-readable format to transfer to another provider.
Right to object You can object to us processing your data on the basis of legitimate interests, including follow-up communications.
Withdraw consent Where processing is based on your consent, you can withdraw it at any time. This will not affect the lawfulness of processing already carried out.

To exercise any of these rights, email jack@getoutfox.co.uk. We will respond within 30 days.

7 How we keep your data secure

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss or disclosure. These include:

Restricting access to client data to authorised personnel only
Using reputable, security-certified third-party platforms (all those listed in section 4 hold ISO 27001 or equivalent certifications)
Not storing bill documents beyond the 90-day window described above
Using encrypted connections (HTTPS) across all web properties

In the unlikely event of a data breach that is likely to result in risk to your rights and freedoms, we will notify you and the ICO within 72 hours of becoming aware of it.

8 Referral commissions

Outfox may earn referral fees or commissions when clients sign up to partner tools — currently Airtime Rewards and Sprive — via links included in our reports. These arrangements do not influence the advice we give, and we will always disclose when a referral relationship exists. Any referral fees are earned at no additional cost to you.

9 Cookies

Our website uses two categories of cookies:

Strictly necessary cookies — set by our hosting provider Netlify to allow the site to function. These do not track you and do not require consent under UK law.

Analytics cookies — we use Google Analytics (GA4) to understand how visitors use our website. This sets cookies that collect anonymised information about pages visited, time on site, and how you arrived. No personally identifiable information is collected. Google Analytics data is processed by Google LLC and may be transferred to the United States under Standard Contractual Clauses. You can opt out of Google Analytics tracking at any time by visiting tools.google.com/dlpage/gaoptout or by adjusting your browser settings to block cookies.

Advertising cookies — we use Google Ads to run search and display advertising. Google Ads sets cookies to measure ad performance, including whether you visited our site after seeing or clicking one of our ads. This does not involve retargeting or building advertising profiles. Data is processed by Google LLC under Standard Contractual Clauses. You can manage Google's advertising settings at adssettings.google.com.

We rely on legitimate interests as the legal basis for analytics and advertising measurement cookies, as they help us understand and improve how we reach people who may benefit from the service. You can object to this use at any time by contacting us at jack@getoutfox.co.uk.

10 International data transfers

Some of our third-party service providers are based in the United States. Whenever data is transferred outside the UK, we ensure appropriate safeguards are in place — specifically, Standard Contractual Clauses (SCCs) approved by the UK ICO, which provide an equivalent level of protection to that required under UK GDPR.

11 Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "last updated" date at the top of this page. If we make significant changes that affect how we process your data, we will notify existing clients by email.

12 How to complain

If you have a concern about how we handle your personal data, please contact us first and we will do our best to resolve it:

Email: jack@getoutfox.co.uk

If you are not satisfied with our response, you have the right to lodge a complaint with the UK's data protection regulator:

Information Commissioner's Office (ICO)
ico.org.uk/make-a-complaint
Helpline: 0303 123 1113