Start free
Home / Privacy
Privacy policy

How we handle your data.

Plain English, no padding. What we collect, why, who we share it with, and what you can ask us to do about it. Covers both our website and the Fortitude Sentinel application.

Plain English, no padding. This explains what we collect, why, who we share it with, and what you can ask us to do about it. It covers both our website and the Fortitude Sentinel application.

Who we are

Fortitude Media Limited, registered in England and Wales, company number 17191927, registered office 5 Missenden Road, Chesham, England, HP5 1JL, is responsible for your personal data. You can reach us about anything on this page at privacy@fortitudemedia.ai. We are registered with the UK Information Commissioner's Office as a data controller (registration reference available on request).

Controller or processor: which hat we wear

It depends on the data.

  • We are the controller for personal data about visitors to our site, people who request a free check or send an enquiry, and the account holders and users who sign in to Sentinel. This policy explains how we handle that data.
  • We are a processor for any personal data that a Sentinel customer chooses to put into the product, for example names inside prompts or settings. There, the customer decides what is processed and why, and we act on their instructions under our data processing agreement.

What we collect

We only collect what we need to do what you asked.

  • Free AI visibility check. Your name where given, your work email, and the website URL you submit.
  • Enquiry and discovery forms. Your name, your work email, your company, and whatever you choose to tell us in the message field.
  • Account and product use. If you sign in to Sentinel, your authentication details and the configuration you create (brands, prompts, competitors), plus basic logs of when you sign in and use features. We use sign-in records to run the service, to keep it secure, and to operate our Usage Promise.
  • Billing data. If you buy a paid plan, our payment partners take the payment and share limited order data with us (such as your name, billing country, plan and invoice records). We never see or store your full card details.
  • Analytics. Standard request data such as device type, browser, referring page, and approximate location from your IP, used in aggregate to understand which pages help and which do not.
  • Email engagement. Whether you opened a report we sent and whether you clicked a link inside it.

We do not ask for, and you should not send us, special category data (health, ethnicity, religion, and so on).

How AI engines fit in

To produce your reports, Sentinel sends queries to third-party AI engines, such as those run by OpenAI, Anthropic, Google, Microsoft and Perplexity. Those queries are normally about brands, categories and competitors rather than about you personally, and we design prompts to avoid sending personal data to the engines. We do not control those engines and they process data under their own terms. We are not affiliated with or endorsed by them.

Why we collect it, and the lawful basis

  • To deliver the report you asked for. Lawful basis: performance of a contract you initiated by submitting the form.
  • To provide Sentinel to you. Lawful basis: performance of our contract with you.
  • To reply to your enquiry. Lawful basis: our legitimate interest in answering a prospective customer, balanced against your reasonable expectation when you contacted us.
  • To run, secure and improve Sentinel and Forge. Lawful basis: legitimate interest in operating and improving the service safely.
  • To send service emails such as report alerts, account notices and Usage Promise refund offers. Lawful basis: performance of the service you signed up for.
  • To take payment. Lawful basis: performance of our contract and compliance with our legal obligations, with payment handled by our payment partners (some of whom act as Merchant of Record).
  • To send occasional marketing about new features or insights, only if you opted in. Lawful basis: your consent, which you can withdraw at any time.

Who we share it with

We do not sell your data, ever. We share it only with the service providers we need to run the business, each bound by contract to use it only on our instructions. The current list, with names and locations, is kept up to date in our sub-processor list and includes:

  • Hosting, database and storage providers that run the website and the application.
  • Email delivery providers that send your reports and service emails.
  • Payments, through our payment partners (currently Paddle.com Market Ltd, Stripe Payments Europe Ltd and GoCardless Ltd), only if you become a paying customer. Some of these partners act as Merchant of Record for your order.
  • AI engine providers that we query to produce your reports, as described above.
  • Analytics and error monitoring, used in aggregate to improve the product.
  • Our professional advisers (accountants, lawyers) when there is a clear need.

If we are ever legally required to disclose data, for example in response to a valid court order, we will, and we will tell you unless the law prevents it.

Where your data is held

We store data in the UK and the European Economic Area where possible. Some of our service providers are based outside the UK. When data is transferred outside the UK we rely on the safeguards required by UK GDPR, such as a UK adequacy decision, the UK International Data Transfer Agreement, or the UK Addendum to the EU Standard Contractual Clauses, together with extra checks where needed.

How long we keep it

  • Free check submissions: up to 24 months from your last interaction, then deleted or anonymised.
  • Enquiry messages: up to 24 months after our last exchange, then deleted.
  • Active Sentinel accounts: for as long as your account is open. If you close it, we delete or anonymise within 90 days, except where we must keep records (for example invoices for tax purposes, kept for 6 years).
  • Analytics: aggregated and retained no longer than 26 months.

Your rights under UK GDPR

You have the right to:

  • Ask for a copy of the personal data we hold about you (access).
  • Ask us to correct anything that is wrong (rectification).
  • Ask us to delete your data where we no longer need it (erasure).
  • Object to processing we are doing on the basis of legitimate interest, including any direct marketing.
  • Ask us to restrict processing while a question is being resolved.
  • Receive your data in a portable, machine-readable format (portability).
  • Withdraw any consent you previously gave, without affecting prior lawful processing.

Email privacy@fortitudemedia.ai and we will respond within one month. Where the personal data sits inside a customer's Sentinel account and we are acting as processor, we will pass your request to that customer, who is the controller. If you are not happy with our response you can complain to the Information Commissioner's Office at ico.org.uk/make-a-complaint. We would rather you came to us first so we can put it right.

Cookies

We use a small number of cookies and similar technologies. The essential ones keep you signed in and remember your preferences; these do not need your consent. Where we use analytics or other non-essential cookies, we ask for your consent first. Full detail, including names and purposes, is in our cookie policy.

Security

We use encryption in transit, access controls, audit logs and routine security reviews. No system is perfect; if we ever discover a breach affecting your data we will tell you and the ICO within the timeframes the law requires. You can reach our security team at security@fortitudemedia.ai.

Changes to this policy

If we make material changes we will update the "Last updated" date above and, where the change affects you directly, tell you by email or in the app. Smaller wording changes will just be reflected here.

Contact for privacy queries. Email privacy@fortitudemedia.ai or write to Fortitude Media Limited, 5 Missenden Road, Chesham, England, HP5 1JL.