SetpointHQPro
← SetpointHQContact

Privacy notice

How SetpointHQ handles personal data on pro.setpointhq.com— what we collect, why, who we share it with, and your rights. Last updated 4 June 2026.

Who we are

SetpointHQ Limited (“SetpointHQ”, “we”, “us”) is the data controller for personal data processed through pro.setpointhq.com. We are a company registered in England and Wales, company number 17124602. We also operate setpointhq.com, which has its own separate privacy notice and consent stack.

For any privacy question, or to exercise your rights, contact support@setpointhq.com.

The personal data we process, and why

We process personal data only where we have a lawful basis under UK GDPR.

Signing in. We process your email address to send a magic sign-in link and authenticate your session. Lawful basis: performance of our contract with client users, and our legitimate interests in securing account access.

Administrative access. We hold an allow-list of email addresses permitted to reach administrative areas. Lawful basis: our legitimate interests in restricting access to authorised people.

Enquiries and audit requests.When you contact us or request an audit, we process the details you provide — typically your name, work email, company, role, and anything you tell us — to respond and to assess or run the audit you ask for. Lawful basis: taking steps at your request before entering a contract, our legitimate interests in responding to enquiries, and consent where you give it.

Analytics (only with your consent). On our public pages, with your consent, we use Google Analytics 4 and Microsoft Clarity to understand how the site is used (aggregate page views and events, and anonymised session interactions). These do not run on logged-in client workspaces, and do not run at all unless you grant consent. Lawful basis: consent.

Index newsletter (only with your consent).If you opt in, we process your email address to send updates about The SetpointHQ Index. Lawful basis: consent — you can unsubscribe at any time.

Cookies

We use a small number of cookies — a necessary cookie that remembers your consent choice, the cookies that keep you signed in, and (only with consent) analytics cookies. The full list, with purposes and lifetimes, is in our cookie policy.

Who we share it with

We use a small set of trusted service providers who handle data on our behalf, under contract and only on our instructions:

  • Supabase— database and authentication (London region).
  • Vercel— application hosting and delivery.
  • Inngest— background job processing.
  • Browserless— headless-browser rendering used to run audits.
  • Anthropic, OpenAI, and Perplexity— AI providers whose models we query to run audit probes.
  • Google LLC— the Gemini API (audit probes) and Google Analytics 4 (site analytics).
  • Microsoft— Clarity (anonymised analytics).
  • SendGrid (Twilio)— transactional and notification email.
  • IONOS — hosting for setpointhq.com and its contact and newsletter system (FluentCRM), where enquiry and newsletter data is stored.

We do not sell personal data, and we do not share it with third-party advertisers.

Where your data is held, and international transfers

Our primary application data is held in the United Kingdom (Supabase, London region). Some of the providers above process data outside the UK — in particular the AI providers, Google, and Microsoft, which operate in the United States.

Where personal data is transferred outside the UK, we rely on appropriate safeguards — such as the UK International Data Transfer Agreement, or the UK Addendum to the EU Standard Contractual Clauses, and adequacy regulations where they apply — as set out in those providers’ data-processing terms.

How long we keep it

  • Account and sign-in data— for as long as you have access to the Pro app, and a short period afterwards.
  • Enquiries and audit requests— for as long as needed to handle your request, and a reasonable period afterwards for our records.
  • Analytics and newsletter data— for the retention periods of the relevant tools, or until you withdraw consent or unsubscribe.
  • Audit data behind The SetpointHQ Index— the audit results that make up our longitudinal dataset of UK employer AI-visibility audits are retained on an ongoing basis to support longitudinal analysis. This data is primarily about employer brands rather than individuals; to the extent it contains personal data, we retain it for this research purpose.

Your rights

Under UK GDPR you have the right to access, rectify, erase, restrict, or object to our processing of your personal data, the right to data portability, and — where we rely on consent — the right to withdraw it at any time. To exercise any of these, email support@setpointhq.com.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ico.org.uk) if you are unhappy with how we have handled your data.

Changes to this notice

We may update this notice from time to time. The “last updated” date at the top reflects the current version.

Contact

Questions about this notice or your data: support@setpointhq.com.