Privacy Policy

Last updated: 21 March 2026

This privacy policy explains how NESTI LTD ("we", "us", "our") collects, uses, and protects your personal data when you use the FindMyBuyer website at findingmybuyers.com ("the Service"). We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

The data controller responsible for your personal data is:

NESTI LTD
Company No. 11163863
Unit 2, 82 James Carter Road, Mildenhall, Bury St. Edmunds, England, IP28 7DE
Email: privacy@findingmybuyers.com

2. What Data We Collect

We collect the following categories of personal data:

Information you provide directly

• Business information: Your business name, trade or industry type, location, years trading, services offered, price range, typical customers, and business challenges. This is entered through our questionnaire.
• Email address: If you choose to receive your report by email or sign up for updates.

Payment information

• Payment data: When you purchase a report, your payment is processed securely by Stripe. We do not see, store, or have access to your full card details. Stripe acts as an independent data controller for payment processing. See Stripe's Privacy Policy.

Technical data collected automatically

• Session data: We use browser storage (localStorage and sessionStorage) to maintain your report data during your session. This data stays on your device and is not transmitted to our servers.

3. How We Use Your Data

We use your personal data for the following purposes:

• To generate your buyer report: Your business information is sent to our AI processing service (Anthropic Claude API) to generate personalised buyer analysis and marketing recommendations. This is necessary to provide the service you have requested.
• To process payments: Your payment is processed by Stripe to fulfil your purchase.
• To deliver your report: If you provide your email address, we use it to send you your report.
• To send marketing communications: Only if you have given explicit consent, we may send you tips and updates about finding and winning customers. You can unsubscribe at any time.

4. Lawful Basis for Processing

We process your personal data under the following lawful bases:

• Contract: Processing your business information to generate and deliver your buyer report is necessary to perform the contract between us (Article 6(1)(b)).
• Consent: Sending you marketing emails is based on your explicit consent, which you can withdraw at any time (Article 6(1)(a)).
• Legitimate interests: We may process data for fraud prevention and to improve our service, where our interests do not override your rights (Article 6(1)(f)).

5. AI Processing and Automated Decision-Making

Our service uses artificial intelligence (Anthropic Claude API) to analyse the business information you provide and generate buyer profiles, messaging frameworks, channel strategies, and content recommendations.

How it works: The business information you enter (trade type, location, services, price range, customers, challenges) is sent to Anthropic's AI service, which generates a personalised analysis. This is automated processing.

What it does not do: The AI does not make decisions that have legal or similarly significant effects on you. It generates marketing recommendations and suggestions only. You are free to use, modify, or disregard any of the output.

Your rights: You have the right to request human review of the AI-generated output, express your point of view about the analysis, and contest any recommendations. Contact us at privacy@findingmybuyers.com.

Data sent to Anthropic: Only the business information you enter in the questionnaire is sent to Anthropic. Your email address and payment details are never sent to Anthropic. See Anthropic's Privacy Policy.

6. Who We Share Your Data With

We share your data only with the following third-party processors, and only as necessary to provide the Service:

• Anthropic (Claude API): Processes your business information to generate buyer reports. Data is transferred to servers in the United States. Appropriate safeguards are in place under UK International Data Transfer Addendum provisions.
• Stripe: Processes your payment. Stripe acts as an independent data controller for payment data. Data may be transferred internationally. See Stripe's Privacy Policy.
• Netlify: Hosts our website and processes form submissions (email collection). See Netlify's Privacy Policy.

We do not sell your personal data to any third party. We do not share your data with advertisers.

7. International Data Transfers

Some of our third-party processors (Anthropic, Stripe, Netlify) are based in the United States. When your data is transferred outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses and the UK International Data Transfer Addendum, as required by UK GDPR.

8. How Long We Keep Your Data

• Business information submitted via the questionnaire: This is processed in real-time by the AI and is not stored on our servers after your report is generated. Session data stored in your browser is cleared when you close your browser or clear your storage.
• Email addresses: Retained until you unsubscribe or request deletion, or after 24 months of inactivity, whichever comes first.
• Payment records: Transaction records are retained for 7 years as required by UK tax and accounting law (HMRC requirements).
• Form submissions: Email form submissions stored by Netlify are retained for up to 12 months.

9. Your Rights

Under UK GDPR, you have the following rights:

• Right of access: You can request a copy of the personal data we hold about you.
• Right to rectification: You can ask us to correct inaccurate data.
• Right to erasure: You can ask us to delete your data where there is no compelling reason for continued processing.
• Right to restrict processing: You can ask us to limit how we use your data.
• Right to data portability: You can request your data in a structured, commonly used format.
• Right to object: You can object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent: Where we process data based on your consent, you can withdraw it at any time.

To exercise any of these rights, contact us at: privacy@findingmybuyers.com

We will respond to your request within one month.

10. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk/make-a-complaint
Helpline: 0303 123 1113

11. Children's Data

Our Service is designed for business owners and is not intended for use by anyone under the age of 18. We do not knowingly collect data from children.

12. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically.