Privacy Policy

Last updated: 28 March 2026

This privacy policy explains how NATUS ENERGY LTD ("we", "us", "our") collects, uses, and protects your personal data when you use the FindMyBuyer website at findingmybuyers.com ("the Service"). We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

The data controller responsible for your personal data is:

NATUS ENERGY LTD
Company No. 14612422
Unit 2, 82 James Carter Road, Mildenhall, Bury St. Edmunds, England, IP28 7DE
Email: info@findingmybuyers.com

2. What Data We Collect

We collect the following categories of personal data:

Information you provide directly

• Business information: Your business name, trade or industry type, location, years trading, services offered, price range, typical customers, and business challenges. This is entered through our questionnaire.
• Email address: If you choose to receive your report by email or sign up for updates.

Social media account information (Pro plan)

• Social account data: If you connect social media accounts (Facebook, Instagram, TikTok, LinkedIn) to enable auto-publishing, we store your platform user ID, page ID, page name, and OAuth access tokens. Access tokens are stored securely in our database with encryption and are used solely to publish content on your behalf. We do not sell, share, or transfer these tokens to any third party.
• Managed Facebook Pages: If you authorise us to create and manage a Facebook Business Page on your behalf, we store the page ID, page name, page access token, and your authorisation consent and date. This Page is created under our Meta Business Manager and managed using a System User token.
• Social media content: Content published to your social media accounts is generated using AI (Claude by Anthropic). All generated content is presented to you for review in your dashboard before publication, and you have the opportunity to edit, modify, or remove any posts before they are scheduled or published.

Payment information

• Payment data: When you purchase a report, your payment is processed securely by Stripe. We do not see, store, or have access to your full card details. Stripe acts as an independent data controller for payment processing. See Stripe's Privacy Policy.

Technical data collected automatically

• Session data: We use browser storage (localStorage and sessionStorage) to maintain your report data during your session. This data stays on your device and is not transmitted to our servers.
• Analytics and usage data: We use Google Analytics and PostHog to collect anonymised data about how you use our website, including pages visited, clicks, scroll depth, and time on page. This helps us improve the Service.
• Session recordings and heatmaps: We use PostHog to record user sessions and generate heatmaps showing where users click, scroll, and interact. Session recordings capture your mouse movements, clicks, and page interactions but passwords are automatically masked. You can opt out of session recordings by enabling your browser's Do Not Track setting. Session recordings are retained for up to 30 days and are used solely to improve the user experience.

3. How We Use Your Data

We use your personal data for the following purposes:

• To generate your buyer report: Your business information is sent to our AI processing service (Anthropic Claude API) to generate personalised buyer analysis and marketing recommendations. This is necessary to provide the service you have requested.
• To process payments: Your payment is processed by Stripe to fulfil your purchase.
• To deliver your report: If you provide your email address, we use it to send you your report.
• To send marketing communications: Only if you have given explicit consent, we may send you tips and updates about finding and winning customers. You can unsubscribe at any time.
• To publish social media content: If you are a Pro subscriber and have connected social accounts or authorised managed Page creation, we use your OAuth access tokens to publish AI-generated content to your social media platforms on a scheduled basis. All content is generated using Anthropic's Claude AI and is presented to you for review before publication.
• To create and manage a Facebook Page: If you have given explicit authorisation during the Pro upgrade process, we create a Facebook Business Page under our Meta Business Manager on your behalf and use it to publish AI-generated marketing content for your business.

4. Lawful Basis for Processing

We process your personal data under the following lawful bases:

• Contract: Processing your business information to generate and deliver your buyer report is necessary to perform the contract between us (Article 6(1)(b)).
• Consent: Sending you marketing emails and creating/managing social media accounts on your behalf are based on your explicit consent, which you can withdraw at any time (Article 6(1)(a)).
• Legitimate interests: We may process data for fraud prevention and to improve our service, where our interests do not override your rights (Article 6(1)(f)).

5. AI Processing and Automated Decision-Making

Our service uses artificial intelligence (Anthropic Claude API) to analyse the business information you provide and generate buyer profiles, messaging frameworks, channel strategies, and content recommendations.

How it works: The business information you enter (trade type, location, services, price range, customers, challenges) is sent to Anthropic's AI service, which generates a personalised analysis. This is automated processing.

What it does not do: The AI does not make decisions that have legal or similarly significant effects on you. It generates marketing recommendations and suggestions only. You are free to use, modify, or disregard any of the output.

Your rights: You have the right to request human review of the AI-generated output, express your point of view about the analysis, and contest any recommendations. Contact us at info@findingmybuyers.com.

Data sent to Anthropic: Only the business information you enter in the questionnaire is sent to Anthropic. Your email address and payment details are never sent to Anthropic. See Anthropic's Privacy Policy.

6. Who We Share Your Data With

We share your data only with the following third-party processors, and only as necessary to provide the Service:

• Anthropic (Claude API): Processes your business information to generate buyer reports. Data is transferred to servers in the United States. Appropriate safeguards are in place under UK International Data Transfer Addendum provisions.
• Stripe: Processes your payment. Stripe acts as an independent data controller for payment data. Data may be transferred internationally. See Stripe's Privacy Policy.
• Netlify: Hosts our website and processes form submissions (email collection). See Netlify's Privacy Policy.
• Supabase: Provides our database and authentication services. Stores your account data, report data, connected social account information, and scheduled post content. See Supabase's Privacy Policy.
• Meta (Facebook/Instagram): If you connect a Facebook or Instagram account, or authorise us to create a managed Facebook Page, we interact with Meta's Graph API to publish content on your behalf. Your page ID and access tokens are shared with Meta as required for publishing. See Meta's Privacy Policy.
• TikTok: If you connect a TikTok account, we use TikTok's Content Posting API to publish content on your behalf. See TikTok's Privacy Policy.
• LinkedIn: If you connect a LinkedIn account, we use LinkedIn's API to publish content on your behalf. See LinkedIn's Privacy Policy.
• PostHog: Provides product analytics, session recordings, and heatmap data to help us improve the Service. PostHog collects anonymised usage data including page views, clicks, scroll depth, and session recordings (with passwords masked). Data is hosted in the EU. You can opt out via your browser's Do Not Track setting. See PostHog's Privacy Policy.
• Google Analytics: Provides website analytics including page views, traffic sources, and user behaviour data. See Google's Privacy Policy.

We do not sell your personal data to any third party. We do not share your data with advertisers.

7. International Data Transfers

Some of our third-party processors (Anthropic, Stripe, Netlify, Supabase, Meta, TikTok, LinkedIn, Google) are based in or transfer data to the United States and other countries. PostHog data is hosted in the EU. When your data is transferred outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses and the UK International Data Transfer Addendum, as required by UK GDPR.

8. How Long We Keep Your Data

• Business information submitted via the questionnaire: This is processed in real-time by the AI and is not stored on our servers after your report is generated. Session data stored in your browser is cleared when you close your browser or clear your storage.
• Email addresses: Retained until you unsubscribe or request deletion, or after 24 months of inactivity, whichever comes first.
• Payment records: Transaction records are retained for 7 years as required by UK tax and accounting law (HMRC requirements).
• Form submissions: Email form submissions stored by Netlify are retained for up to 12 months.
• Social account data: Access tokens and platform IDs are retained while your account is active and your social accounts are connected. When you disconnect an account or cancel your subscription, access tokens are immediately revoked and deleted. Platform IDs are retained for up to 30 days for audit purposes, then deleted.
• Managed Facebook Pages: If you authorised a managed Page, we retain the page data while the Page is active. If you cancel your subscription, the managed Page will be unpublished within 14 days. You may request transfer of the Page to your own Facebook account at any time.
• Scheduled and published posts: Content generated for auto-publishing is retained in our database for up to 12 months after publication, or until you request deletion.

9. Social Media Account Management

How we manage your social media accounts

When you authorise FindMyBuyer to manage your social media presence, we can connect to and publish content on your behalf to Facebook, Instagram, LinkedIn, and TikTok. This includes:

• Connecting to accounts you already own (using OAuth authentication)
• Creating and managing new Facebook Business Pages under our Meta Business Manager
• Scheduling and publishing AI-generated marketing content
• Monitoring the performance of scheduled posts through platform analytics

OAuth tokens and security

When you connect a social media account, you provide us with an OAuth access token that allows us to publish content on your behalf. These tokens are:

• Stored securely in our database with encryption
• Used solely for publishing content to your accounts as authorised by you
• Never shared, sold, or transferred to any third party
• Revoked and deleted immediately when you disconnect an account or cancel your subscription
• Subject to automatic refresh if they expire; if refresh fails, we will notify you to reconnect

Connected accounts

When you connect a social media account (Facebook, Instagram, TikTok, or LinkedIn) to FindMyBuyer, you grant us permission to publish AI-generated marketing content to that account on a scheduled basis. You can disconnect any account at any time from your dashboard, which immediately revokes our access and stops all scheduled publishing to that platform. You remain the owner of your account and can revoke FindMyBuyer's access directly through the social platform's settings at any time.

AI-generated content and your review

All content published to your social media accounts is generated using AI (Anthropic's Claude). Before any post is published:

• Content is generated based on your buyer report and business information
• You can preview all scheduled posts in your FindMyBuyer dashboard
• You have the right to edit, modify, or delete any scheduled post before publication
• You must approve or authorise the final content before it is published to your account

Managed Facebook Pages

Pro subscribers may authorise FindMyBuyer to create and manage a Facebook Business Page on their behalf. This Page is created under NATUS ENERGY LTD's Meta Business Manager using a System User token. You retain the right to:

• Request transfer of the managed Page to your own Facebook account at any time.
• Request that we unpublish and delete the managed Page.
• Withdraw your authorisation, which will stop all publishing and begin the Page deletion process.

To exercise any of these rights, contact us at info@findingmybuyers.com or use your dashboard settings.

Revoking access

You can revoke FindMyBuyer's access to your social media accounts in two ways:

• Through your FindMyBuyer dashboard: Disconnect the account, which immediately revokes all stored tokens and stops scheduled publishing.
• Through the social platform directly: Remove FindMyBuyer from your account settings on Facebook, Instagram, TikTok, or LinkedIn, which will also revoke our access tokens.

Facebook data deletion

If you remove FindMyBuyer from your Facebook settings, Meta will send us a data deletion request. We will automatically deactivate your connected Facebook and Instagram accounts, revoke all stored access tokens, and return a confirmation code. You can check the status of your deletion request at findingmybuyers.com/data-deletion.

10. Your Rights

Under UK GDPR, you have the following rights:

• Right of access: You can request a copy of the personal data we hold about you.
• Right to rectification: You can ask us to correct inaccurate data.
• Right to erasure: You can ask us to delete your data where there is no compelling reason for continued processing.
• Right to restrict processing: You can ask us to limit how we use your data.
• Right to data portability: You can request your data in a structured, commonly used format.
• Right to object: You can object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent: Where we process data based on your consent, you can withdraw it at any time.

To exercise any of these rights, contact us at: info@findingmybuyers.com

We will respond to your request within one month.

11. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk/make-a-complaint
Helpline: 0303 123 1113

12. Children's Data

Our Service is designed for business owners and is not intended for use by anyone under the age of 18. We do not knowingly collect data from children.

13. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically.