Privacy Policy

Last updated: 1 June 2026

1. Who we are

FoundFlow AI ("we", "us", "our") is operated by DOC GROUP ENTERPRISES LIMITED, a company registered in England & Wales (company number 17251402), registered office 650 North Circular Road, London NW2 7QJ. We are the data controller for the personal data described here. Where you share invoice or quote data with us for a recovery sprint, we act as a data processor on your behalf for any personal data it contains, and you remain the controller of that data. Our ICO registration number is C1947110.

2. What this policy covers

This policy explains what information we collect when you use our website, book a free recoverable-cash scan, or run a recovery sprint with us, and how we look after it. It does not cover third-party websites we link to.

3. The information we collect

Information you give us

• Contact details you submit to book a scan, your name and company email, and any figure you choose to share about what you're owed.
• The invoice and quote data you provide for a scan, typically a CSV or an export from your accounting tool. We treat this as business data and use it only to find recoverable cash and to draft the follow-ups you approve.

Information we collect automatically

• Basic technical and usage data (e.g. device, browser, pages viewed). We do not currently use third-party analytics on this site; if we introduce one (for example a privacy-focused analytics tool) we will use it only with your consent, through the cookie banner described below, and update this policy.

4. How and why we use it

• To run your free scan and arrange your call, using the details and data you provide. The scan is read-only; we contact no one.
• To draft and (once you approve) send follow-ups on your behalf, each disclosing it is from FoundFlow AI on your company's behalf, with an easy opt-out.
• To operate, secure, and improve our service, and to meet our legal and accounting obligations.

Our lawful bases are the performance of a contract (to provide the service you ask for); our legitimate interests (to operate, secure and improve the service, and to recover overdue B2B invoices and solicited quotes on our clients’ behalf); legal obligation (accounting and tax); and consent (for any non-essential cookies). Where we rely on consent, you can withdraw it at any time.

5. The recoverable-cash scan

The free scan is read-only. We analyse the invoice and quote data you share to identify recoverable cash. No message is sent and no third party is contacted during a scan. Nothing leaves your business until you approve a sprint.

6. Who we share it with

• Payment processing, card payments, when they occur, are handled by Stripe. We never store your card details, and recovered money goes directly to your account, never through ours.
• Service providers who help us run FoundFlow AI (e.g. hosting, email, scheduling, analytics): Google Cloud Platform and Firebase (website hosting and infrastructure), Stripe (payment processing), and Google (business email and, where used, AI-assisted drafting via the Gemini API), each under appropriate data-processing terms.
• We do not sell your data, and we do not use your invoice or quote data for anything other than the purposes above.

7. International transfers

Where a provider processes personal data outside the UK, we rely on UK adequacy regulations where they apply, or on the UK International Data Transfer Agreement (or the Addendum to the EU Standard Contractual Clauses), with additional safeguards where needed.

8. How long we keep it

We keep personal data only as long as needed for the purposes above and to meet legal obligations, then delete or anonymise it. Specific retention periods: invoice and quote data shared for a scan is deleted or anonymised within 90 days unless you begin a sprint; recovery and engagement records are kept for up to 6 years after our work ends to meet accounting and legal obligations; website enquiry details are kept for up to 24 months, and we delete data sooner on request where we are not required to keep it.

9. Your rights

Under UK GDPR you may request access to, correction or erasure of your personal data; object to or restrict certain processing; and request portability. To exercise any of these, contact us below. You also have the right to complain to the ICO (ico.org.uk).

10. Cookies and similar technologies

We use only the cookies needed to run the site and, with your consent where required, to understand usage. Details and controls: we use only the essential cookies needed to run the site and remember your cookie choice; we do not set advertising or cross-site tracking cookies, and if we later add non-essential cookies (for example analytics) we will ask for your consent first through a cookie banner.

11. Changes to this policy

If we change this policy we'll update the date above and, where appropriate, let you know.

12. Contact us

Questions or requests: foundflowai@outlook.com. Data protection contact: DOC GROUP ENTERPRISES LIMITED, 650 North Circular Road, London NW2 7QJ.