Privacy Policy

Last updated: 14 March 2026

Hoopler Ltd, trading as Consultiverse (Company No. 16545618, registered in England and Wales)
Effective Date: 1 January 2026

1. Introduction

Welcome to Consultiverse ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at app.consultiverse.ai and our marketing website at consultiverse.ai (together, the "Service").

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Service.

2. Information We Collect

2.1 Information You Provide to Us

  • Account Information: Name, email address, password, profile picture, and account type (consultant or client)
  • Profile Information: Professional background, expertise, location, years of experience, hourly rate, bio, LinkedIn profile, and other professional details
  • Company Information (for clients): Company name, industry, size, consulting needs, and project preferences
  • Payment Information: Billing details and payment method information (processed securely through Stripe)
  • Communications: Messages, project inquiries, and other communications between users

2.2 Information Collected Automatically

  • Usage Data: Pages viewed, features used, clicks, scrolls, and other interactions with the Service
  • Device Information: IP address, browser type, operating system, device type, and unique device identifiers
  • Location Data: Approximate location based on IP address
  • Analytics Data: Performance metrics, error reports, and usage patterns

3. How We Use Your Information

We use the collected information for various purposes:

  • To provide, maintain, and improve our Service
  • To process transactions and manage subscriptions
  • To match consultants with clients using our AI-powered matching algorithm
  • To communicate with you about your account, projects, and Service updates
  • To respond to your inquiries and provide customer support
  • To send marketing communications (with your consent)
  • To detect, prevent, and address technical issues and security threats
  • To comply with legal obligations and enforce our terms
  • To analyse usage patterns and improve user experience

4. Information Sharing and Disclosure

We may share your information in the following circumstances:

4.1 With Other Users

  • Your public profile information is visible to other users based on your account type and privacy settings
  • When you initiate contact with another user, certain information is shared to facilitate the connection

4.2 With Service Providers

  • Payment processors (Stripe) for billing and subscription management
  • Cloud storage providers (Supabase) for data hosting
  • Customer relationship management (Zoho CRM) for user engagement and referral pipeline tracking
  • Analytics providers (Google Analytics) for Service improvement
  • Error monitoring (Sentry) for application stability and debugging, including anonymised session replay with all text masked and media blocked
  • Communication service providers for email notifications
  • Form processing (Formspree) for handling contact form enquiries on our website
  • Graph database (Neo4j, self-hosted) for consultant-project matching
  • Workflow automation (n8n, self-hosted) for processing project matching notifications

4.3 Zoho CRM Data Sharing

We use Zoho CRM (Zoho Corporation Pvt. Ltd., EU data centre) to manage user relationships and facilitate platform engagement. Data is shared with Zoho CRM only when you have provided explicit marketing consent (marketing_crm consent type).

The following data may be shared with Zoho CRM:

  • Name and email address
  • User role (consultant or client) and account type
  • Signup date
  • Whether you were referred by another user, and if so, the referrer's email address
  • For referral events: project title and referral date

No data is shared with Zoho CRM unless you have explicitly opted in to marketing communications. You can withdraw this consent at any time through your notification preferences, which will also trigger deletion of your contact from Zoho CRM. All data shared with Zoho CRM is recorded in an audit log accessible via your data export. Zoho operates EU data centres and transfers are protected by Standard Contractual Clauses (SCCs). For more information, see Zoho's Privacy Policy.

4.4 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to protect our rights, property, or safety.

5. Data Security

We implement appropriate technical and organisational security measures to protect your personal information, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and vulnerability testing
  • Access controls and authentication mechanisms
  • Employee training on data protection
  • Incident response procedures

However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfil the purposes outlined in this policy. Retention periods vary based on:

  • The nature of the information
  • Legal and regulatory requirements
  • Business purposes
  • Your account activity status

You may request deletion of your account and associated data at any time, subject to certain legal exceptions.

7. Your Rights and Choices

7.1 Your Privacy Rights

Under the UK GDPR and the Data Protection Act 2018, you have the following rights:

  • Access: Request a copy of your personal information
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your personal information
  • Portability: Receive your data in a structured format
  • Objection: Object to certain processing activities
  • Restriction: Request limitation of processing
  • Withdrawal: Withdraw consent where processing is based on consent

7.2 Account Settings

You can manage your information through your account settings, including:

  • Updating profile information
  • Changing notification preferences
  • Managing privacy settings
  • Downloading your data

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

  • Essential Cookies: Required for Service functionality and security
  • Functional Cookies: Remember your preferences, settings, and dashboard customisations
  • Analytics Cookies: Help us understand Service usage and performance
  • Security Cookies: Enhanced fraud detection and security monitoring

You can manage cookie preferences through the cookie consent banner or your browser settings. For full details, see our Cookie Policy. Note that disabling certain cookies may impact Service functionality.

9. International Data Transfers

Your information may be transferred to and processed in countries other than the United Kingdom. The following processors involve international data transfers:

  • Supabase (EU region) -- database and authentication
  • Stripe (US) -- payment processing
  • Sentry (US) -- error monitoring and session replay
  • Google Analytics (US) -- usage analytics
  • Formspree (US) -- contact form processing
  • Zoho CRM (EU data centre) -- customer relationship management

Self-hosted services (Neo4j graph database and n8n workflow automation) are hosted on UK infrastructure and do not involve international transfers.

We ensure appropriate safeguards are in place for international transfers, including:

  • The UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses (SCCs), as applicable
  • Data processing agreements with all processors
  • Compliance with the UK GDPR and the Data Protection Act 2018

10. Children's Privacy

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

11. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, as required by UK GDPR Article 33
  • Notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms, as required by UK GDPR Article 34
  • Provide details of: the nature of the breach, the categories and approximate number of individuals affected, the likely consequences, and the measures taken or proposed to address the breach

Notifications to affected users will be made via the email address associated with their account and, where possible, via in-app notification.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For material changes, we will provide additional notice via email or through the Service.

12. How to Exercise Your Rights

To exercise any of the rights listed in Section 7, or to make a data-related request (including if you no longer have an account with us), please contact us at [email protected]. In your request, please include:

  • Your full name and the email address associated with your account (if applicable)
  • A description of the right you wish to exercise or the request you are making
  • Any information that will help us identify and locate your data

We will acknowledge your request within 5 working days and respond substantively within 30 days, as required by the UK GDPR. If we need more time (up to a further 60 days for complex requests), we will let you know and explain why.

We may need to verify your identity before processing your request to protect your data from unauthorised access.

13. Complaints

If you have a complaint about how we handle your personal data, please contact us first at [email protected]. We aim to resolve all complaints within 14 working days.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk/make-a-complaint.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Hoopler Ltd, trading as Consultiverse
Email: [email protected]
Data Protection Officer: [email protected]
General Support: [email protected]

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not complied with applicable data protection laws: ico.org.uk/make-a-complaint.