Privacy Policy

1. Who we are

Pleras is a UK-based software-as-a-service company. We use AI to analyse customer websites and products, surface opportunities to improve the goals our customers care about (such as conversion, activation, retention, and engagement), generate and score experiment ideas, write deploy-ready A/B test code, and produce plain-language analysis of experiment results. In this policy, "Pleras", "we", "us", and "our" refer to Pleras Ltd, a company registered in Scotland (company number SC885762).

2. Data we collect

Account information

When you create an account or request early access, we collect:

• Your name and email address
• Your company name and website URL
• Any messages you send through our contact form

Website analysis data

When you use Pleras to analyse a website or product, we capture content from the pages we look at, including screenshots. For some engagements that includes pages behind a login, accessed using credentials you supply with your authorisation. Credentials are stored securely and used only for the analysis you've engaged us to do.

Where the pages we capture contain personal data of your customers or end users (for example, in screenshots of account or dashboard pages), we process that data on your behalf as your processor under UK GDPR. You remain the controller of your users' personal data. We use it only to deliver the analysis you have asked for.

Usage data

We collect standard usage data to improve the service, including:

• Pages visited on pleras.com and feature usage within the Pleras app
• Browser type, operating system, and device information
• IP address (anonymised where used for analytics)
• Referring URLs and search terms
• Audit records of significant actions taken in your Pleras account (for example, who created, edited, rejected, or shared an experiment), kept for security and accountability

3. How we use your data

We use the data we collect to:

• Provide and improve the Pleras service
• Analyse your website, surface opportunities, and generate scored experiment ideas and deploy-ready test code
• Produce plain-language and technical analysis of your experiment results
• Communicate with you about your account, experiments, and product updates
• Prevent abuse and maintain security

We do not sell your personal data. Anthropic, the AI sub-processor we use to power our analysis, does not train its models on data processed through its commercial API by default.

4. Automated processing

The outputs Pleras produces are recommendations. They do not produce legal or similarly significant effects on you or on any visitor to your site. A human in your team decides whether to act on them.

5. Legal basis for processing (GDPR)

We process your personal data under the following legal bases:

• Contract: Processing necessary to provide the service you have signed up for
• Legitimate interest: Usage analytics, security monitoring, and service improvement
• Consent: Marketing communications (you can opt out at any time)

6. Cookies

We use a minimal set of cookies on pleras.com and the Pleras app, limited to what's needed to run the service:

• Session cookies: keep you signed in to the Pleras app.
• CSRF cookies: protect against cross-site request forgery on form submissions and API calls.

We do not currently run third-party analytics, advertising cookies, or tracking pixels. If we add analytics in future, we'll update this page first.

7. Third-party services

We use the following sub-processors to operate Pleras:

• Amazon Web Services (AWS): Cloud infrastructure and data hosting (EU/UK regions)
• Cloudflare: Hosting and content delivery for pleras.com
• Anthropic: AI model provider for website analysis, experiment generation, scoring, and results analysis
• Stripe: Payment processing (Stripe handles payment data directly; we do not store card details)
• SendGrid (Twilio): Transactional and marketing email delivery
• Sentry: Application error monitoring

All sub-processors are bound by data processing agreements and are required to protect your data in line with UK and EU data protection law.

8. Data retention

We retain personal data relating to you for the duration of your Pleras account and for a reasonable period after its closure. You may request deletion of your personal data at any time, and we will comply with such requests unless we are required to retain particular records to meet our legal obligations.

The analyses, experiments, code, and results that we produce in the course of providing our service form a record of the work we have carried out, and we retain these to support and improve the service we provide. Where any of this material contains personal data relating to identifiable individuals, you may request that we remove or anonymise that information.

9. Your rights

Under the UK GDPR and the Data Protection Act 2018, you have the right to:

• Access: Request a copy of the personal data we hold about you
• Rectification: Ask us to correct inaccurate or incomplete data
• Erasure: Ask us to delete your personal data
• Restriction: Ask us to restrict processing of your data
• Portability: Receive your data in a structured, commonly used format
• Object: Object to processing based on legitimate interest

To exercise any of these rights, email [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

10. Data security

We implement appropriate technical and organisational measures to protect your data, including:

• Encryption in transit (TLS 1.2+) and at rest (AES-256)
• Access controls and audit logging
• Data processing limited to authorised personnel on a need-to-know basis

11. Breach notification

If we become aware of a personal data breach affecting data we process on your behalf, we will notify you without undue delay, as required of us as a processor under Article 33(2) of the UK GDPR.

The notification will set out:

• The nature of the breach, including the categories and approximate number of people and records affected
• The likely consequences
• The measures we have taken, or propose to take, to address the breach and mitigate any adverse effects
• A contact point so your team can follow up

We will cooperate with you in good faith to support any reporting obligations you have to the Information Commissioner's Office or to affected individuals.

12. International transfers

Your data is primarily stored and processed within the United Kingdom and European Economic Area. Some of our sub-processors are based in the United States, including Anthropic, Stripe, SendGrid, Sentry, and Cloudflare. Where data is transferred to them, we rely on the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, or the UK Extension to the EU-US Data Privacy Framework, as appropriate to each provider.

13. Changes to this policy

We may update this privacy policy from time to time. When we make material changes, we will notify you by email or by posting a notice on our website. The "last updated" date at the top of this page indicates when the policy was most recently revised.

14. Contact

If you have questions about this privacy policy or our data practices, contact us at:

Pleras Ltd
Email: [email protected]