Legal
Privacy Policy
Last updated:
Farra ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and protect your information when you visit withfarra.co.uk in accordance with UK GDPR and the Data Protection Act 2018.
1. Who we are
Farra is a digital assistant designed to help with death admin and bereavement paperwork in the UK. We are a UK-based company and the data controller for the personal data you provide to us.
For data protection enquiries, email us at support@withfarra.co.uk.
2. What personal data we collect
We may collect and process the following data:
- Email address – when you sign up for newsletters or contact us
- Payment information – processed securely through Stripe (we do not store card details on our servers)
- Account information – including session IDs and payment status
- Chat conversations – messages sent to our AI assistant to provide personalised guidance
- Personal circumstances data – information you provide about the deceased and estate details (for generating personalised plans)
- Generated content – tasks and plans you create using our platform
- Website usage data – through cookies, analytics tools (Vercel Analytics, Sentry error tracking)
- Correspondence – if you email us directly
3. How we use your data and legal basis
Under UK GDPR, we must have a lawful basis for processing your personal data. The table below shows how we use your data and the legal basis for each purpose:
| Purpose | Legal Basis |
|---|---|
| Provide our services (AI chat, personalised plans) | Contract performance |
| Process payments and manage your account | Contract performance |
| Send newsletters or updates you've requested | Consent |
| Improve our AI assistant and platform features | Legitimate interests |
| Monitor website performance and detect technical issues | Legitimate interests |
| Comply with legal obligations (e.g. tax records) | Legal obligation |
We do not sell or share your data with third parties for marketing purposes.
3.1 AI processing
Our AI chat feature uses Anthropic Claude to process your messages and provide guidance. Your chat data is:
- Sent to Anthropic's API for processing
- Stored in our database (Supabase) for your access
- Used to improve responses and personalise your experience
- Subject to Anthropic's privacy policy and data processing terms
Anthropic processes data in accordance with their privacy policy. Data may be transferred to the United States under appropriate safeguards.
3.2 Third-party services
We use the following third-party services:
- Stripe – Payment processing (PCI DSS-compliant)
- Supabase – Database hosting (EU servers)
- Anthropic Claude – AI chat assistance
- Vercel – Website hosting and analytics
- Sentry – Error monitoring
- Formspree – Form submissions
4. Cookies
We use cookies to understand how visitors use our website. You can disable cookies through your browser settings.
For more information, see our Cookie Policy.
5. How we protect your data
We take appropriate technical and organisational measures to keep your data secure, including:
- Encryption of data in transit and at rest
- Access controls and authentication
- Regular security audits and monitoring
- Staff training on data protection
- Secure backup procedures
5.1 Data breach notification
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the ICO within 72 hours of becoming aware of the breach, as required by UK GDPR.
6. Data retention
We retain your data as follows:
- Account data – retained while your account is active and for 12 months after account closure
- Chat messages and generated content – retained for the lifetime of your account or until you request deletion
- Payment records – retained for 7 years to comply with UK tax and accounting regulations
- Analytics data – aggregated and anonymised after 26 months
You can request deletion of your data at any time by contacting us (see Section 8).
7. Your rights under UK GDPR
Under the UK General Data Protection Regulation (UK GDPR), you have the following rights:
- Right of access – Request a copy of the personal data we hold about you
- Right to rectification – Request correction of inaccurate or incomplete data
- Right to erasure – Request deletion of your data (subject to legal obligations)
- Right to restrict processing – Request that we limit how we use your data
- Right to data portability – Request a copy of your data in a machine-readable format
- Right to object – Object to processing based on legitimate interests
- Right to withdraw consent – Withdraw consent for marketing at any time
7.1 How to exercise your rights
To exercise any of these rights, email us at support@withfarra.co.uk with your request. We will respond within 30 days.
7.2 Right to complain to the ICO
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Website: ico.org.uk
Helpline: 0303 123 1113
8. Contact
If you have any questions about this policy or how we handle your data, contact us at:
Farra
Email: support@withfarra.co.uk
Frequently asked questions
How long do you keep my data?
Account data is retained while your account is active and for 12 months after closure. Chat messages and generated content are retained for the lifetime of your account or until you request deletion. Payment records are retained for 7 years to comply with UK tax regulations.
Can I request deletion of my data?
Yes. Under UK GDPR, you have the right to request deletion of your personal data. Email us at support@withfarra.co.uk to submit a data deletion request. We will respond within 30 days.
Do you sell my data to third parties?
No, we never sell or share your data with third parties for marketing purposes. We only share data with service providers necessary to deliver our service (Stripe for payments, Supabase for hosting, Anthropic for AI chat).
Where is my data stored?
Your data is stored on Supabase servers located in the EU. Payment data is processed by Stripe in accordance with PCI DSS compliance standards.
How can I lodge a complaint about data protection?
If you're unhappy with how we've handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or call 0303 123 1113.