Policies
Last updated 7 June 2026Privacy contact: privacy@estyl.ioLegal contact: legal@estyl.io

Privacy Policy

This Privacy Policy explains how Estyl (“Estyl”, “we”, “us” and “our”) collects, uses, stores, shares and protects personal data when you use Estyl websites, accounts, applications, products, services, software, APIs, content, features and related online services that link to, display or otherwise refer to this Privacy Policy (together, the “Services”).

Estyl operates from the United Kingdom and the Services may be accessed globally.

1. Who is responsible for your personal data

For the personal data described in this Privacy Policy, Estyl is the controller where we decide why and how the personal data is processed.

Some third-party services involved in the Services may act as independent controllers for their own processing. For example, Polar may act as Merchant of Record and authorised reseller for paid products purchased through Polar checkout, and may process billing, tax, invoice, payment and customer portal data under its own terms and privacy policy.

Where we process personal data only on behalf of another controller under a separate written agreement, that controller’s privacy notice applies to that processing and this Privacy Policy does not override it.

2. How to contact us

For privacy requests, questions or complaints, contact us at privacy@estyl.io.

For legal notices, contact us at legal@estyl.io.

3. Personal data we collect

We collect only personal data that is reasonably needed for the Services, our legal obligations, security, billing, support and legitimate operation of Estyl.

Account data

When you create or use an Estyl Account, we collect and process account details such as your email address, name or display name if provided, account identifiers, authentication identifiers, login-related metadata, account status and other account details needed to operate your Estyl Account.

Estyl Accounts use WorkOS as a third-party authentication provider. We also sync relevant account details from WorkOS to Estyl’s own Postgres database hosted on Neon so that Estyl can operate accounts, connect accounts to Estyl Services, manage access and maintain account-related records.

Billing and subscription data

Where you buy, subscribe to or manage a paid Service, billing is handled through Polar as our billing partner and Merchant of Record where Polar checkout is used.

Estyl may receive billing-related records from Polar that are needed to provide and manage paid access, such as customer identifiers, billing email, product or plan, order status, subscription status, renewal status, payment status, invoice or receipt references, transaction dates, amounts and currency.

Estyl’s own systems are not intended to store full payment card numbers, card security codes or comparable payment credentials. Billing details that Polar makes available to you can be managed through the Polar customer portal accessible from your Estyl Account at accounts.estyl.io/my-account/billing.

Service usage and technical data

When you use the Services, we may collect technical and usage data such as IP address, device and browser information, operating system, approximate location derived from IP address, referring pages, pages or features used, timestamps, request logs, error logs, diagnostic data, security events and similar information.

Communications data

If you contact us, we process the information you send, such as your email address, message contents, attachments and related metadata.

User Content

If a Service allows you to submit, upload, generate, store, transmit or otherwise provide content, files, text, prompts, outputs, code, designs, media, comments or other materials, we process that content as needed to provide, maintain, secure, support and improve the relevant Service.

You should not submit special category data, criminal offence data, children’s data, health data, biometric data, financial account data or other highly sensitive personal data unless the relevant Service expressly supports it and you have a lawful basis to do so.

Cookies and similar technologies

We may use cookies, local storage, pixels, scripts, device identifiers and similar storage or access technologies for purposes such as authentication, account security, session management, preferences, billing flows, diagnostics, fraud prevention, analytics and service improvement.

Where consent or another control is required by law for non-essential technologies, we will provide the required information and control. Strictly necessary technologies may be used without consent where permitted by law.

4. Sources of personal data

We collect personal data from:

  • you, when you create an account, use the Services, submit content, purchase a paid Service, manage billing, or contact us;
  • WorkOS, when authentication and account information is created, verified, updated or used;
  • Polar, when billing, subscription, order, invoice, payment status or customer portal information is created or updated;
  • Neon, as the database provider hosting Estyl account records that we store;
  • your device, browser, network and interactions with the Services; and
  • third parties where you choose to connect or use them with the Services.

5. Purposes and lawful bases

We process personal data under the UK GDPR and other applicable data protection laws using the lawful bases below.

Purpose

Provide and operate the Services

Examples of personal data

Account data, User Content, usage data, technical data

Lawful basis

Contract; legitimate interests

Purpose

Create, authenticate and secure Estyl Accounts

Examples of personal data

Email, identifiers, login metadata, authentication events

Lawful basis

Contract; legitimate interests

Purpose

Sync account details to Estyl’s database on Neon

Examples of personal data

Account identifiers, email, account status, linked service access

Lawful basis

Contract; legitimate interests

Purpose

Provide paid access and manage billing through Polar

Examples of personal data

Customer IDs, billing email, order/subscription status, invoice references

Lawful basis

Contract; legal obligation; legitimate interests

Purpose

Communicate with you about the Services

Examples of personal data

Email address, account status, service messages

Lawful basis

Contract; legitimate interests

Purpose

Provide support and respond to requests

Examples of personal data

Contact details, messages, account data, diagnostics

Lawful basis

Contract; legitimate interests

Purpose

Maintain security, prevent abuse and investigate misuse

Examples of personal data

IP address, logs, security events, account data

Lawful basis

Legitimate interests; legal obligation where applicable

Purpose

Comply with law and enforce rights

Examples of personal data

Account, billing, communications and usage records

Lawful basis

Legal obligation; legitimate interests

Purpose

Improve, debug and develop the Services

Examples of personal data

Usage data, diagnostics, feedback, aggregated information

Lawful basis

Legitimate interests

Purpose

Use non-essential cookies or similar technologies where required

Examples of personal data

Cookie identifiers, device/browser data, analytics events

Lawful basis

Consent, or legitimate interests where permitted by law

Purpose

Send direct marketing if we do so

Examples of personal data

Contact details and communication preferences

Lawful basis

Consent or legitimate interests, depending on the context and applicable law

Our legitimate interests include operating Estyl, providing secure and reliable Services, preventing fraud and abuse, maintaining records, improving products, protecting users and third parties, enforcing terms, and understanding how the Services are used. We only rely on legitimate interests where we have considered your rights and interests and where they do not override our interests.

6. Sharing personal data

We do not sell your personal data.

We may share personal data with:

  • WorkOS, for authentication and account management;
  • Neon, for managed Postgres database hosting of Estyl account records and related operational data;
  • Polar, for billing, Merchant-of-Record checkout, subscriptions, customer portal access, tax, invoices, receipts, payment status and related billing operations;
  • hosting, infrastructure, security, monitoring, communications and support providers needed to operate the Services;
  • professional advisers, insurers, auditors and legal representatives where reasonably necessary;
  • regulators, law enforcement, courts, public authorities or other parties where required by law or necessary to protect rights, safety and security;
  • parties involved in a merger, acquisition, financing, reorganisation, transfer of assets or similar business transaction, subject to appropriate confidentiality and data protection measures; and
  • other third parties where you direct us to share data or give consent.

Third-party providers may have their own privacy terms where they act as independent controllers. Their processing is not controlled by Estyl.

7. International transfers

Estyl operates from the United Kingdom. Some providers we use, including authentication, database, billing, hosting and infrastructure providers, may process personal data outside the United Kingdom.

Where UK data protection law requires a transfer mechanism or safeguard for an international transfer, we use lawful mechanisms intended to protect the data, such as adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, the EU Standard Contractual Clauses, or other lawful safeguards or derogations available under applicable data protection law.

8. How long we keep personal data

We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, maintain accounts, manage billing, comply with legal obligations, resolve disputes, enforce agreements, maintain security and protect rights.

In particular:

  • account data is normally kept while your Estyl Account is active;
  • if you request deletion of your Estyl Account, we will delete or anonymise account data unless we need to keep it for legal, billing, security, dispute, fraud-prevention or legitimate operational reasons;
  • billing and transaction records are kept for as long as needed for tax, accounting, audit, chargeback, dispute and legal purposes;
  • communications are kept for as long as needed to respond, maintain records and handle legal or operational issues;
  • technical logs and security records are kept for as long as needed for security, diagnostics, abuse prevention and service reliability;
  • User Content is kept according to the functionality of the relevant Service and any deletion controls available in that Service; and
  • backups may retain data for a limited period after deletion until overwritten or deleted in the ordinary backup cycle.

Deletion of an Estyl Account may not automatically cancel an active paid subscription handled through Polar. You should manage subscriptions through accounts.estyl.io/my-account/billing or contact us if you need help.

9. Your rights

Depending on where you live and the law that applies, you may have rights to:

  • be informed about how your personal data is used;
  • access a copy of your personal data;
  • correct inaccurate or incomplete personal data;
  • request deletion of personal data;
  • restrict processing of personal data;
  • object to processing based on legitimate interests or direct marketing;
  • receive personal data in a portable format where the right applies;
  • withdraw consent where processing is based on consent;
  • complain to a data protection authority; and
  • not be subject to certain solely automated decisions with legal or similarly significant effects.

These rights are not absolute and may be subject to limits, exceptions or verification requirements.

To exercise your rights, contact privacy@estyl.io. We may need to verify your identity and may ask for information reasonably needed to process your request. We will respond within the period required by applicable law.

10. Data protection complaints

If you are concerned about how we use your personal data, contact privacy@estyl.io with the subject line “Data protection complaint” and include enough information for us to understand and investigate the issue.

We will acknowledge data protection complaints within 30 days of receiving them, investigate without undue delay, keep you reasonably informed where appropriate, and tell you the outcome without undue delay.

If you are not satisfied with our response, you may complain to the UK Information Commissioner’s Office or another competent supervisory authority. The UK Information Commissioner’s Office can be contacted through its official complaint channels and is based at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom.

11. Children

The Services are not intended for children under 13, and we do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided personal data to Estyl, contact privacy@estyl.io and we will take appropriate steps to delete it where required.

If a Service is later designed for or directed to children, we will provide appropriate notices and protections before collecting children’s personal data through that Service.

12. Security

We use reasonable technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration and disclosure. These measures may include access controls, provider security controls, encryption in transit where appropriate, logging, monitoring and operational safeguards.

No online service can be guaranteed completely secure. You are responsible for keeping your Estyl Account credentials secure and telling us promptly if you believe your account has been compromised.

13. Automated decision-making

We do not use personal data to make solely automated decisions that produce legal or similarly significant effects on you, unless a specific Service tells you otherwise or the processing is otherwise permitted by applicable law with appropriate safeguards.

Automated security, fraud-prevention, billing, authentication or abuse-detection systems may help us flag suspicious activity, restrict access, or protect the Services, but we will provide human review where required by law.

14. Direct marketing

We may send service-related messages that are necessary or useful for your account, subscription, security, billing or use of the Services.

We will only send direct marketing where lawful. Where required, we will ask for consent. Where we rely on legitimate interests for direct marketing, you can object at any time. Marketing emails will include an unsubscribe or opt-out method where required by law.

15. Third-party links and services

The Services may link to or integrate with third-party services. This Privacy Policy does not apply to third-party services that Estyl does not control. You should review the privacy information for those services before using them.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be posted with a new “Last updated” date. Where required by law or where changes materially affect your rights, we will provide additional notice.

Your continued use of the Services after an updated Privacy Policy takes effect means you acknowledge the updated policy. If you disagree with the updated policy, you should stop using the Services and may request account deletion, subject to any retention that is required or permitted by law.

17. Contact

Privacy requests, rights requests and data protection complaints: privacy@estyl.io

Legal notices and legal questions: legal@estyl.io