Privacy Policy
Last updated: January 25, 2026
1. Introduction
Canto9 ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.
Canto9 is operated by Twixel Ltd, registered in the United Kingdom. We are the data controller responsible for your personal data.
2. Information We Collect
2.1 Information You Provide
| Data Type | Purpose |
|---|---|
| Email address | Account creation, login, communications |
| Display name | Public profile display |
| Password (hashed) | Account security |
2.2 Information Collected Automatically
| Data Type | Purpose |
|---|---|
| IP address | Security, fraud prevention |
| Browser and device information | Platform optimization |
| Usage data (pages visited, actions taken) | Service improvement |
2.3 Payment Information
Payment processing is handled by Stripe. We do not store your full credit card number. Stripe may collect payment details in accordance with their privacy policy. We receive only:
- Transaction confirmation
- Last four digits of your card (for your reference)
- Billing country
3. How We Use Your Information
We use your information to:
- Provide and maintain the Platform
- Process transactions and send purchase confirmations
- Communicate with you about your account, purchases, and updates
- Detect and prevent fraud and abuse
- Comply with legal obligations
- Improve the Platform based on usage patterns
4. Legal Basis for Processing (GDPR)
Under the UK GDPR, we process your data based on:
- Contract: To fulfill our agreement with you (account services, purchases)
- Legitimate interests: To improve our services, prevent fraud, and ensure platform security
- Legal obligation: To comply with applicable laws
- Consent: For marketing communications (you can opt out anytime)
5. Information Sharing
We share your information only as follows:
5.1 Service Providers
- Supabase - Database and authentication hosting
- Stripe - Payment processing
- AWS - Website hosting and content delivery
- Resend - Transactional email delivery
5.2 Public Information
Your display name may be visible on reviews you leave on the Platform.
5.3 Legal Requirements
We may disclose your information if required by law or to protect our rights, safety, or property.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion + 30 days |
| Purchase records | 7 years (legal/tax requirements) |
| Server logs | 90 days |
7. Your Rights
Under UK GDPR, you have the right to:
- Access - Request a copy of your personal data
- Rectification - Correct inaccurate data
- Erasure - Request deletion of your data (subject to legal retention requirements)
- Portability - Receive your data in a machine-readable format
- Object - Object to processing based on legitimate interests
- Restrict processing - Request limited processing in certain circumstances
To exercise these rights, contact us at privacy@canto9.com.
8. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- HTTPS encryption for all data transmission
- Secure password hashing
- Access controls and authentication
- Regular security assessments
9. International Transfers
Your data may be processed in countries outside the UK, including the United States (where some of our service providers are located). We ensure appropriate safeguards are in place, including Standard Contractual Clauses where required.
10. Cookies
We use essential cookies for:
- Authentication (keeping you logged in)
- Security (CSRF protection)
We do not use advertising or tracking cookies.
11. Children's Privacy
Canto9 is not intended for children under 18. We do not knowingly collect data from children under 18. If you believe a child has provided us with personal data, please contact us.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or Platform notification.
13. Contact Us
For privacy-related questions or to exercise your rights:
Email: privacy@canto9.com
Data Controller: Twixel Ltd, United Kingdom
14. Supervisory Authority
You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe we have not handled your data appropriately: