Privacy
Last updated 12 June 2026 · a plain-English summary. We're a new business; this notice will be reviewed by a solicitor before we scale, and updated here.
Who we are
ExitSignal is a UK due-diligence-readiness tool for care-home owners, run by Enrico (sole trader, pre-incorporation). We are the data controller for the information below. You can manage your own data at any time — see Manage your data.
What we collect
| Data | When |
|---|---|
| Your email address and consent choice | When you ask for your results or the workbook |
| Your answers to the free 3-minute check | When you take the check |
| The workbook you upload — business information about your care home, which may include operational and staffing details | When you upload it for a snapshot or report |
| Payment details | If you buy a report, payment is handled by Stripe — we never see or store your card details |
How we use it
- To produce and deliver your check, snapshot and (if purchased) report and report Q&A;
- To email you your results, the workbook, and your report;
- To send service messages about your request;
- To send occasional readiness tips — only if you opted in.
Our lawful bases
Delivering the service you asked for (performance of a contract / steps before one); our legitimate interest in running and securing the service; and your consent for any marketing emails (which you can withdraw at any time).
AI processing of your workbook
To generate your report, the contents of your completed workbook are sent to our AI provider, Anthropic, through their commercial API. Anthropic does not use your data to train its models. Under their commercial terms they process it only to return the analysis to us, and retain it for a limited period for operational and security purposes before deleting it; we send no more than is needed. See Anthropic's privacy policy and commercial terms. You can have the report and underlying data we hold deleted at any time via Manage your data; deleting on our side also ends any further processing of it.
Who we share it with
Only the processors we need to run the service: Anthropic (report generation), Stripe (payments), our email provider, and our hosting provider. We do not sell your data. Some providers may process data outside the UK; where they do, we rely on appropriate safeguards such as standard contractual clauses.
How long we keep it
We apply defined retention periods (the GDPR "storage limitation" principle):
- Free-check answers — not stored after you see your result, unless you give us your email.
- A workbook uploaded only for a free snapshot — processed in memory and discarded immediately; we don't keep the file.
- If you buy a report — we keep your report and the workbook data behind it for 18 months from delivery, so you can use the report and the paid report-Q&A, then we delete it — or sooner if you ask.
- Your email / lead details — until you unsubscribe or ask us to delete them.
- If you send feedback — we keep your message, and any email you add, until we've actioned it; erase it any time via Manage your data.
You can trigger any of this yourself via Manage your data.
Security
Your information is encrypted in transit and at rest, and access is limited to what's needed to deliver your results.
Your rights & how to unsubscribe
You can do all of this yourself, without emailing anyone, at Manage your data — access, correct, delete or restrict your data, get a copy of it, or unsubscribe from emails. Every marketing email also carries a one-click unsubscribe link. You have the right to complain to the UK Information Commissioner's Office (ico.org.uk).
Cookies
We use a single essential cookie to remember your email address so you aren't asked for it twice. We don't use third-party advertising or tracking cookies.