Privacy Policy.

Fortitude Media is a trading name of Fortitude Media Limited, registered in England and Wales under company number 17191927. Our registered office is 5 Missenden Road, Chesham, England, HP5 1JL. Fortitude Media Limited is the data controller for personal data collected through this website.

You can contact us about this policy at any time:

• By email: [email protected]
• By post: Data Protection, Fortitude Media Limited, 5 Missenden Road, Chesham, England, HP5 1JL
• Named contact: David Adams, Co Founder

We collect personal data from three sources: information you give us directly, information we receive when you use our website, and information we receive from third parties we work with on your behalf.

Information you give us directly.

When you complete a form on our website (the AI Visibility Audit request, the book a call form, or any later signing form):

• Your name, work email, telephone number, company name, and job title.
• Optional fields you choose to share: LinkedIn URL, company website, sector, revenue band.
• Anything else you write into a free text field on the form.

When you sign a Discovery Letter of Engagement or Subscription Service Agreement:

• The signing details required to create a binding contract: full name, title, email, signature, date and IP address of signing.
• Billing contact details and, if you pay by Direct Debit, bank account details processed by our payment provider.

Information we collect automatically.

When you visit fortitudemedia.ai we collect a small amount of data through cookies and similar technology. This is described fully in our Cookie Policy and in summary it includes:

• Strictly necessary cookies that make the site work (session, security, form integrity).
• Analytics cookies, only if you consent, used to count visits and understand which pages are useful.
• Marketing cookies, only if you consent, used to measure the effectiveness of paid campaigns.

Information we receive from third parties.

If we run an AI Visibility Audit on your domain, we collect publicly available information about your site, your search visibility, and your presence in large language model responses. This is not personal data about you, but it may include the names and titles of senior staff if those are publicly published. If we use enrichment tools to verify a business email address, we receive the corroborated business contact data those tools return.

Under the UK GDPR every use of personal data must have a lawful basis. We rely on the following:

• Performance of a contract: when we are delivering the AI Visibility Audit, the paid Discovery, or the subscription service to you.
• Legitimate interests: when we use your business contact data to respond to your enquiry, run a follow up sequence relating to that enquiry, send service updates, or maintain our records.
• Consent: when we set non essential cookies, send unsolicited marketing emails to a personal address, or process any special category data. You can withdraw consent at any time.
• Legal obligation: when we have to keep records for tax, accounting, or regulatory reasons.

We use the data we collect for the following purposes:

• To deliver the AI Visibility Audit you requested and follow up on it.
• To run the discovery, build, and ongoing subscription service if you become a customer.
• To take payment and manage our financial records.
• To send service related communications: report delivery, billing, account changes, and security notices.
• To improve our website, our service, and our content based on aggregated, non identifying analytics.
• To meet our legal and regulatory obligations.

We do not use your personal data to make solely automated decisions that produce legal or similarly significant effects on you.

We may send occasional marketing emails to business contacts who have requested an audit, booked a call, signed a Letter of Engagement, or subscribed to our service. These cover insights about AI visibility, B2B website performance, and Fortitude Media's own developments. You can unsubscribe at any time using the link in every email or by emailing [email protected]. We rely on legitimate interests for B2B contacts and on consent for any contact at a personal email address.

We share your personal data only with the third parties listed below, and only to the extent necessary to provide the service. These are our sub processors. They process your data on our behalf under written contracts that meet UK GDPR requirements.

Infrastructure and operations.

• Cloudflare (hosting, DNS, content delivery, security): processes IP address and request metadata.
• Supabase or equivalent application database: stores form submissions and account records.
• Vercel: hosts the application dashboard layer where applicable.

Communication and CRM.

• Google Workspace: email, document storage, calendar.
• HubSpot or equivalent CRM: stores contact records, enquiry history, and pipeline data.
• DocuSign or equivalent e signature platform: handles contract execution and stores signed copies.

Analytics and AI visibility.

• Google Analytics 4: aggregated website analytics where you have consented.
• AI visibility tracking platforms (currently including Profound and similar): track which AI models reference our content and our customers' sites.

Payment.

• Stripe or equivalent payment processor: processes card and bank transfer payments. We do not store full card or bank details ourselves.

Other disclosures.

We may also disclose your personal data:

• To professional advisers (lawyers, accountants, auditors) under confidentiality.
• To public authorities where required by law, court order, or regulatory request.
• To a buyer or successor entity in the event of a sale, merger, or reorganisation of Fortitude Media, with appropriate safeguards in place.

Some of our sub processors are based outside the United Kingdom. Where personal data is transferred to a country that does not have an adequacy decision from the UK Government, we rely on appropriate safeguards including the UK International Data Transfer Addendum to the EU Standard Contractual Clauses, and we assess the destination country's legal regime to make sure your rights remain protected.

We do not keep your personal data for longer than we need to. Our standard retention periods are:

• Audit and enquiry data where you do not become a customer: 24 months from the last meaningful interaction, then deleted or anonymised.
• Customer contract and account data: for the duration of the relationship plus six years from the end of the contract, to meet UK statutory record keeping requirements.
• Financial records: six years from the end of the financial year to which they relate, in line with HMRC requirements.
• Marketing consent records: kept until you withdraw consent, then a record of withdrawal is retained to honour your preference.
• Website analytics: aggregated and retained for up to 26 months, with raw data anonymised at the earliest reasonable point.

Under the UK GDPR you have the following rights in relation to your personal data:

• Right of access: ask for a copy of the data we hold about you.
• Right to rectification: ask us to correct inaccurate or incomplete data.
• Right to erasure: ask us to delete your data, subject to our legal retention obligations.
• Right to restrict processing: ask us to pause certain processing while you query its accuracy or basis.
• Right to data portability: ask for your data in a structured, commonly used, machine readable format.
• Right to object: object to processing based on legitimate interests, including marketing.
• Right to withdraw consent: where we rely on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, email [email protected]. We will respond within one calendar month. There is no fee, except in unusual cases where the request is manifestly unfounded or excessive.

If you are unhappy with how we have handled your personal data, please tell us first by emailing [email protected] so we can put it right. If you remain unhappy, you have the right to complain to the Information Commissioner's Office, the UK regulator for data protection.

• Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
• Helpline: 0303 123 1113
• Website: ico.org.uk

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. These include encryption in transit, access controls and least privilege on internal systems, regular reviews of who has access to what, and a documented breach response process. No system is completely secure, but we will notify the Information Commissioner's Office and you, where required, if we identify a breach that affects you.

Our service is a B2B service and is not directed at children under 18. We do not knowingly collect personal data from children. If you believe we have, please email [email protected] and we will delete it.

We may update this policy from time to time. The effective date at the top of this document tells you when it was last changed. If we make a material change, we will notify customers in writing and post a clear notice on the website for at least thirty days before the change takes effect.