Legal
Privacy Policy
This policy explains how MILLGREEN CONSULTING LTD. ("we", "us") handles personal data when you use Millwright at millcons.shop. It covers your account, billing, support messages, and the business descriptions, generated plans, visuals and files you work with in the workspace.
Last updated July 12, 2026
01Who is responsible
The data controller is MILLGREEN CONSULTING LTD., registered office 8 Millfield Drive Polmont, FK2 0PH, United Kingdom. For any privacy question or request, contact support@millcons.shop or call +44 7263612849.
Millwright is an online-only digital subscription. We do not sell physical goods, provide on-site services, or act as a financial, investment, legal or tax adviser.
02What we collect
- Account data — name, email, password hash, plan and subscription status.
- Billing data — billing name, country, and subscription records. Card details are entered on Stripe's hosted checkout; we never receive or store full card numbers.
- Workspace inputs — the business descriptions, goals and any optional data or files you provide to generate plans, visuals and reels.
- Generated results — the strategy plans, visuals, reels and Strategy Packs produced from your inputs.
- Support data — messages you send us via the contact or workspace forms.
- Technical data — IP address, device/browser type, and basic usage and security logs.
03Collection sources
Our collection sources are:
- Directly from you — account signup, the business descriptions and files you enter in the workspace, and the contact/brief forms.
- Automatically from your device — technical, usage and security logs when you use the service.
- From our payment processor — Stripe confirms your subscription and billing status.
04Why we use it and legal bases
- Provide the service — generate plans, visuals and reels; maintain your account and exports. Legal basis: performance of a contract.
- Billing — manage subscriptions, renewals and refunds. Legal basis: contract and legal obligation.
- Support — respond to your messages. Legal basis: legitimate interests and contract.
- Security and abuse prevention — protect the service and our users. Legal basis: legitimate interests and legal obligation.
- Service improvement — understand aggregate, non-identifying usage. Legal basis: legitimate interests.
05AI data handling: your input, generated output and files
User input: the business descriptions, goals and any optional files or example data you enter in the workspace are processed only to generate the plan, visuals and reel you asked for.
Generated output: the strategy plans, visuals, reels and Strategy Packs produced from your input are stored so you can view, download and manage them, and are returned only to you.
AI provider: generation is performed by our third-party AI provider(s), which receive your input solely to return the generated output and do not receive your account or billing identity for marketing. We do not use your user input, uploaded files or generated output to train AI models, and we do not sell them.
User input and generated output are retained while your account is active so you can revisit your work. Optional uploaded files and example data are cached only as long as needed for generation and are cleared within 30 days by default. You can delete your workspace content, or ask us to delete it, at any time.
07International transfers
Our processors may store or process data outside your country, including in the United States. Where data leaves the UK or EEA, we rely on appropriate safeguards such as the UK International Data Transfer Agreement/Addendum and EU Standard Contractual Clauses.
08How long we keep it
We keep account and billing records for as long as your account is active and as required for legal, tax and accounting purposes afterwards. Workspace inputs and results are kept while your account is active; optional uploads default to a 30-day cache. Support messages are kept for up to 24 months. When retention ends, data is deleted or anonymised.
09Your rights
Under UK GDPR and EU GDPR you may request access, correction, deletion, restriction, portability, and object to certain processing. Under the CCPA/CPRA, California residents may request access and deletion and may opt out of sale or sharing.
Do Not Sell or Share: we do not sell or share personal data for cross-context behavioural advertising. To exercise any right, email support@millcons.shop. We respond within the timeframes set by applicable law.
11Automated decisions and children
Millwright does not make legally significant decisions about you by automated means. The service is not for anyone under 13; users aged 13–17 require verifiable consent from a parent or guardian. We do not knowingly collect data from children under 13 and will delete it if discovered.
12Security
We use encryption in transit, access controls, and reputable infrastructure providers. No system is perfectly secure, but we work to protect your data and will notify you and regulators of a qualifying breach as required by law.
13Contact and complaints
Questions or requests: support@millcons.shop, +44 7263612849, 8 Millfield Drive Polmont, FK2 0PH, United Kingdom. If you are in the UK you may complain to the Information Commissioner's Office (ICO); in the EEA, to your local supervisory authority. Governing law: England and Wales.