Privacy Policy
Effective: 1 June 2025 · Last updated: 1 June 2026
1. Who We Are
BAAS Kit Pro is a trading name of Capstone Limited (Company Registration No. 31000313990841), registered at 1001 S Main Street, STE 600, Kalispell, MT 59901, United States. We (“we”, “us”, or “our”) operate the website at baaskitpro.com and provide software template products for the fintech industry. We are the data controller for personal data collected through this Platform.
We are committed to protecting your personal data and handling it responsibly in accordance with applicable data protection law. Where we process the personal data of individuals in the United Kingdom or European Economic Area, we do so in accordance with the UK GDPR and the EU GDPR; we also comply with applicable United States federal and state privacy laws.
For any data protection queries, contact us at privacy@baaskitpro.com.
2. Data We Collect
We collect the following categories of personal data:
2.1 Account and Identity Data
When you register for an account: full name, email address, and hashed password. We never store your password in plain text.
2.2 Contact and Enquiry Data
When you submit a contact form, sales enquiry, or platform requirements form: name, email address, company name, phone number (optional), and the content of your message or selections.
2.3 Newsletter Data
If you subscribe to our newsletter: your email address and subscription date.
2.4 Purchase and Transaction Data
If you purchase a product: order details, product references, and payment confirmation data. We do not store full card numbers or payment credentials — these are handled directly by our payment processor (Stripe or equivalent) under their own privacy policy.
2.5 Technical and Usage Data
Automatically collected when you use the Platform: IP address, browser type and version, operating system, referring URLs, pages visited, time and duration of visits, and device identifiers. This data is collected via cookies and analytics tools (see our Cookie Policy).
3. How We Use Your Data
We use your personal data for the following purposes:
| Purpose | Lawful Basis |
|---|---|
| Providing access to purchased products and your account | Contract performance |
| Processing and responding to sales enquiries and support requests | Legitimate interests / Contract |
| Sending transactional emails (order confirmations, account notices) | Contract performance |
| Sending marketing emails (newsletter) — only with your consent | Consent |
| Improving the Platform and understanding usage patterns | Legitimate interests |
| Complying with legal obligations (fraud prevention, tax records) | Legal obligation |
| Enforcing our Terms of Service | Legitimate interests |
4. Cookies
We use cookies and similar tracking technologies to operate the Platform and understand how visitors use it. For full details of the cookies we use, the purposes they serve, and how to manage your preferences, please read our Cookie Policy.
5. Data Sharing
We do not sell your personal data. We may share your data with the following categories of third parties, only to the extent necessary:
- Payment processors (e.g. Stripe): to process purchases. Your payment data is handled directly by the processor under their own privacy policy.
- Email service providers (e.g. Resend, SendGrid): to send transactional and marketing emails.
- Hosting and infrastructure providers (e.g. Vercel, cloud database providers): to host and operate the Platform.
- Analytics providers (e.g. Google Analytics, Plausible): to understand usage patterns. Where we use Google Analytics, data is anonymised before transfer where possible.
- Legal and professional advisors: where required to protect our legal rights or comply with regulatory obligations.
- Law enforcement or regulatory bodies: where we are legally required to disclose data.
All third-party processors are required to handle your data securely and only as instructed by us, under appropriate data processing agreements.
6. International Data Transfers
Some of our third-party service providers are based outside the UK or EU. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the Information Commissioner's Office (ICO) or the European Commission, or by relying on adequacy decisions where applicable.
7. Data Retention
We retain your personal data for as long as necessary to fulfil the purposes for which it was collected:
- Account data: for the duration of your account plus 2 years after closure
- Purchase and order records: 7 years (UK legal and tax record-keeping requirements)
- Enquiry and contact data: 3 years from last contact
- Newsletter subscriptions: until you unsubscribe, then deleted within 30 days
- Analytics data: as configured in the analytics platform (typically 14–26 months)
After the applicable retention period, data is securely deleted or anonymised.
8. Your Rights
Under UK GDPR and applicable data protection law, you have the following rights regarding your personal data:
- Right of access: to request a copy of the personal data we hold about you
- Right to rectification: to correct inaccurate or incomplete data
- Right to erasure: to request deletion of your data in certain circumstances
- Right to restrict processing: to limit how we use your data in certain circumstances
- Right to data portability: to receive your data in a structured, machine-readable format
- Right to object: to processing based on legitimate interests or for direct marketing
- Right to withdraw consent: where processing is based on consent (e.g. marketing emails), you may withdraw at any time without affecting the lawfulness of prior processing
To exercise any of these rights, contact us at privacy@baaskitpro.com. We will respond within 30 days. We may need to verify your identity before processing your request.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or your local supervisory authority.
9. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include encryption in transit (TLS/HTTPS), password hashing (bcrypt), access controls, and regular security reviews.
While we take reasonable steps to protect your data, no method of transmission over the internet or electronic storage is completely secure. If you become aware of a potential security issue, please notify us immediately at privacy@baaskitpro.com.
10. Children's Privacy
Our Platform is not directed at or intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data about a child, please contact us and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. The updated policy will be posted on this page with a revised “Last updated” date. We encourage you to review this page periodically. For material changes, we will provide notice via email or a prominent notice on the Platform.