Privacy Policy

The First Ten (“we”, “us”, “our”) operates the website at thefirstten.io. We are a UK-based digital product company. If you have any questions about this policy, contact us at hello@thefirstten.io.

We collect only what we need to deliver the product:

• Email address — when you sign in or submit the diagnostic quiz email capture.
• Diagnostic answers — your responses to the 10-question diagnostic quiz, stored to personalise your experience.
• Module inputs — the text you enter during module exercises. This is stored in your browser's local storage and optionally synced to our database when you are signed in.
• Payment information — processed entirely by Stripe. We never see or store your card number, CVV, or full payment details.
• Usage data — basic analytics (page views, module completion) to improve the product. No third-party tracking scripts.

• To authenticate you and provide access to purchased modules.
• To deliver personalised LLM-generated analysis based on your inputs.
• To send transactional emails (sign-in links, purchase confirmations).
• To improve the product based on aggregate, anonymised usage patterns.

We do not sell, rent, or share your personal data with third parties for marketing purposes. Ever.

Your module inputs are sent to Anthropic's Claude API to generate personalised analysis. These inputs are processed in real time and are not used by Anthropic to train their models. We do not store the prompts sent to the LLM beyond what is necessary to deliver your artifact.

Your data is stored in Supabase (hosted on AWS infrastructure) with row-level security policies. All data is encrypted in transit (TLS) and at rest. Authentication is handled via secure magic-link email tokens.

• Supabase — authentication and database.
• Stripe — payment processing.
• Anthropic — LLM analysis generation.
• Vercel — hosting and deployment.

Each provider has their own privacy policy and data processing agreements.

We use only essential cookies required for authentication (session tokens). We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

Under UK GDPR and the Data Protection Act 2018, you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data.
• Withdraw consent at any time.
• Data portability — receive your data in a structured format.

To exercise any of these rights, email us at hello@thefirstten.io. We will respond within 30 days.

We retain your account data for as long as your account is active. If you request account deletion, we will remove your personal data within 30 days. Anonymised, aggregate data may be retained indefinitely for product improvement.

We may update this policy from time to time. If we make material changes, we will notify you via email. Your continued use of the product after changes constitutes acceptance of the updated policy.