Data Protection — Studio:Blueprint

Commitment

Our Commitment

Studio:Blueprint is designed with data minimisation as a core principle. We collect the minimum amount of data necessary to provide the service and we do not monetise user data in any way. Where data is stored, retention periods are clearly defined and limited.

Data Minimisation by Design

The Tool was built with the following data protection principles embedded in its architecture:

Browser-first processing. Your questionnaire answers are processed entirely in your browser using client-side JavaScript. No data is transmitted to any server during report generation. The report you see on screen never leaves your device.

No accounts required. The Tool does not require registration, login, or account creation. There are no user profiles, no passwords, and no persistent identity.

Minimal analytics. Google Tag Manager is used for basic site analytics. Cookie consent is managed by consentmanager. No advertising cookies, tracking pixels, or behavioural profiling is used.

Lead record storage. When you complete an assessment, a lead record is stored in Vercel KV containing your email address, questionnaire answers, computed analysis, Blueprint ID, and IP address. Free tier records are retained for up to 1 year. Paid tier records (which additionally include your name, both PDF documents, and Stripe transaction identifiers) are retained for up to 2 years.

Data flow

Data Flow

Free tier flow:

Step 1: You answer questions in the browser. Data stays in your browser.
Step 2: Results generate in your browser. No server involved.
Step 3: You enter your email to receive a summary PDF.
Step 4: Your answers, email, and IP address are sent to our Vercel serverless function.
Step 5: A summary PDF is generated and emailed via Resend.
Step 6: A lead record (email, answers, computed analysis, Blueprint ID, IP address) is stored in Vercel KV for up to 1 year.
Step 7: A 7-day interactive web report preview is available via magic link.

Paid tier flow:

Steps 1-5: As above.
Step 6: You purchase permanent access via Stripe at £59 per product.
Step 7: A comprehensive record (name, email, answers, both PDFs, computed analysis, Blueprint ID, IP address, Stripe transaction identifiers) is stored in Vercel KV for up to 2 years.
Step 8: Permanent full access to the interactive web report is unlocked.

Stack Interview flow:

Step 1: You purchase the Stack Interview via Stripe.
Step 2: A session is created in Vercel KV with a 12-month TTL.
Step 3: Your conversation is processed by AI models via OpenRouter. Each exchange is stored in the session record.
Step 4: After each response, slot data, utilisation scores, connection map, and findings are extracted and stored in the session record.
Step 5: The completed stack map, transcript, and findings are accessible via your session link for 12 months.

Cockpit AI features flow:

When you use Ask Blueprint, Explain Alert, or similar AI features in the Cockpit, your query and the AI response are logged to Vercel KV under a key scoped to your user ID. These logs are retained for 12 months and used for service improvement. They are not linked to your assessment answers or report content.

Cockpit subscription flow (Studio:Blueprint Operate):

Step 1: You activate a Cockpit trial via a magic link from your paid diagnostic report, or subscribe directly.
Step 2: A firm schema record is created in Vercel KV under your user ID.
Step 3: You enter firm setup data (revenue target, day rate, overhead, billing model). This is stored in your firm schema record.
Step 4: You add client records, pipeline entries, engagement data, flight plan items, and decision ledger entries over time. All are stored in Vercel KV under your user ID.
Step 5: Six deterministic scoring engines recalculate your Health Index, Burnout Risk, Pipeline, Runway, and related metrics each time your data changes. The results are stored alongside your firm schema.
Step 6: Your data is retained while your subscription or trial is active, plus 90 days after lapse or expiry, then permanently deleted.
Step 7: If you build a Forge diagnostic, the diagnostic definition (questions, dimensions, scoring configuration) is stored in Vercel KV under your user ID.
Step 8: When your client completes a Forge diagnostic, a run record is created in Vercel KV containing their answers, scores, dimension scores, and completion timestamp. This record is linked to your user ID and the diagnostic ID.
Step 9: If you invite a client to their portal, a magic link token is generated and stored in Vercel KV with a 30-day TTL. The client's email is added to a client email index linked to your firm.
Step 10: If you create a proposal, a proposal record is stored in Vercel KV under your user ID containing the proposal details and a reference to the generated PDF.
Step 11: If you convert an accepted proposal to an engagement, an engagement record is stored in Vercel KV under your user ID containing deliverables, time logs, scope changes, health index data, and diagnostic baseline information.

Agent context API flow:

Step 1: You choose to connect an external AI agent from within the Cockpit.
Step 2: An API key is generated and stored in Vercel KV, scoped to your user ID.
Step 3: The API key grants read-only access to a structured intelligence summary of your Cockpit data (the agent context schema). It does not grant write access to your firm data.
Step 4: Each time the agent reads your data, the API endpoint, timestamp, and user ID are logged in Vercel KV. This access log is visible to you within the Cockpit.
Step 5: You can revoke the API key at any time from within the Cockpit. Revocation is immediate and permanent. The key is deleted from Vercel KV and all future requests using that key are rejected.
Step 6: The API key and access log are deleted when revoked or when your subscription ends.

Email nurture sequence flow:

Step 1: You complete a free diagnostic, purchase a paid report, or activate a Cockpit trial.
Step 2: A nurture sequence enrollment record is written to Vercel KV containing your email, sequence ID, enrollment timestamp, next send timestamp, and relevant metadata (score, band, diagnostic name).
Step 3: A daily cron job checks all active enrollment records and sends follow-up emails where the scheduled send time has passed.
Step 4: Each send updates the enrollment record with the next scheduled send time and email index.
Step 5: After all emails in a sequence have sent, the record is marked complete.
Step 6: If you click unsubscribe in any email, a suppression key is written to Vercel KV for your email address. All future sends to that address are skipped.
Step 7: Enrollment records are retained for 60 days then deleted. Unsubscribe suppression keys are retained for 365 days then deleted.

The Forge client data flow:

Step 1: You build a diagnostic in The Forge. The definition is stored in Vercel KV under your user ID.
Step 2: You send your client a white-label diagnostic URL.
Step 3: Your client completes the diagnostic. Their answers are processed by the scoring engine and a run record is stored in Vercel KV.
Step 4: Results are displayed to the client on screen and optionally delivered by email via Resend.
Step 5: If the client has completed this diagnostic before, a score delta is computed and stored in the run record and your Decision Ledger.
Step 6: A pipeline opportunity is created or updated in your Cockpit automatically.
Step 7: You invite the client to their portal. A magic link email is sent via Resend. The client accesses their results, history, and your recommendations.
Step 8: Client run data is retained while your subscription is active and for 90 days after it lapses, then deleted.

What we do not do

What We Do Not Do

We do not sell, rent, or trade your personal data to any third party
We do not build behavioural profiles of users
We do not use email addresses for marketing (unless separately opted in)
We do not share data with advertisers
We do not use your data for AI model training. Note that AI sub-processors (OpenRouter, Anthropic, Meta) operate under their own data processing agreements and privacy policies. We do not authorise the use of your data for third-party model training.
We do not use advertising cookies, tracking pixels, or fingerprinting techniques
We do not send unsolicited marketing emails. Automated follow-up emails are triggered by your actions within the product and relate directly to your use of the service. You can unsubscribe at any time.

Sub-processors

Sub-Processors

The following third-party services process data on our behalf:

Vercel Inc. (San Francisco, USA) — Hosts the API and stores lead and assessment records in Vercel KV. Standard Contractual Clauses in place.
Resend Inc. (USA) — Email delivery service. Receives email address and PDF attachments. Retains delivery logs for 30 days. Standard Contractual Clauses in place.
Stripe Inc. (San Francisco, USA) — Payment processing for paid tier purchases. Processes payment card details directly. We do not receive or store card details. Standard Contractual Clauses in place.
Cloudflare Inc. (San Francisco, USA) — Serves the frontend application. Processes standard HTTP request data (IP address, user agent) in transit. No application data stored. Standard Contractual Clauses in place.
Google LLC (Mountain View, USA) — Google Tag Manager for basic site analytics. Standard Contractual Clauses in place.
consentmanager (Germany) — Cookie consent management platform. Standard Contractual Clauses in place.
Sentry / Functional Software Inc. (San Francisco, USA) — Error monitoring. Receives anonymised error reports. Does not process assessment answers or personal data. Standard Contractual Clauses in place.
OpenRouter Inc. (USA) — AI inference routing service. Routes requests to AI model providers including Anthropic (Claude) and Meta (Llama) for diagnostic narrative generation, Stack Interview conversation, and Cockpit AI features. Receives only the data necessary to generate the requested output. Standard Contractual Clauses in place.
Upstash Inc. (USA) — Redis-compatible data store used as the primary storage layer for Cockpit firm schema data, operating metrics, magic link tokens, agent API keys, and email nurture sequence state. Standard Contractual Clauses in place.

Retention

Data Retention Summary

Cockpit firm schema and operating metrics: Retained while subscription or trial is active, plus 90 days after lapse or expiry.
Agent context API key and access log: Retained until revoked or subscription ends.
Email nurture enrollment records: 60 days from enrollment.
Email unsubscribe suppression: 365 days.

Your rights

Data Subject Access Requests

To make a data subject access request, contact Howard Scott via [email protected]. Provide the email address you used and your Blueprint ID (if known). We will respond within 30 days as required by UK GDPR.

A DSAR response will include all data held in our systems, including stored assessment records, computed analysis, and any associated PDFs.

Data Breach Procedure

In the event of a personal data breach that presents a risk to individuals' rights and freedoms, we will notify the Information Commissioner's Office within 72 hours and affected individuals without undue delay, as required by Articles 33 and 34 of UK GDPR.

Data Protection Officer

Given the scale and nature of processing (minimal personal data, no special categories, no systematic monitoring), a formal Data Protection Officer is not required under Article 37 of UK GDPR. Data protection queries should be directed to Howard Scott via [email protected].

Supervisory Authority

The relevant supervisory authority is the Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Website: ico.org.uk.

Last updated: 1 April 2026