Studio:Blueprint
The data controller for information processed through Studio:Blueprint is Howard Scott, trading as Studio:Blueprint, contactable via [email protected]. This policy applies to all data collected through the Tool, the interactive web report, the dashboard, and the paid upgrade service.
| Data Type | When Collected | Purpose |
|---|---|---|
| Questionnaire answers (including, depending on the assessment: consultancy structure, AI operations practices, CRM maturity indicators, or marketing technology stack information such as tool inventory, integration maturity, utilisation levels, data quality practices, content operations, automation maturity, governance, and strategic alignment) | When you complete an assessment | Generating your personalised report |
| Optional financial context (annual revenue, annual spend relevant to the assessment) | When you optionally provide it during an assessment | Financial impact modelling in your report |
| Email address | When you request a PDF or access your report | Delivering PDFs, authenticating dashboard access, sending magic links |
| Blueprint ID | Automatically generated | Identifying your specific report |
| IP address | When you submit an assessment | Stored as part of the lead record for fraud prevention |
| Name | When you purchase via Stripe (paid tier only) | Included in paid report and confirmation email |
| Stripe transaction identifiers | When you purchase via Stripe (paid tier only) | Payment verification and record-keeping |
| Stack Interview conversation transcript | When you complete a Stack Interview session | Generating your stack map, findings, and report; improving the service in anonymised form |
| AI conversation logs (Ask Blueprint, Explain Alert, and similar Cockpit AI features) | When you use AI-assisted features in the Cockpit | Service improvement and product development; stored for 12 months |
| Cockpit firm schema data (revenue target, day rate, overhead, billing model, client records, pipeline entries, engagement data, flight plan items, decision ledger entries) | When you set up and use the Cockpit (Studio:Blueprint Operate) | Calculating your Health Index, Burnout Risk, Pipeline, and Runway metrics; powering the Cockpit operating dashboard |
| Cockpit operating metrics (Health Index, Burnout Risk, Pipeline value, Runway in weeks, and derived scores) | Recalculated automatically each time your Cockpit data changes | Displaying your firm's operating health in the Cockpit dashboard |
| Agent context API key | When you connect an external AI agent (such as OpenClaw) to your Cockpit account | Authenticating agent read access to your Cockpit intelligence data; stored securely in Vercel KV |
| Email nurture sequence enrollment and send history | Automatically when you complete a free diagnostic, purchase a paid report, or activate a Cockpit trial | Sending product-related follow-up emails as part of the service; tracking send history to prevent duplicate sends; processing unsubscribe requests |
| Unsubscribe preference | When you click unsubscribe in any product email | Suppressing future automated product emails; stored indefinitely to honour your preference |
| Anonymised aggregate diagnostic records | When any paid diagnostic assessment is completed | Benchmarking and service improvement; contains no personal identifiers |
| White-label configuration data (firm slug, brand colour, logo URL, contact details) | When you configure white-label settings in the Cockpit | Branding client-facing diagnostics and PDFs with your firm identity |
| Forge diagnostic definitions (questions, dimensions, scoring bands, maturity descriptions) | When you build a diagnostic using The Forge | Generating and serving your custom diagnostic to clients |
| Forge client run data (client answers, scores, dimension scores, completedAt timestamp) | When your client completes a Forge diagnostic | Generating diagnostic results, populating the client portal, calculating score delta, triggering pipeline and alert events |
| Client email index (client email addresses linked to your firm) | When a client completes a Forge diagnostic | Authenticating client portal access via magic link |
| Client portal session tokens | When a client requests portal access via magic link | Authenticating the client's portal session; stored with 30-day TTL then deleted |
| Consultant-written client recommendations | When you add recommendations in the Cockpit | Displaying recommendations to the client in the portal |
| Proposal records (title, fee, scope, status, expiry, PDF reference) | When you create a proposal in the Proposal Builder | Generating and tracking consulting proposals; updating pipeline stage on status change |
| Engagement records (deliverables, time logs, scope changes, health index, diagnostic baseline) | When you create and manage an engagement in the Cockpit | Tracking active engagement health, margin, and diagnostic progress |
We process your data on the following legal bases under UK GDPR:
Your questionnaire answers are processed entirely in your browser. No answers are transmitted to our servers until you request a PDF or complete the assessment. The results you see on screen are generated locally on your device.
When you request a free PDF, your answers, email address, and IP address are transmitted to our Vercel serverless function. A summary PDF is generated and emailed via Resend. A lead record is stored in Vercel KV containing your email, answers, computed analysis, Blueprint ID, and IP address. This record is retained for up to 1 year.
When you purchase the full report via Stripe, your name (from Stripe), email, answers, both PDF documents (summary and full), computed analysis, Blueprint ID, IP address, and Stripe transaction identifiers are stored in Vercel KV. This comprehensive record is retained for up to 2 years.
When you complete a Stack Interview, the full conversation transcript, confirmed tool inventory, utilisation estimates, connection map, and any cost information you choose to share are stored in Vercel KV for 12 months. This data is used to generate your stack map and findings report. It may also be used in anonymised, non-identifiable form to improve the service and develop benchmarking features.
When you use AI-assisted features within the Cockpit (including Ask Blueprint, Explain Alert, and similar), the content of those conversations is stored in Vercel KV for 12 months. This data is used for service improvement and product development. It is not shared with third parties beyond the AI sub-processors listed in Section 5.
When you activate a Cockpit trial or subscribe to Studio:Blueprint Operate, your firm schema data is stored in Vercel KV under your user ID. This includes the data you enter during setup (revenue target, day rate, overhead, billing model) and the data you add over time (client records, pipeline entries, engagement data, flight plan items, and decision ledger entries). Six deterministic scoring engines recalculate your Health Index, Burnout Risk, Pipeline, Runway, and related metrics each time your data changes. This data is retained while your subscription is active and for 90 days after it lapses or your trial expires, after which it is deleted. You can request earlier deletion by contacting us.
When you build a diagnostic using The Forge, Studio:Blueprint stores the diagnostic definition (questions, dimensions, scoring configuration) in Vercel KV under your user ID. When your client completes the diagnostic via your white-label URL, their answers and computed scores are stored in Vercel KV under a run record linked to your user ID and the diagnostic ID. This data is used to generate the client's results, populate their client portal, calculate score delta on repeat completions, and trigger pipeline and alert events in your Cockpit. Your client's data is processed on your behalf. You are responsible for obtaining any consent required from your clients before sending them a diagnostic link.
When you invite a client to their portal, a magic link token is generated and stored in Vercel KV with a 30-day TTL. The client's email address is added to a client email index linked to your firm. Portal session tokens expire automatically after 30 days. Client portal data (scores, recommendations, progress) is derived from existing Forge run records and recommendation records already stored under your account.
Proposal records created in the Proposal Builder are stored in Vercel KV under your user ID. They contain the proposal title, fee, scope, status, expiry date, and a reference to the generated PDF. Engagement records created from accepted proposals are stored in Vercel KV under your user ID. They contain deliverables, time logs, scope changes, health index calculations, and diagnostic baseline data. These records are retained while your subscription is active and for 90 days after it lapses, then deleted.
If you connect an external AI agent to your Cockpit account, an API key is generated and stored in Vercel KV. This key grants read-only access to a structured intelligence summary of your Cockpit data. It does not grant write access to your firm data. You can revoke this key at any time from within the Cockpit, which immediately invalidates agent access. The key and its associated access log are deleted when revoked or when your subscription ends.
When you complete a free diagnostic, purchase a paid report, or activate a Cockpit trial, you are automatically enrolled in a short sequence of product-related follow-up emails. These emails are triggered by your actions within the product and are related to your use of the service -- they are not marketing emails. You can unsubscribe from these emails at any time by clicking the unsubscribe link in any email. Your unsubscribe preference is stored and honoured immediately.
We may use your email address and assessment results to contact you about product features or updates relevant to your diagnostic results. You can opt out of this at any time by contacting us or by using the unsubscribe link in any email. We will not share your data with third parties for their marketing purposes.
We share data with the following third-party processors, solely for the purpose of operating the service:
We do not sell, rent, or trade your personal data to any third party. We do not use your data for advertising purposes.
Under UK GDPR, you have the right to:
To exercise any of these rights, contact Howard Scott via [email protected]. We will respond within 30 days. A DSAR response will include all data held in our systems, including stored assessment records, computed analysis, and any associated PDFs.
The Tool uses Google Tag Manager for basic site analytics and consentmanager for cookie consent management. Session storage is used in the browser to maintain your authenticated session. No advertising cookies or tracking pixels are used. No behavioural profiling is performed.
Our hosting providers (Vercel, Cloudflare), email provider (Resend), payment processor (Stripe), and analytics provider (Google) may process data in the United States. These transfers are protected by Standard Contractual Clauses and the providers' compliance with applicable data protection frameworks.
The Tool is not intended for use by anyone under 18 years of age. We do not knowingly collect data from children.
We may update this policy from time to time. Material changes will be noted on this page with an updated date.
If you are unsatisfied with our handling of your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
Last updated: 1 April 2026