Back to home

Privacy Policy

Last updated: May 2026

1. Who we are

EonCollabo is operated by EonCanvas Ltd, a company registered in England and Wales. We are committed to protecting your personal data and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Contact us at: info@eoncanvas.co.uk

2. What data we collect

  • Account information — name, email address, password (hashed)
  • Profile information — bio, location, skills (optional)
  • Content you create — problems, ideas, community posts
  • Usage data — pages visited, features used, timestamps
  • IP address and user agent (for security and audit purposes)
  • Consent records — what you have agreed to and when

3. How we use your data

  • To provide and improve the EonCollabo platform
  • To authenticate your identity and secure your account
  • To process ideas through our StageGate innovation workflow
  • To generate AI-powered scoring and recommendations
  • To maintain audit logs for compliance and security
  • To send you notifications you have consented to receive

4. Legal basis for processing

  • Contract — processing necessary to provide the service you signed up for
  • Consent — for optional communications and analytics
  • Legitimate interests — for security, fraud prevention, and platform improvement
  • Legal obligation — for audit logs and compliance requirements

5. Your rights under UK GDPR

  • Right to access — request a copy of your personal data
  • Right to erasure — request deletion of your data
  • Right to portability — receive your data in a machine-readable format
  • Right to rectification — correct inaccurate data
  • Right to object — object to processing based on legitimate interests
  • Right to restrict processing — limit how we use your data

To exercise any of these rights, visit your Privacy settings or contact us at info@eoncanvas.co.uk. We will respond within 30 days.

6. Data retention

We retain your personal data for as long as your account is active. If you request deletion, we will remove your personal data within 30 days, except where we are required to retain it by law or for legitimate business purposes such as fraud prevention.

7. Data storage and security

Your data is stored securely on Supabase infrastructure within the European Economic Area. We use encryption in transit (TLS) and at rest, role-based access controls, and regular security reviews.

8. Third parties

  • Supabase — database and authentication infrastructure
  • Anthropic — AI-powered idea scoring (anonymised content only)
  • Resend — email delivery service
  • Cloudflare — hosting and content delivery

We do not sell your personal data to third parties.

9. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

10. Changes to this policy

We may update this policy from time to time. We will notify you of significant changes by email or through the platform.