Last updated 24 April 2026

Privacy Policy

Beyond the GATE is operated by Creative Sauce Ltd, a company registered in England and Wales (Company No. 12582512). We take your privacy seriously and handle all personal data in line with the UK Data Protection Act 2018 and the UK GDPR.

Data we collect

Account data - your email address and name. Used to sign you in and send magic link verification emails.
App data - the goals, affirmations, journal entries, check-ins, habit logs, notes and progress you create inside the app. Stored encrypted at rest in our EU database (Supabase, Frankfurt).
Payment data - handled by Stripe. We store a Stripe customer ID and subscription ID only. We never see or store your card details.
Usage data - anonymised page views via Google Analytics (optional). Never linked back to your identity.

What we don't do

Sell your data. Ever.
Share it with advertisers. There are no ads.
Track you across other websites.
Use your notes or journal entries for anything other than showing them back to you.

Your rights (UK GDPR)

You have the right to:

Access your data - Settings → Export my data gives you a JSON file with everything.
Correct it - update anything in the app directly, or email us.
Delete it - Settings → Delete my account removes your account and cancels any active subscription.
Withdraw consent - Settings → Marketing consent toggle.
Complain to the ICO if you believe we've mishandled your data - ico.org.uk.

Data controller

Creative Sauce Ltd is the data controller. The lead contact for all data protection matters is reachable at hello@creativesauce.io. We'll respond within 30 days (usually much faster).

Cookies

We use a single session cookie to keep you signed in. No third-party tracking cookies. No consent banner needed because no non-essential cookies are set until you opt into analytics.

International transfers

All your app data stays in the EU (Frankfurt). Stripe processes payments in the UK and EU. Brevo sends our transactional emails and is based in the EU. No data leaves the UK/EU jurisdiction.

Breach notification

If we ever experience a personal data breach that affects you, we'll notify you within 72 hours by email and, if material, publish a public statement on this site.

Changes

We'll update this policy if our practices change. The "Last updated" date at the top tells you when. Material changes will be emailed to all account holders.