Privacy Notice.
1. PURPOSE AND SCOPE
The Foundry Visionmongers Ltd and its group companies (“Foundry”, “we”, “us”) are committed to protecting Personal Data and the Processing of such data, in accordance with Applicable Data Protection Laws.
This privacy notice (this “Privacy Notice”) applies to our Website (as defined below), and to all products and services offered by Foundry, whether provided on a software as a service (“SaaS”) basis, on-premises, or otherwise.
If you are a California resident, please see the “California Privacy Addendum” of this Notice for additional information about your rights under California law.
When you engage with us via our Website or through our marketing activities, and when you buy or use our products and services we will collect certain information that can be used to identify you.
We collect and use information about you in order to manage our relationship with you, to fulfil our legal duties and to operate our business and develop our products and services. We recognise that we have a duty to ensure that we are open and transparent with you and that we enable you to exercise your choices and preferences in relation to that data quickly and easily.
When we process your Personal Data for these purposes, Foundry is a “Controller”. This means that we are responsible for deciding how we hold and use Personal Data about you. This Privacy Notice (the “Notice”) explains how Foundry generally collects, stores, uses, retains and shares your Personal Data. It also explains which Personal Data we collect and for what purpose. It also lists what rights you have as an individual, and who you should get in touch with if you have questions or concerns.
Our Website and services are not directed at or intended for use by minors under the age of 18. We do not knowingly collect Personal Data from minors under the age of 13 (or the applicable age of digital consent in your jurisdiction). If we become aware that we have inadvertently collected Personal Data from a child under 13, we will promptly delete such information in compliance with the Children's Online Privacy Protection Act (COPPA) and other applicable laws.
2. ROLES AND RESPONSIBILITIES
Foundry’s Cyber Committee (the “Committee”) has overall responsibility for ensuring compliance with Applicable Data Protection Laws and with this Privacy Notice.
If this Privacy Notice does not answer your questions, or if you consider that we have not followed this Privacy Notice in respect of your Personal Data, then you can get in touch with the Committee by contacting Foundry’s General Counsel by phone, email or post and we will be happy to help.
How to contact us:
Phone
+44 (0)20 7479 4350
Email
privacyrights@foundry.com
Address
The General Counsel The Foundry Visionmongers Ltd. 5 Golden Square London W1F 9HT United Kingdom
3. DEFINITIONS
In this Privacy Notice the terms set out below have the following meanings:
Applicable Data Protection Laws means, all applicable data protection, privacy, and data security laws and regulations to which Foundry or the relevant processing activity is subject, including (where applicable) the UK GDPR, the EU GDPR, the UK Data Protection Act 2018, the California Consumer Privacy Act as amended by the California Privacy Rights Act, and other U.S. federal or state privacy laws, together with any implementing legislation, regulations, statutory instruments, regulatory guidance, or successor laws that amend, replace, or supersede the foregoing.
Data Subjects means a living, identified or identifiable individual about whom we hold Personal Data. Data Subjects may be nationals or residents of any country and may have legal rights regarding their Personal Data.
EEA means the European Economic Area.
EU GDPR means the General Data Protection Regulation (EU) 2016/679.
Personal Data means any information relating to an identified or identifiable natural person, including “Sensitive Personal Information” or equivalent categories as defined under Applicable Data Protection Laws. In this Privacy Notice, our use of the term “Personal Data” includes other similar terms under Applicable Laws, such as “Personal Information”.
Processing means any activity that involves use of the data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring Personal Data to third parties.
UK GDPR means the retained EU law version of the EU GDPR as defined in the Data Protection Act 2018.
Website means our website at www.foundry.com, and any other websites or online platforms that are owned, controlled or operated by Foundry.
4. THE PERSONAL DATA WE COLLECT
We collect Personal Data over the course of our relationship with you when you use our Website, when you interact with us directly or via our marketing, and when you purchase and/or use our products or services.
We collect the following main types of Personal Data when we carry out these activities:
• Contact details: information that allows us to contact you directly such as your name, job title, the company you represent, email address, telephone number and billing and shipping addresses associated with your account.
•Identity documentation: information that allows us to conduct “Know Your Customer” (“KYC”) verifications, sanctions screening, and other legally required compliance checks, such as identity and proof of address documentation.
• Payment information: credit/debit card details, bank account details and any other information you provide to make payment for the products and services you purchase from us.
• Purchase and account history: when you arrange trials or purchase products or services from us, we keep records relating to those orders.
• Records of your discussions with our teams: when you share comments and opinions with us, ask us questions including via our support chatbot or on a call or meeting with us, or make a complaint, we will keep a record of this. This includes when you send us emails, interact with us on a call or meeting, on social media or contact our support desk.
• How you use our Website: when you use our Website, we collect information about where you are visiting from, your interests, the pages you look at and how you use them.
• Website security: when you register with our Website, we store your account details and password. When you buy products or submit forms via our Website, we keep records of your acceptance of our end user license agreements and privacy notices.
• Advertising and direct marketing: through our social media, marketing events, advertisements and direct marketing, we collect information about your interests, how you respond to, or interact with, any marketing or advertising communications directed to you, and any requests for these communications to stop.
• Product usage: when you use our products, we collect information about how and when you make use of them, your license, your email domain name, your computer equipment and network environment including information about the location of that equipment and whether you make use of any of our other products or services on your computer.
• Exercising your rights: if you exercise any of your statutory rights under Applicable Data Protection laws, we will keep a record of this and how we respond.
• Account information: we keep copies of the emails you send us and we create identification numbers that allow us to link your account status with your order history, product licenses and payments.
• AI prompt and input data: in certain circumstances we may have visibility of text prompts, instructions, files, images, metadata, and other content submitted to any AI models or tools, integrated with Foundry’s products and services.
• Product Telemetry: information relating to which third party artificial intelligence models (made available through Foundry’s products and services) are selected and used.
• Deployment and configuration data: where applicable, technical and infrastructure information relating to SaaS or on-premises installations.
5. WHAT WE USE YOUR PERSONAL DATA FOR AND WHY
We process these items of your Personal Data to enter into or fulfil contracts for the purchase, licensing and support of our products. Where our contract is with you, we process your Personal Data because it is necessary to fulfill the contract we have with you. Where the contract is with the company you represent, we process your Personal Data because it is in our legitimate interests to fulfill the contract with that company.
| Reason or purpose | Personal Data used |
|---|---|
| Provide you with our products and services and maintain your account |
|
| Maintain your account(s) on the Website |
|
| Billing, taking payment for our products and services and performing debt collection |
|
| Respond to requests and provide support and maintenance for our products |
|
| Respond to product support requests |
|
| Verify your eligibility for student / education licences |
|
| Record and transcribe calls or meetings to improve our service and train internal systems |
|
Where we process your Personal Data because we have a legitimate interest
We process these items of your Personal Data because we have a legitimate interest to improve our service to you, to identify new products you might be interested in, to advertise our products and services to you, to verify licensed usage of our products, to detect and reduce abuse by pirates, and to assist us in complying with sanctions laws:
| Reason or purpose | Personal Data used | Our specific legitimate interest |
|---|---|---|
| Determine products and services that may be of interest to you |
|
|
| Direct marketing via email and phone. If, at any time, tell us that you do not wish to receive direct marketing then we will not send you direct marketing materials. |
|
|
| Maintain and improve our products and services and provide internal training to staff to improve customer experience |
|
|
| Verify licensed product usage and to detect and reduce abuse by pirates |
|
|
| To ensure that you are not listed on any governmental restricted, blocked, denied, sanctioned or barred persons lists |
|
|
| To record and transcribe calls or meetings to improve our service and train internal systems |
|
|
| Use of AI systems and agentic tools |
|
|
Please note, where we use AI systems, including agentic AI tools, to support internal operations, such systems operate under Foundry’s control and are subject to appropriate technical and organisational safeguards. We implement meaningful human review and oversight in connection with their use. We instruct our personnel to apply data minimisation principles and to limit the Personal Data shared with such systems to what is necessary for the relevant purpose.
Where we process your Personal Data because we are under a legal obligation to do so under applicable law
| Reason or purpose | Personal data used |
|---|---|
| Respond to your statutory rights | Depending on the nature of your rights and request, any one or more of these category may be used:
|
We process the following types of information that may not be Personal Data on its own but may become Personal Data when combined with other information we hold. We process this for the legitimate interest of preventing and detecting piracy of our software.
To prevent and detect piracy of our software, we process certain information that we do not consider to be your Personal Data alone but which may become your Personal Data when it is combined with other information we collect. The information we process includes the IP address and MAC address of your computer equipment; the MAC address of WiFi access points that are in range of your computer equipment; the email domain of the owner of your computer equipment; and an approximate location for your computer equipment. We also share the MAC addresses of nearby WiFi access points with Google who will then process this information and provide us with an approximate location for your equipment.
Where we process your Personal Data so you can’t be identified any more
We may anonymise and aggregate any of the Personal Data we hold (so that it does not identify you). We may use anonymised and aggregated information for purposes that include testing our IT systems, research, data analysis, improving our Website, developing new products and services or improving our existing portfolio.
Use of AI Models within our products and services
When you use any of our products and/or services that integrate with third-party artificial intelligence models, prompts, input data and related metadata may be transmitted to such third party third party artificial intelligence model providers selected by you, in order to generate outputs. Those providers process data in accordance with their own terms and privacy policies. Foundry does not sell prompt or output data and does not use prompts submitted through our products and/or services for targeted advertising purposes. Foundry does not use AI systems to make automated decisions about individuals that produce legal or similarly significant effects.
6. SOURCES WE COLLECT YOUR PERSONAL DATA FROM
We collect Personal Data from a range of different sources but primarily directly from you. We collect Personal Data by the following means:
• Directly from you: when you set up an account with us, email us, purchase products or services from us, submit information via our Website, complete any forms or surveys we provide to you, request product trials, enter competitions or prize draws, use our products and services, raise queries, make a complaint, submit support requests, attend a call or meeting with us, contact us by phone, email or communicate with us directly in some other way.
• Our Website & products: when you create an account on one of our Website and when you use or visit the Website or download or use our products.
• Publicly available sources: we make use of public records including your company website, industry publications, industry news Website, LinkedIn and professional listings.
• Government, public authorities and regulators: may provide us with information about you where they are required to do so by law or where you have contacted them.
• Google: Google may provide us with information about the location of equipment on which our software has been downloaded.
• IT usage analytics providers: We may use IT usage analytics providers to provide us with further information in relation to unlicensed usage of our software.
• Sanctions screening providers: We use companies to check that customers are not on any government ‘denied persons’ or similar lists.
7. WHO WE SHARE YOUR PERSONAL DATA WITH
In certain circumstances, we will share your Personal Data with third parties. in a manner consistent with this Privacy Notice and any other agreement we have with you. You may have the right to exercise your rights in accordance with Section 11 and Schedule 1 of this Privacy Notice. The main third parties we may share your Personal Data with are:
| Who | Examples of Sharing |
|---|---|
| Approved Resellers | If you are located in a region where we have an approved reseller of our products and: (a) you have previously purchased our products via an approved reseller; (b) we believe your needs are better served by dealing with a local approved reseller; or (c) we believe you are pirating our software, then we may pass your contact details and your purchase and account history to that authorised reseller. In addition, we may provide details of your product usage if we believe that you are pirating our software. We will not share your contact details with a reseller in a different region to you. |
| Payment agents | If you pay us via debit or credit card, via PayPal or another third party payment service then we will share details with the relevant payment agent so that they can process the transaction. |
| Debt collection agencies, lawyers, resellers of our software and enforcement bodies | If you have an overdue debt which is owing to us, if we believe that you are using pirated version(s) of our products or if we believe that you have breached our agreement(s), we may pass your details to local our software resellers, local debt collection agencies, enforcement bodies or lawyers. |
| The government or regulators | Where we are required to do so by law or to assist them with their investigations or initiatives, including, in the UK, the Information Commissioner’s Office. |
| Police and law enforcement | To assist with the investigation and prevention of crime, including software piracy. |
| IT and cloud service providers, support teams and advisors | We use IT systems and cloud platforms for our everyday business functions including email, financial management, data storage and customer account records. We also engage third parties to support our systems and help us deliver services to you, and to help detect and prevent piracy of our software and to support the operation and analyse the usage of our Website. |
| Purchasers and sellers of businesses and their professional advisors | If we sell or buy any business or assets, or the shareholders in our corporate group decide to sell any shares, we may disclose your Personal Data to the prospective seller or buyer of such business, assets or shares and its professional advisors. |
| AI-powered Assistive Technologies | These refer to a broad category of artificial intelligence (AI) tools that provide predictive, generative or analytical capabilities. We use such tools to help increase our productivity and efficiency and to help manage risk in a consistent manner. Examples of such tools are Google Gemini and Apple Intelligence. Occasionally, such tools may be integrated with services provided by cloud services providers. |
We do not buy any marketing lists from external providers, nor do we sell your information to any other company or entity.
Our Website may, from time to time, contain links to and from third-party websites, including links to partner networks, advertisers, affiliates, or other third parties. In addition, our content sharing platform at https://community.foundry.com/share may display content hosted by third-parties or uploaded by users. When you click on such third-party content, you will be redirected to those third-party websites to download the content (if you choose to do so). If you follow a link to any third-party website or are redirected to a third-party website (from our content sharing platform or otherwise from our Website), please note that these third-party websites and any services that may be accessible through them have their own privacy policies and practices. We do not control and do not accept any responsibility or liability for these policies or for any Personal Data that may be collected through these third-party websites or services.
8. TRANSFERRING YOUR DATA INTERNATIONALLY
If you live in a country in the UK and/or EEA, the data that we collect from you may be transferred to, and stored at, a destination outside the UK and/or EEA (including to other affiliates of the Roper Group in the US). It may also be processed by staff operating outside the UK and/or EEA who work for us or for one of our suppliers.
To ensure that your Personal Data is secure, we will only transfer information to a country outside of the UK and/or EEA where we do so in accordance with the Applicable Data Protection Laws. This requires that one of the following conditions apply:
• the European commission or the UK government has decided that the country to which we transfer the Personal Data provides an adequate level of protection for your Personal Data;
• appropriate safeguards are in place such as binding corporate rules, standard contractual clauses approved by the European Commission and/or the UK International Data Transfer Agreement (“IDTA”) or UK Addendum, as applicable, or an approved code of conduct or a certification mechanism is in place;
• you have provided explicit consent to the proposed transfer after being informed of any potential risks; or
•the transfer is based on an exemption from the GDPR and UK GDPR restrictions on transferring Personal Data outside of the EEA or the UK as applicable.
Foundry and the Roper Group have executed Standard Contractual Clauses, as approved by the European Commission and/or by the United Kingdom’s Information Commissioners’ Office. These clauses permit us (or the Roper Group) to transfer data from the EEA and the UK to third countries, including the United States. Regardless, in all events, we shall apply the provisions of this Privacy Notice to your Personal Data wherever it is located.
9. AUTOMATED DECISION MAKING AND PROFILING
Automated decision making happens when a computer uses Personal Data to make decisions about a person without any human intervention which have legal effects or similarly significant effects for the person. We do not engage in automated decision making that produces legal effects or similarly significant effects about individuals.
Profiling happens when a computer system uses Personal Data to evaluate a person’s characteristics. We undertake profiling in the following areas of our business:
| Purpose of Profiling | Logic Used | Potential Consequences for You |
|---|---|---|
| To understand your preferences | We collect and combine Personal Data, including your purchase and account history and how you use Website, to better understand your buying habits and your product interests. | The combined data helps our Sales team determine which products and services we should bring to your attention |
| To prevent piracy of our software | We analyse mismatches between product usage and account information to identify unlicensed use of our products and services. | Our License Compliance team team may investigate the mismatch and determine whether or not to pursue unlicensed users. |
10. HOW LONG WE KEEP YOUR DATA
We will keep your Personal Data for as long as necessary in order to achieve the purpose of data Processing plus, where necessary, an extended period to cover statutory limitation periods.
11. YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA
Under certain circumstances, you may have the following rights in relation to your Personal Data:
• The right of access to your Personal Data: This enables you to receive a copy of the Personal Information we hold about you and check that we are lawfully processing it.
• The right to have your Personal Data rectified: This enables you to have any incomplete or inaccurate information we hold about you corrected.
• The right to deletion of your Personal Data: This enables you to ask us to delete or remove Personal Information where there is no good reason for us continuing to process it, you withdraw your consent, we are unlawfully holding your Personal Data or we should erase your Personal Data to comply with Applicable Data Protection laws. You also have the right to ask us to delete or remove your Personal Information where you have exercised your right to object to processing (see below).
• The right to object to processing of your Personal Data your particular situation which makes you want to object to processing on this ground. You also have the right to object to us processing your Personal Data where we are processing your Personal Information for profiling and/or for direct marketing purposes.
• The right to restriction of processing of your Personal Data: This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or stop us deleting Personal Data which you need for a legal claim.
• The right to have your data transferred to another services provider: This enables you to have the Personal Data you have provided us to be transferred to another party.
• Withdraw your consent to the Processing of your Personal Data (to the extent we base Processing on consent and not on another lawful basis).
You may exercise your rights, to the extent applicable, by submitting a request via our Privacy Rights Request webpage available through the “Do Not Sell/Share My Personal Information” link in the footer of our Website, or by contacting us via post to the address: The Foundry Visionmongers Ltd, 5 Golden Square, London, W1F 9HT, United Kingdom (RE: Privacy Rights), providing sufficient information for us to identify you and your Personal Data in each case. We will respond within the time period required by applicable law. We will always aim to help you when you wish to exercise your rights but in some instances we may have lawful grounds to reject your request depending on the legal reason why we collected your Personal Data.
12. COOKIES AND TRACKING TECHNOLOGIES
Cookies are very small text files that are stored on your computer device when you use it to visit many websites. For more information on the types of cookies we place on your computer, how they are used and how long they remain as well as how to control them, please read our Cookies Policy at https://www.foundry.com/cookie-policy.
13. CHANGES TO THIS PRIVACY NOTICE
This Privacy Notice has been updated in March 2025. We reserve the right to amend our Notice and any changes we may make in the future will be posted on this page.
This Privacy Notice will be reviewed and updated on an annual basis to comply with applicable new requirements, regulations, insights, strategies, processes or technologies. We recommend that you check for updates to this Privacy Notice from time to time but we will notify you directly about changes to this Privacy Notice or the way we use your Personal Data when we are legally required to do so.
14. CONTACT AND COMPLAINTS
Questions, comments and requests regarding this Privacy Notice are welcomed and may be sent to privacyrights@foundry.com.
If you do not agree with a decision or you wish to make a complaint, you can lodge a complaint with a data protection supervisory authority in your region. The data protection supervisory authority for the UK using its contact details on its website https://ico.org.uk/.
California residents - If you have any questions or concerns regarding our use of your Personal Information, or if you wish to exercise any of your rights under CCPA, please contact us submitting a request via our Privacy Rights Request webpage available through the “Do Not Sell/Share My Personal Information” link in the footer of our Website, or by emailing privacyrights@foundry.com, or by contacting us via post to the address: The Foundry Visionmongers Ltd, 5 Golden Square, London, W1F 9HT, United Kingdom (RE: Privacy Rights).
California Privacy Addendum
This California Privacy Addendum (“Addendum”) supplements the Foundry Privacy Notice and applies solely to California residents pursuant to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, the “CCPA”).
This Addendum is intended to address applicable U.S. state privacy law requirements where such laws apply to Foundry.
This Addendum describes our collection, use, disclosure, and retention of Personal Information of California residents and explains the rights available under California law.
CATEGORIES OF PERSONAL INFORMATION COLLECTED
The Peronal Information that we collect, or have collected from consumers in the twelve months prior to the effective date of this Disclosure, fall into the following categories established by the CCPA:
- identifiers (e.g., name, address, phone number, IP address);
- protected classifications (e.g., age, gender, gender identity);
- financial and commercial information (e.g., credit card numbers, purchase history);
- internet or other online activity information;
- geolocation data (e.g., computer/device location);
- professional/educational information;
- Content submitted through our products and services, including prompts, inputs, and AI generated outputs, where such content relates to an identifiable individual, and
- inferences drawn from any of the above.
Sensitive Personal Information
We may collect certain categories of sensitive Personal Information, including account login credentials, payment account details, and identity verification documentation. We use sensitive Personal Information only for purposes permitted under the CCPA such as security, fraud prevention, identity verification, contractual performance, and compliance with legal obligations. We do not use sensitive Personal Information to infer characteristics about consumers.
Sources of Personal Information
We collect Personal Information directly from you, automatically through your interaction with our Website, products and services, from service providers and business partners, and from publicly available sources, as further described in the Privacy Notice.
Categories of Personal Information disclosed for a business purpose. In the 12 months prior to the effective date of this Disclosure, we have disclosed to the third parties identified in the “Who We Share Your Personal Data With” section of the Privacy Notice above Personal Information that falls into the following categories established by the California Consumer Privacy Act:
- identifiers;
- protected classifications; ;
- financial and commercial information; ;
- internet or other online activity information; ;
- geolocation data;
- Content submitted through our products and services, including prompts, inputs, and AI generated outputs (where applicable), and
- professional/educational information.;
Retention of Personal information
We retain Personal Information for as long as reasonably necessary to fulfill the purposes described in the Privacy Notice, including to satisfy legal, regulatory, accounting, or reporting requirements, resolve disputes, and enforce our agreements.
We do not use Personal Information for purposes that are materially different, unrelated, or incompatible with those described in the Privacy Notice without providing additional notice as required by law.
CALIFORNIA PRIVACY RIGHTS
California residents have the following rights:
○ The right to know what Personal Information we collect, use, disclose, share, or sell;
○ The right to request access to and receive a copy of Personal Information we have collected about you;
○ The right to request deletion of Personal Information we have collected from you, subject to certain exceptions;
○ The right to request correction of inaccurate Personal Information;
○ The right to opt out of the sale or sharing of Personal Information (where applicable);
○ The right to limit the use and disclosure of sensitive Personal Information (where applicable); and
○ The right not to be discriminated against for exercising your privacy rights.Foundry does not use Personal Information to engage in automated decision-making that produces legal or similarly significant decisions about individuals.
To exercise any of these rights, you may submit a request via our Privacy Rights Request webpage available through the “Do Not Sell/Share My Personal Information” link in the footer of our Website, or by emailing privacyrights@foundry.com, or by contacting us via post to the address: The Foundry Visionmongers Ltd, 5 Golden Square, London, W1F 9HT, United Kingdom (RE: Privacy Rights). We will take reasonable steps to verify your identity before processing your request. You may designate an authorised agent to submit a request on your behalf. Where an authorised agent submits a request, we may require verification of the agent’s authority and your identity in accordance with applicable law. We will respond to your request within the time period required by applicable law.
Your rights under California’s Shine The Light Act (Cal. Civ. Code § 1798.83)
We do not disclose Personal Information to third parties for their direct marketing purposes.
NO SALE OF PERSONAL INFORMATION
We do not sell Personal Information.
We may share certain online identifiers or internet activity information with analytics or advertising providers in a manner that may constitute “sharing” under California law. Where required, such technologies are deployed only after a user provides consent through our cookie preference banner.
California residents have the right to opt out of the sale or sharing of Personal Information. You may exercise this right by adjusting your cookie preferences on our Website or by contacting us as described herein.
We recognize Global Privacy Control (GPC) signals where required by California law.
Last updated: March 2026