Privacy Policy

Who we are

The data controller is Nathaniel Mason, trading as Figplate.

Figplate is based in the United Kingdom. For privacy questions or requests, email privacy@figplate.com.

What we collect

• Your email address.
• Waitlist records such as signup source, confirmation status, and timestamps.
• Security and verification data such as token hashes, Turnstile response tokens, and anti-abuse signals linked to a submission.
• Technical data needed to run and protect the site, such as IP-related request data, browser or device context, and rate-limit events.
• Any information you send in a privacy or support enquiry.

Why we use it

• To run the waitlist, verify signups, and manage resend requests.
• To send launch and product updates if you ask to receive them.
• To protect the site and forms from spam, bots, and abuse.
• To respond to privacy, support, and legal enquiries.

Who we share it with

We use service providers only where needed to run the site and waitlist:

• Cloudflare for site delivery, security features, and Turnstile bot protection.
• Supabase for database and related backend infrastructure used to store waitlist records.
• Resend for transactional waitlist verification emails when email sending is enabled in production.

We may also disclose information if needed to protect our rights, investigate abuse, or comply with the law.

International transfers

Some of the providers we use may process personal data outside the UK. Where that happens, we rely on appropriate legal safeguards, such as adequacy decisions or contractual transfer protections.

How long we keep it

• Waitlist records are kept for as long as needed to operate the pre-launch waitlist, send updates, and maintain unsubscribe or suppression records where needed.
• Verification data is kept only as long as needed for signup, resend, and expiry handling. Raw verification tokens are not stored.
• Security and anti-abuse data is kept for short rolling periods. Current rate-limit bucket cleanup is designed around stale bucket deletion after 72 hours.
• Privacy or support correspondence is kept for as long as needed to resolve it.

Cookies and similar technologies

The launch site is not currently set up to run optional analytics or advertising cookies. The waitlist flow does use security technology, including Cloudflare Turnstile, to help distinguish real users from bots and protect the form from abuse.

When data is required

If you want to join the waitlist, you need to provide an email address and complete the required verification and anti-abuse checks. Without that, we may not be able to process your request.

Automated decisions

We use automated checks such as bot detection and rate limiting to protect the site, but we do not use your personal data for solely automated decisions that produce legal or similarly significant effects about you.

Your rights

Depending on where you are located and the applicable law, you may have the right to request access to your personal data, rectification, erasure, restriction, objection, portability, and withdrawal of consent.

You can exercise privacy rights or ask questions by emailing privacy@figplate.com.

Complaints

If you are in the UK, you can complain to the Information Commissioner's Office (ICO) if you believe your data has been handled unlawfully. If you are in the EEA, you may also have the right to complain to your local supervisory authority.

Changes to this notice

We may update this privacy notice as Figplate develops, including if we add new services, change providers, or form a separate legal entity. When we make material changes, we will update the “Last updated” date on this page.