Privacy Policy for So Next Year Ltd

Last Updated: 07 June 2026

1. Introduction

Welcome to So Next Year Ltd ("we," "our," or "us"). We are committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, share, and protect personal data when you use our website located at https://sonextyear.online (the "Site") and our generative AI design platform (collectively, the "Services").

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, the data controller is So Next Year Ltd, a company registered in England and Wales. Our registered office is at So Next Year Ltd, Brighton, England.

2. Data We Collect

We may collect and process the following types of personal data:

  • Identity & Contact Data: Includes names, usernames, email addresses, and telephone numbers when you register for an account or contact us.

  • Transaction Data: Includes details about payments to and from you and other details of Services you have purchased from us. We do not store full payment card details; these are processed securely by our third-party payment processors.

  • Technical & Usage Data: Includes internet protocol (IP) address, browser type and version, time zone setting, operating system, and information about how you use our Site and Services.

  • Content Data: Includes text prompts, images, parameters, and other input data you provide to be processed by our generative AI engine ("Input"), as well as the resulting design outputs ("Output"). We strictly do not use your Content Data to train our foundational AI models.

3. How We Use Your Data

We use your personal data for the following purposes:

  • To register you as a new customer and manage your private account.

  • To provide, operate, and maintain our Services, including processing your Inputs to generate Outputs.

  • To process payments and manage billing.

  • To improve our Site, Services, and customer relationships.

  • To notify you about changes to our terms or privacy policy.

  • To comply with a legal or regulatory obligation.

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data where we need to perform the contract we are about to enter into or have entered into with you, or where it is necessary for our legitimate business interests.

4. Data Infrastructure, Storage & Backend Access

To provide a secure and scalable platform, we utilize industry-leading third-party cloud infrastructure.

  • Hosting & Databases: Your Identity, Technical, and Content Data are securely hosted, processed, and stored using Netlify (for web hosting) and Google Cloud and Firebase (for secure backend database and storage operations).

  • Strict UI-Only Access: Your access to the platform and your personal data is strictly limited to the provided graphical User Interface (UI). Users are expressly prohibited from attempting to bypass the UI to access, query, manipulate, or interface directly with our underlying databases (including Firebase) or cloud infrastructure.

  • Data Deletion: You retain control over your data. If you delete your account, your personal data and stored assets are scheduled for permanent deletion from our Firebase and Google Cloud databases, subject to standard technical backup retention cycles.

5. Data Sharing and Disclosure

We may share your personal data with the following third parties:

  • Service Providers: Companies who provide IT, system administration, payment processing, and cloud infrastructure services (explicitly including Google Cloud, Firebase, and Netlify) to help us securely run our platform.

  • Professional Advisers: Including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.

  • Legal/Regulatory Authorities: If required by law or if we believe that such action is necessary to comply with a legal obligation or protect the rights, property, or safety of So Next Year Ltd, our users, or others.

6. International Transfers

We may transfer your personal data outside the UK and the European Economic Area (EEA) to our service providers (e.g., our cloud hosting and database providers). Whenever we transfer your personal data out of the UK/EEA, we ensure a similar degree of protection is afforded to it by implementing appropriate safeguards, such as the use of UK International Data Transfer Agreements or standard contractual clauses.

7. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. Access to your personal data is limited to those employees, agents, contractors, and other third parties who have a strict business need to know.

8. Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right to access, correct, erase, object to processing, and request the transfer of your data. If you wish to exercise any of these rights, please contact us.

9. Contact Us

If you have any questions about this Privacy Policy, please contact us at: Email: theboss@sonextyear.online