Confidentiality and Data Terms

Why Marketing · Version 1.0 · June 2026

What this document covers

We treat your financial data as strictly confidential — it is used only to calculate your diagnostic
We protect your data with appropriate technical and organisational measures
You can see exactly who processes your data, where it is stored, and for how long
By proceeding, you give us the basis to process your data and confirm your acceptance of these terms

These terms must be accepted before you enter any financial or commercial data into the diagnostic tool. They form part of your engagement with Why Marketing alongside the Terms of Purchase accepted at checkout.

1. Who this agreement is between

This agreement is between Why Marketing (Alan Edwards, sole trader, trading as Why Marketing) and the company on whose behalf you are completing the diagnostic (the Buyer). By ticking the acceptance checkbox and proceeding, the person completing the diagnostic confirms they are authorised to accept these terms on behalf of the Buyer.

2. Mutual confidentiality

2.1Both parties recognise that confidential information will be shared during this engagement. The Buyer will share commercial and financial data. Why Marketing may share elements of its methodology and diagnostic framework in the process of delivering the report.

2.2Why Marketing agrees to: use the Buyer's financial and commercial data only to calculate the diagnostic results and produce the Capital Efficiency Report; not disclose the Buyer's data to any third party except the sub-processors listed in clause 4 and the Privacy Notice, who process data solely to deliver the service; and not use the Buyer's data for any commercial purpose other than delivering the diagnostic.

2.3The Buyer agrees to: keep Why Marketing's methodology, diagnostic framework, and report structure confidential; not reproduce, share, or resell the diagnostic tool, report format, or methodology without written consent; and use the Capital Efficiency Report for the Buyer's own internal business purposes only.

2.4These confidentiality obligations survive termination or expiry of the engagement for three years.

2.5Confidentiality does not apply to information that is already publicly known, that becomes publicly known through no fault of the receiving party, or that is required to be disclosed by law or regulation.

3. How we use your data

3.1The financial and commercial data you enter into the diagnostic tool is used solely to calculate your CLV:CAC ratio, capital efficiency metrics, and risk assessment, and to generate your Capital Efficiency Report.

3.2Your contact details (name, company, work email) are used to deliver your report, send confirmation communications, and manage your account.

3.3After six months, all identifiable session data is permanently deleted. A strictly anonymised record of your revenue band and ratio metrics only — with no name, company, or absolute financial figures — is retained for sector benchmarking purposes.

3.4We do not sell, rent, or share your data with third parties for marketing or commercial purposes.

4. Sub-processors

To deliver the diagnostic service, your data is processed by the following sub-processors. Each is bound by data processing terms with Why Marketing.

Netlify

Hosting and serverless compute. US-based (AWS us-east-2).

Neon / Netlify DB

Database storage of session records and diagnostic data. US-based (AWS us-east-2).

Stripe

Payment processing only. Does not receive diagnostic data.

Resend

Transactional email. US-based.

Your data is stored in the United States. For UK buyers, transfers are made under the UK-US Data Bridge (UK Extension to the EU-US Data Privacy Framework), but only where the specific sub-processor holds active UK Extension certification — separate from and in addition to base EU-US DPF certification. We verify this periodically at dataprivacyframework.gov. Where any sub-processor is not UK Extension certified, the IDTA or Standard Contractual Clauses with a UK Addendum applies. For EU buyers, we rely on the EU-US Data Privacy Framework and Standard Contractual Clauses as applicable. We maintain a transfer record and keep IDTA and SCCs as a fallback should any certification lapse. Full details are in our Privacy Notice.

5. Your data rights

You may request access to, correction of, or deletion of your personal data at any time by contacting alan@why-marketing.com. We will respond within one calendar month. Your full rights are set out in our Privacy Notice.

6. Security

We apply appropriate technical and organisational measures to protect your data, including HTTPS encryption throughout, database credentials stored as secret environment variables, and session access controlled by unguessable random tokens. Your diagnostic inputs are computed in your browser and are only transmitted to our servers when you proceed to checkout.

7. Acceptance

By ticking the acceptance checkbox and proceeding, the Buyer accepts these Confidentiality and Data Terms. Acceptance is recorded with the date, time, and version number of this document.

Why Marketing · commercial logic applied · Confidentiality and Data Terms · Version 1.0 · June 2026