FCOS Master GPT Actions Privacy Notice

Effective date: 5 April 2026

This Privacy Notice applies specifically to the FCOS Master GPT when it uses Actions to call FCOS backend services from ChatGPT. It is a supplement to the main FCOS Privacy Policy. If there is any conflict between this notice and the broader platform policy, this notice governs the FCOS Master GPT Actions flow.

In scope: action-enabled use of the FCOS Master GPT through ChatGPT, including calls to FCOS endpoints for menu discovery, operation execution, file shipping, verification, founder-decision recording, and related governed platform actions.

1. Who operates this GPT action service

FCOS Think Tank ("FCOS", "we", "us", or "our") operates the FCOS Master GPT action service. The canonical FCOS action and backend surface is served from api.fcosthinktank.uk.

For the purposes of UK data protection law, FCOS Think Tank is the data controller for personal data we process through the FCOS Master GPT action service.

2. What data may be sent when you use Actions

When you use the FCOS Master GPT and it invokes an Action, the following categories of data may be sent to FCOS systems as part of the request:

your action-triggering prompt or the relevant part of it
operation parameters such as systemKey, operationKey, file paths, URLs, IDs, and bounded payload fields
content you explicitly ask FCOS to inspect, write, transform, publish, or verify
technical request metadata needed to process the call, such as timestamps, request context, and service logs

We aim to process only the minimum data needed to fulfil the requested FCOS action.

3. What FCOS uses this data for

To execute your requested action. For example: discover FCOS menus, inspect files, run governed build operations, ship files, verify outputs, or record a founder decision.
To maintain platform safety and governance. For example: validate inputs, log execution status, detect misuse, and preserve proof for material operations where appropriate.
To operate and improve reliability. For example: diagnose failures, monitor runtime health, and reduce schema drift between live backend truth and GPT action surfaces.
To comply with legal obligations. Where disclosure, retention, or incident handling is required by law.

4. What FCOS does not do

We do not sell your personal data.
We do not use FCOS Master GPT action data for advertising.
We do not use your FCOS action inputs to train FCOS-owned AI models.
We do not knowingly share your GPT action data with unrelated third parties.

5. Third-party processing

The FCOS Master GPT runs within ChatGPT, which is operated by OpenAI. Your use of ChatGPT and GPTs is also subject to OpenAI's own terms and privacy practices.

FCOS may also use selected third-party providers where relevant to the action you requested, such as infrastructure and AI-processing providers. Where FCOS sends data onward, we aim to send only the minimum necessary for the requested operation.

OpenAI / ChatGPT — provides the GPT environment in which the FCOS Master GPT runs
AI providers integrated by FCOS where relevant — may process specific content only when required to fulfil an FCOS workflow you actively trigger
Hosting / infrastructure providers — support secure operation of FCOS backend and product surfaces

6. Storage and retention

FCOS uses a hybrid storage model across live application data, published files, compatibility layers, and runtime artifacts. For the FCOS Master GPT Actions flow, relevant data may be stored in logs, published files, backend records, or verification artifacts where needed to operate the system or preserve execution proof.

We retain data only for as long as reasonably necessary to provide the service, preserve required proof or audit history, maintain security, resolve disputes, or meet legal obligations. Different FCOS surfaces may have different retention periods depending on the nature of the action and the storage layer involved.

7. Sensitive content and user responsibility

Please do not send highly sensitive personal data, secrets, payment card data, medical records, or other confidential information through the FCOS Master GPT unless that use is clearly required and intentionally supported by the workflow.

If you ask FCOS to inspect, write, publish, or verify content, you are responsible for ensuring that you have the right to provide that content and request that action.

8. Security

We use reasonable technical and organisational measures to protect data handled through FCOS Actions, including HTTPS/TLS for encrypted transport, restricted service access, and governed execution paths for sensitive or material operations.

No system can guarantee absolute security, but FCOS is designed to minimise drift, preserve runtime truth, and reduce unsafe or unauthorised action execution.

9. Your rights

If you are covered by UK GDPR or other applicable privacy laws, you may have rights including access, rectification, erasure, restriction, objection, and data portability, subject to lawful exceptions.

To make a privacy request, contact support@fcosthinktank.co.uk. We may need to verify your identity before actioning the request.

10. Changes to this notice

We may update this notice to reflect changes to FCOS architecture, action flows, backend services, legal obligations, or operational practice. When we make material changes, we will update the effective date on this page and, where appropriate, update linked GPT or FCOS documentation.

11. Contact

Email: support@fcosthinktank.co.uk
FCOS backend: api.fcosthinktank.uk
Main platform policy: FCOS Privacy Policy

FCOS Think Tank — Founder Clarity Operating System. This GPT-specific privacy notice supplements the broader FCOS platform privacy policy.