Privacy Policy

Last updated: March 2026

This Privacy Policy explains how PotPlanner ("we", "us", "our") collects, uses, and protects your personal data when you use our website at potplanner.co.uk. We are committed to handling your data responsibly and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

PotPlanner is operated as a sole trader / small business based in the United Kingdom. We are the data controller for the personal data collected through this website.

If you have any questions about how we handle your data, please contact us at: support@potplanner.co.uk

2. What Data We Collect

• Account data: Your email address and a hashed (encrypted) password when you create an account.
• Usage data: Anonymous logs of pages visited and tools used. Email addresses are stored only as a short cryptographic hash and do not identify you personally.
• Contact form data: Your name, email address, and message if you contact us via the contact form.
• Payment data: If you subscribe to a paid plan, payment is processed by Stripe. We do not store your card details.

3. How We Use Your Data

• To provide our service (legal basis: contract) — your email and password are used to authenticate you and give you access to your account.
• To send transactional emails (legal basis: contract) — password reset emails and contact form responses only. We do not send marketing emails without your explicit consent.
• To monitor and improve our service (legal basis: legitimate interests) — anonymous usage logs help us identify errors and improve performance.
• To comply with legal obligations (legal basis: legal obligation) — we may retain certain records as required by law.

4. Cookies

• Session cookie: A strictly necessary cookie that keeps you logged in. Expires when you close your browser or after 1 hour of inactivity.
• Remember me cookie: Set only if you choose to stay logged in. Stored for up to 7 days.
• Cookie consent: Stores your response to our cookie banner in your browser's local storage.

We do not currently use analytics, advertising, or tracking cookies. If this changes we will update this policy and ask for your consent.

5. Data Sharing and Sub-processors

We do not sell, rent, or trade your personal data. We use the following trusted third-party services to operate PotPlanner:

• Neon (neon.tech) — cloud database provider where your account data is stored.
• Render (render.com) — cloud hosting provider where our application runs.
• Resend (resend.com) — transactional email provider used to send password reset and contact form emails.
• Stripe (stripe.com) — payment processor for paid subscriptions. Stripe is PCI-DSS compliant and handles all card data directly.

6. Data Transfers Outside the UK

Some of our sub-processors operate servers outside the UK. Where data is transferred outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions recognised by the UK ICO.

7. Data Retention

• Account data — retained until you delete your account.
• Usage logs — retained for up to 90 days, then deleted.
• Contact form messages — retained for up to 12 months, then deleted.
• Payment records — retained for 7 years as required by UK financial regulations.

When you delete your account via the Settings page, your email address and password hash are permanently deleted from our database immediately.

8. Security

• Passwords are hashed using bcrypt and never stored in plain text.
• All data is transmitted over HTTPS.
• Session cookies are set with HttpOnly and Secure flags.
• CSRF protection is enabled on all forms.

9. Your Rights

Under UK GDPR you have the following rights:

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — update your email address via the Settings page at any time.
• Right to erasure — delete your account and all associated data via the Settings page.
• Right to restrict processing — ask us to stop processing your data in certain circumstances.
• Right to data portability — request your data in a machine-readable format.
• Right to object — object to processing based on legitimate interests.

To exercise any of these rights, please contact us at support@potplanner.co.uk. We will respond within 30 days.

10. Right to Complain

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the UK's data protection regulator:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113

11. Changes to This Policy

We may update this Privacy Policy from time to time. The date at the top of this page shows when it was last updated. If we make significant changes we will notify you by email or by a prominent notice on the website.

12. Contact Us

support@potplanner.co.uk