Privacy policy

This policy explains what we collect, why, and how long we keep it. For a plain-English summary and how to delete your data, see Your data.

What we collect

• Your answers to the self-assessment questions.
• Your email address (only if you purchase a report).
• Your postcode (we use the full postcode to pick the right council, and only store the outcode after lookup).
• Standard request metadata (IP address, user agent) in server logs for 14 days.

Legal basis

Contract (to deliver the report you paid for) and legitimate interest (to prevent abuse and improve rules).

Retention

Reports and answers are retained for 12 months, then hard-deleted. Abandoned drafts are deleted after 7 days. You can request deletion at any time — see Your data.

Third parties

We use Stripe (payments), Resend (transactional email), Supabase (data storage), Vercel (hosting), and postcodes.io (postcode → council lookup). None of these have access to more data than is strictly needed.

Your rights

Under UK GDPR you have rights to access, correct, delete, and export your data. Contact kasdena.contact@gmail.com.