Privacy Policy

1. Introduction

This privacy policy is provided by Planiit Ltd, a company registered in England with company number 15476338, whose registered address is Planiit Ltd, Suite Flux Studios, 12 Old Railway Close, Lechlade, GL7 3FR ("we", "us", "our").

As part of our business, particularly providing our Planiit web application (the "App"), we collect personal details about users of the App, including event organisers who create events on the App, and event guests, who participate in or make payments to events on the App (we refer collectively to such individuals in this policy as "you" or "your").

Under UK data protection law, we have certain legal responsibilities about how we collect, use, protect and share your personal information. If you have any questions about how we use your personal information or any other questions about this privacy policy, please contact us using the details set out in section 11 below.

This policy explains our privacy practices in relation to how the App is used, and covers the following:

1. Who this privacy policy applies to
2. What personal information is collected and used on the App
3. Sources of personal information
4. How we use your personal information
5. Parties who we share your personal information with
6. How long we retain your personal information
7. Where your personal information is stored
8. How we legally justify using your personal information
9. Your legal rights in relation to your personal information
10. Other relevant information, including how to contact us

2. Who this privacy policy applies to

This privacy policy applies to details that we collect and use about people who register for and use our App ("Organisers") and also to people who participate in or make payments to events created on the App ("Guests").

3. What personal information is collected and used on the App

3.1 Information that we collect

• Registration - The personal information that we collect from Organisers when they initially register to use the App will consist of the following: their name, email address, password, and date of birth.
• Guests - We receive the name and email address of a Guest when they make a payment or RSVP to an event via the App.
• Support - If an Organiser or Guest contacts us with a support query, we may collect further limited information about them, for instance, their telephone number.
• Payments - When an Organiser or Guest makes payments on the App, we see summaries of the transactions once they have taken place, including the use of Gift Pot funds to purchase gift cards. This includes the amount of funds used and the selected gift card provider, but we do not store full payment details, which are handled securely by our payment processor, Stripe.
• Event Information - We collect and store information related to events created on the App, including event details, guest lists, RSVPs, and gift preferences.
• Gift Card Redemption - When Hosts redeem their Gift Pot funds to purchase gift cards, we collect information about the selected gift card, the value redeemed, and the date of redemption. This information is shared with our third-party gift card provider to fulfill your request. We do not store or process sensitive payment details related to the issuance of gift cards, which are managed by our trusted provider.
• Usage Information - We collect information about how you navigate and use features within our App. This includes which pages you visit, features you interact with, and the paths you take through our platform. This helps us improve our Service and maintain security.
• Usage Patterns - We monitor general patterns of platform usage to detect unusual activity that might indicate security risks or violations of our Terms of Service. This is done to protect all users and maintain platform integrity.

We will also see partial details concerning an Organiser's and Guest's payment method, but at an anonymised level (we can only see the last 4 digits of card numbers) -- so we will never have access to your full card details, nor will we be able to identify you from that incomplete card number.

Additionally, our third-party service providers, such as Google Analytics and Stripe, may collect information about the device and browser you use to access our App, including IP address, browser type, and operating system. This information is not directly accessible to us but is used to provide and improve our services. For more information about how these third parties collect and use your data, please refer to their respective privacy policies.

3.2 Information collected and used by our third-party service providers

Our third-party service providers may need to obtain further ID from you, as part of anti-money laundering checks. This will usually entail asking for your name, photograph on an official document which confirms your identity (e.g. a passport) and your residential address and date of birth.

We do not currently collect, nor can we access any of the following types of personal information which are likely to be used as part of the services delivered through the App:

• Your full bank account details (which are only available to the third-party payment services provider who are responsible for delivering the App payment services).

The above service providers may therefore also collect personal data about you separately from us when you use the App services. You can find out more information about what personal data the service providers collect about you and what they use it for, and how they protect it, via the following links:

• Stripe Privacy Policy
• Google Privacy Policy (covers Google Analytics)

We encourage you to review these privacy policies to understand how these third parties collect and use your data. If you have any questions about how your personal information is being used on the App, including by any of the above third-party providers, please contact us in the first instance, using the details set out at section 11 below -- we may then refer you to the relevant third-party provider, depending on the nature of your query.

4. Sources of personal information

Generally speaking, we only collect and use your personal information that you provide directly to us, whether this is when you register with the App, create or participate in an event, and/or when you make transactions using the App or contact us with a support query. We do not collect personal data about you from any third parties, except as follows:

• If you use the App in an unauthorised manner, another Organiser or Guest may pass information to us;
• If you make a payment to an event using a third-party payment method (e.g., Apple Pay or Google Pay), we may receive your name and email address from those third parties;
• We may also receive information about users from our payment processors regarding payment processing and anti-money laundering checks.

5. How we use your personal information

We use your personal information in the following ways:

5.1 Organisers

• Name, email and password - Registering an Organiser as a user and managing their account, e.g., handling support queries.
• Date of birth - Verifying that an Organiser is old enough to use the App (it is only available to users who are aged 18 and over).
• Transaction details and partial payment information - Storing for audit purposes and ensuring that the App is used in a lawful and legitimate manner, in accordance with our App user terms.
• Name and email - We may, from time to time, alert Organisers about new features of the App and similar services, by email. However, you have the right to opt out of this marketing at any time by contacting us at [email protected] or clicking "unsubscribe" on any marketing message.
• Event information - Managing and facilitating events created on the App, including sending notifications to Guests.
• Platform Security - Protecting the security of our platform and preventing misuse that could harm our community or business.
• Terms Compliance - Ensuring all users comply with our Terms of Service, including fair use provisions.
• Business Protection - Protecting our business interests, intellectual property, and the unique approach we've developed for event planning.
• Communications - Sending service updates, security alerts, and important platform announcements (you can opt out of non-essential communications).

5.2 Guests

• Name, email - Recording participation in events on the App, including for audit purposes.
• Transaction details and partial payment information - Storing for audit purposes and ensuring that the App is used in a lawful and legitimate manner, in accordance with our App user terms. This includes tracking Gift Pot redemptions and gift card purchases to provide a seamless user experience and ensure compliance with applicable laws and agreements with third-party providers.
• Event participation details - Managing your participation in events, including RSVPs and payments.
• Platform Security - Protecting the security of our platform and preventing misuse.
• Terms Compliance - Ensuring compliance with our Terms of Service.

6. Parties who we share your personal information with

To provide and improve our services, we may share your personal information with the following categories of third parties:

• Payment processing and identity verification service providers, such as Stripe, to facilitate secure transactions and comply with anti-money laundering regulations. Additionally, gift card providers receive information related to the gift card selection and redemption to fulfill purchases made using Gift Pot funds.
• Cloud hosting and data storage providers, to securely store and process data.
• Analytics providers, to help us understand how our App is used and to improve our services.
• Customer support tools, to assist with user inquiries and improve user experience.
• Email service providers, to facilitate communication with our users.

We ensure that any third party processing your personal data has agreed to preserve the confidentiality, integrity, and security of your data. Some of these third parties may be based outside the UK or European Economic Area (EEA). When we transfer your data outside the UK or EEA, we ensure appropriate safeguards are in place to protect your information.

For more information about specific third-party providers and how they process your data, you can contact us using the details provided in Section 11.

We may also share your information:

• With other users of the App as necessary for the functioning of the event (e.g., Organisers can see Guest information for their events).
• If required by law, such as in response to a court order or subpoena.
• If we believe it's necessary to protect our rights, property, or safety, or the rights, property, or safety of others.

7. How long we retain your personal information

Organisers - We retain personal information which we collect about you for as long as you have an App account with us, plus 7 years. For information related to anti-money laundering checks, we need to be able to access this information for 5 years, so we retain it for this period.

Guests -- we retain information about Guests in personally identifiable form for a period of 7 years after you have made a payment or participated in an event on the App, for financial auditing purposes (following which we fully anonymise the information).

8. Where your personal information is stored

We store your personal information on secure servers located within the United Kingdom. However, please also refer to the privacy policies of the relevant third party providers, available via the links provided earlier. Some of our service providers may transfer personal data to countries outside the United Kingdom or the European Economic Area (EEA).

When we transfer your data outside the UK or EEA, we ensure that appropriate safeguards are in place to protect your information. These safeguards may include:

• Transferring to countries that have been deemed to provide an adequate level of protection for personal data by the UK Government or European Commission.
• Using specific contracts approved by the UK Government or European Commission which give personal data the same protection it has in the UK and Europe.

9. How we legally justify using your personal information

Every use that we make of your personal information must meet a lawful basis, set out under data protection law. For the uses set out in this policy, the lawful bases that we rely on are as follows:

9.1 Organisers and Guests

• Contractual Necessity - Processing your personal data is necessary for the performance of our contract with you to provide the App services.
• Legal Obligation - Processing is necessary for compliance with our legal obligations, such as anti-money laundering laws and financial regulations.
• Legitimate Interests - We have a legitimate interest in processing your data to operate and improve our services, prevent fraud, and ensure the security of our App. This includes using data for analytics and research to better understand how our App is used and to improve its functionality. We also have a legitimate interest in protecting our platform integrity, preventing misuse, and safeguarding our unique business approach from unauthorised competitive use. We've carefully balanced these interests against your rights and freedoms to ensure fair processing.
• Consent - For certain types of processing, particularly marketing communications, we rely on your consent. You can withdraw this consent at any time.
• Performance of a Contract - We process your data to enable the redemption of Gift Pot funds and the purchase of gift cards, as these are core services under our agreement with users.

10. Your legal rights in relation to your personal information

Under UK data protection law, you have certain rights regarding your personal data. These include:

1. The right to be informed about how your personal data is used (which is the purpose of this privacy policy).
2. The right to access the personal data we hold about you.
3. The right to request the correction of inaccurate personal data we hold about you.
4. The right to request that we delete your data, or stop processing it or collecting it, in some circumstances.
5. The right to stop direct marketing messages and to withdraw consent for other consent-based processing at any time.
6. The right to request that we transfer or port elements of your data either to you or another service provider.
7. The right to complain to your data protection regulator — in the UK, the Information Commissioner's Office.

If you want to exercise any of these rights, please contact us using the details in Section 11 below. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

11. Other information, including how to contact us

We will use reasonable endeavours to ensure that your personal information is accurate. In order to assist us with this, you should notify us of any changes to your personal information, by contacting us using the email address below.

From time to time, we may make changes to our App and services and, consequently, our privacy policy may change at any time in the future. We therefore encourage you to review it from time to time to stay informed of how we are using your personal information.

We are required to employ adequate technical and organisational security measures to protect your personal information from any loss, destruction, damage or unlawful disclosure. However, no transmission of personal information over the internet or via the App can ever be guaranteed as secure. Consequently, please note that we cannot guarantee the security of any personal information which you transfer to us or which we transfer to you or a third party over the App.

If you would like further information about the matters set out in this policy, please contact us at: [email protected]

Data Breach Procedures: Whilst we implement strong security measures, in the unlikely event of a personal data breach that poses risk to your rights and freedoms, we will notify affected users within 72 hours where required by UK GDPR. We will also report to the Information Commissioner's Office (ICO) where legally required and take immediate steps to minimise any potential harm.

12. Changes to this Privacy Policy

We may update this privacy policy from time to time, especially as we integrate new features such as additional payment processors or gift card providers. We will notify you of significant changes by posting the new privacy policy on our App or website and, where appropriate, sending you a notification.

By using the Planiit App or our website at planiit.io, you acknowledge that you have read this Privacy Policy, understood it, and agree to be bound by it. If you do not agree to this Privacy Policy, you must not use our App or website.

Thank you for using Planiit!