Privacy Policy
Version placeholder — final UK GDPR wording to be drafted/reviewed before launch (SPEC.md §19).
Who we are
Data controller identity and contact; how to complain (UK ICO).
What we collect
Account details (email, name); uploaded content (plans/photos — may contain addresses/personal data); usage/logs; payment metadata (card handled by Stripe; we store only customer/subscription ids and card brand/last-4).
Why & legal basis
To provide the service (contract), legitimate interests, and consent where applicable (UK GDPR).
Processors
AWS (hosting, S3, SES), Stripe (payments), our AI provider, Slack (if used), Let's Encrypt.
Your rights & retention
Access, rectification, erasure, portability, objection; retention periods; international transfers; security measures; cookies/sessions.