Privacy Policy
Effective date: 16 March 2026
PlanWire is committed to protecting your personal data. This policy explains what we collect, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Questions? [email protected]
1. Who We Are
PlanWire is operated by Orra Designs Ltd (Company No. SC462855), a company registered in Scotland. Director: Ben Roy. For the purposes of UK data protection law, Orra Designs Ltd is the data controller for personal data collected through the Service.
Contact: [email protected]
2. What Data We Collect
We collect the minimum personal data necessary to provide and improve the Service:
| Data | Source | Purpose |
|---|---|---|
| Email address | Provided by you at sign-up | Account identification, API key delivery, transactional emails, billing |
| API usage logs | Recorded automatically | Rate limiting, abuse prevention, usage analytics, billing |
| IP address | Recorded per API request | Abuse prevention, security, geolocation (country-level only) |
| Billing information | Collected by Stripe on our behalf | Payment processing. We do not store card details — these are held by Stripe. |
| Alert postcodes / coordinates | Provided by you when creating a property alert | Delivering planning application alerts for your chosen area |
We do not collect or process any special category personal data (as defined by UK GDPR Article 9), and we do not knowingly collect data from children under 16.
3. How We Use Your Data
We process your personal data on the following lawful bases:
- Contract performance — to provide you with API access, issue your API key, process payments, and send essential transactional communications (e.g. key delivery, payment receipts, service notices).
- Legitimate interests — to monitor for abuse, investigate suspicious activity, maintain the security and integrity of the Service, and carry out aggregate analytics to understand how the Service is used.
- Legal obligation — to retain billing records as required by UK tax law.
We do not use your personal data for unsolicited marketing without your explicit consent. We do not sell your data.
4. Data Retention
- API request logs (endpoint, timestamp, IP) are retained for 90 days, after which they are automatically deleted or anonymised.
- Account data (email, subscription status, API key) is retained for the lifetime of your account and deleted within 30 days of a valid account deletion request.
- Billing records are retained for 7 years as required by UK financial regulations.
- Alert location data (postcodes / coordinates) is retained for as long as the alert is active and deleted when you remove the alert or close your account.
5. Third-Party Processors
We use the following third-party sub-processors to operate the Service. All processors operate under data processing agreements and appropriate safeguards.
| Processor | Purpose | Data region |
|---|---|---|
| Stripe | Payment processing and subscription management | EU / UK |
| Resend | Transactional email delivery (API key, receipts) | EU |
| Neon | Database hosting (account data, logs) | EU (eu-west-2) |
| Railway | API server hosting | EU |
| Cloudflare | DNS, CDN, DDoS protection, anonymous web analytics | EU / global edge |
We do not transfer your personal data to countries outside the UK / European Economic Area (EEA) without appropriate safeguards in place (e.g. Standard Contractual Clauses).
6. Your Rights
Under UK GDPR you have the following rights in relation to your personal data. To exercise any of these rights, email [email protected] and we will respond within one calendar month.
- Right of access — you may request a copy of the personal data we hold about you.
- Right to rectification — you may ask us to correct inaccurate or incomplete personal data.
- Right to erasure ("right to be forgotten") — you may request deletion of your personal data, subject to our legal retention obligations.
- Right to restrict processing — you may ask us to limit how we use your data in certain circumstances.
- Right to data portability — you may request your data in a structured, machine-readable format.
- Right to object — you may object to processing carried out on the basis of legitimate interests.
You also have the right to lodge a complaint with the UK's data protection supervisory authority, the Information Commissioner's Office (ICO), if you believe your data has been processed unlawfully.
7. Cookies
PlanWire does not use tracking cookies or advertising cookies. The only cookie-like technology in use is Cloudflare's anonymous web analytics beacon, which collects aggregate, anonymised traffic statistics (page views, country of origin) and does not track individual users or link activity to personal identities. No cookie consent banner is required for this purpose.
8. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include encrypted connections (TLS) for all data in transit, access controls for database systems, and API key hashing. While we take these precautions seriously, no system is completely secure and we cannot guarantee absolute security.
If we become aware of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify you and, where required, the ICO, within 72 hours of becoming aware of the breach.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will revise the effective date at the top of the page and, where changes are material, notify you by email at least 14 days before they take effect. Your continued use of the Service after that date constitutes acceptance of the revised policy.
10. Contact
For any data protection queries, rights requests, or complaints:
Email: [email protected]
Controller: Orra Designs Ltd (SC462855), Scotland, United Kingdom