Privacy Policy

Placeaware ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share information when you use our Service, in accordance with the UK GDPR and the Data Protection Act 2018.

Placeaware Ltd is the data controller for personal data processed through the Service. You can contact our Data Protection Officer at dpo@placeaware.com.

We collect: (a) Account data: name, email, password hash; (b) Usage data: queries, chat history, feature interactions; (c) Technical data: IP address, browser type, device identifiers, cookies; (d) Payment data: processed by our payment provider — we do not store card details; (e) Location data: only what you explicitly submit to queries.

We process your data on the following legal bases: (a) Contract performance — to provide the Service; (b) Legitimate interests — to improve the Service and prevent fraud; (c) Consent — for marketing communications and optional cookies; (d) Legal obligation — where required by law.

Your data is used to: provide and improve the Service; authenticate your identity; process payments; send transactional and service emails; detect and prevent fraud and abuse; comply with legal obligations; and, with consent, send marketing communications.

We do not sell your personal data. We share data only with: service providers (Firebase, Anthropic, Upstash) under data processing agreements; payment processors; law enforcement when legally required; and business successors in the event of a merger or acquisition.

We retain your account data for as long as your account is active, plus 30 days after deletion. Chat history is retained for the period of your subscription tier. Technical logs are retained for 90 days. You may request deletion at any time via your account settings.

You have the right to: access your personal data; rectify inaccurate data; erase your data ("right to be forgotten"); restrict processing; data portability; object to processing; and withdraw consent at any time. To exercise these rights, contact privacy@placeaware.com.

We use strictly necessary cookies (session management) and, with consent, analytics cookies. You can manage cookie preferences via your browser settings. Declining optional cookies will not affect core Service functionality.

Some of our processors (e.g. Anthropic) are based in the United States. Data transfers are protected by Standard Contractual Clauses approved by the UK ICO, ensuring your data receives equivalent protection.

We implement technical and organisational measures including TLS encryption in transit, AES-256 encryption at rest, access controls, and regular security audits. However, no method of transmission over the internet is 100% secure.

The Service is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via a notice in the Service. Your continued use of the Service after changes constitutes acceptance.

For privacy-related questions, contact privacy@placeaware.com. To lodge a complaint, you may contact the UK Information Commissioner's Office at ico.org.uk.