1. Who We Are

• Company Name: Plan Circle Ltd

• Platform: PlanMates (planmates.com)

• Contact for Privacy Inquiries: support@planmates.com

2. Age Requirement

You must be at least 16 years old to create an account and use PlanMates. We do not knowingly collect or process personal data from individuals under 16.

3. Data We Collect and How We Use It

Account Creation:

• Data Collected: First name, last name (optional), email, password and country (inferred from IP).

• Purpose: To create and maintain your account, enable authentication, and personalize your experience.

• Legal Basis: Provision of service (contractual necessity).

Profile Information:

• Data Collected: Profile picture (optional), location (optional), timezone, country (provided by user and/or inferred from IP).

• Purpose: To personalize your profile, improve user experience, display relevant content, and facilitate connections with other users.

• Legal Basis: Provision of service (contractual necessity).

• Note: Profile images are stored without signed URLs, which means they may be accessible via direct link. Users should avoid uploading sensitive personal images.

Third-Party Sign-In (Google):

• Data Collected: First name, last name, and email from Google, plus inferred country.

• Purpose: To streamline the sign-up and sign-in process.

• Legal Basis: Provision of service (contractual necessity).

• Note: Google's OAuth is used for sign-in, and Google reCAPTCHA may be used to verify that account creation and login attempts are made by real users, helping protect against spam and abuse.

Waitlist:

• Data Collected: Email address.

• Purpose: To notify you when the platform is ready for you to join.

• Retention: Up to 120 days if no sign-up occurs.

• Legal Basis: Provision of service (pre-contractual step at your request).

Plan Creation and Interaction:

• Data Collected: Plan details (title, date/time, location, visibility, etc.), interest indicators, and messages on the plan's message board.

• Purpose: To enable core features like sharing plans, indicating interest, and messaging.

• Legal Basis: Provision of service (contractual necessity).

• Visibility Changes: When a plan's visibility is updated (e.g. you share it with additional friends or groups), those new participants will see any messages that have already been posted on the plan's message board.

Message Board:

• Data Collected: Message content, message images, message status (active, hidden, deleted), edit history, timestamps, user interaction data (when you add/edit/delete messages).

• Purpose: To enable communication between users on plan message boards, facilitate moderation, and provide message history.

• Storage: Message images are stored in AWS S3 with CloudFront CDN access. Images are processed to remove EXIF data and are resized for optimisation.

• Image Security: Message images are accessed via temporary signed URLs that expire after a short period, providing an additional layer of security for user-uploaded content.

• Content Moderation: Message text is checked via OpenAI's content moderation service to ensure compliance with our community guidelines. Message images are analysed using AWS Rekognition to detect potentially inappropriate content, ensuring a safe environment for all users.

• Legal Basis: Provision of service (contractual necessity) and legitimate interests (preventing abuse and maintaining community standards).

Friends and Groups:

• Data Collected: Friend requests, friend relationships, group memberships, blocking data.

• Purpose: To help you connect with others and manage your social circle.

• Legal Basis: Provision of service (contractual necessity).

Admin Actions and Moderation:

• Data Collected: Minimal logs including admin user ID and action taken, flagged content snapshots, a hash of logged-in user IDs, and their timezone.

• Purpose: To maintain platform security, monitor system performance, and ensure compliance with community guidelines.

• Legal Basis: Legitimate interests (ensuring community integrity and compliance).

Notifications (In-App & Email):

• Data Collected:Notification content (e.g. new plans, friend requests), email address for sending notifications.

• Purpose: To keep you informed about relevant activity on the platform (e.g. plan reminders, password resets, friend requests).

• Legal Basis: Provision of service (contractual necessity).

• Note: QStash is used for email queuing to manage sending notifications efficiently.

Support Inquiries:

• Data Collected: Name, email, and message content sent to support@planmates.com

• Purpose: To assist with your questions or concerns.

• Legal Basis: Provision of service (responding to your inquiries).

4. Cookies and Similar Technologies

We use cookies primarily for authentication, session management, and basic functionality. These may include cookies from Supabase and Google (if you sign in with Google).

4.1 Authentication & Session Cookies:

Purpose: To keep you logged in, maintain session state, and provide secure access.
Legal Basis: Provision of service (contractual necessity).

4.2 Functional Cookies:

planMatesLastVisit:

This cookie stores the date of your most recent visit in YYYY-MM-DD format.
Purpose: To improve user experience by redirecting users from outdated calendar URLs to the current date when returning to the platform after a period of inactivity.
Duration: 30 days
Legal Basis: Legitimate interest (enhancing user experience)

We currently do not use cookies for analytics or marketing. If we introduce these in the future, we will seek user permission if required.

5. Data Storage and Location

We use a combination of hosting, storage, and caching services, primarily located in the UK and EU:

• Hosting & Caching (Vercel): The Platform is hosted on Vercel, which may use a global infrastructure. We aim to deploy in regions (such as the EU) that align with our privacy commitments. Some caching may occur globally for performance.

• Supabase (Authentication & Database): EU-West-2

• PlanetScale (Database): EU-West-2

• AWS (Storage & CloudFront CDN): UK (London) for storage where possible, global CDN for content delivery

• Upstash (Redis for Caching & QStash for Email Queue): EU-West-1

• Resend (Email Sending): Europe (Ireland)

• Google Cloud Platform (Sign-In & reCAPTCHA): Primarily EU or US, depending on Google's infrastructure and policies.

• Axiom (Logging): Axiom is used for dashboards and logs; data processed by Axiom may be stored within regions that Axiom operates in, and we aim to choose EU/UK where possible.

By using the Platform, you acknowledge that your data may be transferred and stored in these regions. CDNs and global infrastructure components may temporarily handle data outside the UK/EU for performance, but core storage remains centered in EU/UK regions where possible.

We perform regular database backups on PlanetScale to ensure data integrity and to enable recovery in case of technical issues or data loss. Backups are retained securely within the same region as the primary database (EU-West-2) and deleted in line with our standard retention policies.

6. How Long We Keep Your Data

We retain personal data only as long as necessary to provide our services or as required by law. Examples:

• Waitlist emails: Up to 90 days

• Plan data and associated content: Until you delete it or your account is deleted

• Admin logs: Typically stored for a limited time (e.g. ~95 days for logs)

Once you delete your account, we remove all personal data unless retention is required for legal or moderation reasons.

7. Your Rights

Subject to UK GDPR, you have the right to:

• Access your personal data

• Request Correction of inaccurate or incomplete data

• Request Deletion of your personal data, unless retention is required by law or legitimate interest

• Object or Restrict certain processing

• Data Portability, where applicable

To exercise any of these rights, please contact support@planmates.com. We aim to respond within 30 days. Verification may involve confirming your request via the email address associated with your account.

8. Security Measures

We use industry-standard security measures to protect your data, including secure hosting and access controls. While no method of transmission or storage is 100% secure, we continuously work to safeguard your information.

9. Children's Privacy

We do not allow users under 16 to create accounts. If you believe we have collected data from someone under 16, please contact us so we can delete it.

10. Changes to This Privacy Policy

As the platform evolves, we may update this Privacy Policy. The "Last Updated" date at the top reflects the latest changes. Initially, we will simply update the policy on our site. In the future, once the platform stabilizes, we may introduce more direct notifications for significant changes.

11. Future Considerations

If we introduce marketing or promotional communications in the future, we will seek your consent before sending such messages.

12. Use of OpenAI for Plan Content Checks

We use OpenAI's services to check plan names, descriptions, and plan messages for compliance with our content guidelines and to provide a safer user experience. This means that plan information and messages you create or post may be sent to OpenAI for processing.

Purpose:

We analyze user content to detect and prevent potentially harmful or prohibited activity, such as spam, harassment, or other violations of our community guidelines.

Legal Basis:

Legitimate interests (keeping the platform safe and secure).

Scope:

Plan names, descriptions, and message board content.

Data Handling:

We strive to minimize the amount of personal data shared in this process. Any personal information contained within your plan or message content may be transmitted to OpenAI. However, we do not use this data to train OpenAI's models; it is solely processed for content checking.

By posting or creating content on PlanMates, you acknowledge that such content may be processed by OpenAI in accordance with their data processing practices. For more information on OpenAI's privacy practices, please visit OpenAI's Privacy Policy.

Get In Touch: For questions or concerns about this Privacy Policy or your personal data, please email us at support@planmates.com.