Skip to main content

Privacy Policy

Effective Date: [Date] [LEGAL REVIEW REQUIRED: Confirm effective date before publishing]

1. Who We Are

StayRight ("we", "us", or "our") is the data controller for the personal information we collect about you.

  • Contact Email: [David's Contact Email or support@stayright.com]

[LEGAL REVIEW REQUIRED: Insert official company name, registered address, and physical contact point if different. We need to confirm ICO registration number once registered.]

2. What Personal Data We Collect and Why (Lawful Basis)

Under the UK General Data Protection Regulation (UK GDPR), we rely on the following lawful bases to process your personal data:

  • Account Data (Name, Email): Used to create and manage your account, provide customer support, and communicate essential service updates.
    Lawful Basis: Performance of a contract.
  • Visa and Travel Data (Visa route, travel history, calculation dates): Used directly to power our 180-day tracker, simulator, and ILR timeline features. This data is highly sensitive but is not a "special category" under UK GDPR; however, we treat it with maximum security.
    Lawful Basis: Performance of a contract (core product functionality).
  • Payment Data (Billing address, transaction history): Processed to facilitate subscription payments. Your full card details are handled directly by our payment processor (Stripe).
    Lawful Basis: Performance of a contract and compliance with a legal obligation (tax and accounting).
  • Analytics (Usage data, interaction metrics): Used to understand how our service is used and improve the platform.
    Lawful Basis: Legitimate interests (or Consent where cookies are involved).

[LEGAL REVIEW REQUIRED: Ensure you are comfortable relying on "Performance of a contract" for the Visa/Travel data rather than "Explicit Consent", as immigration data is highly confidential.]

3. Data Retention Policy

We keep your data only for as long as needed to provide our services and fulfil legal obligations:

  • Active Account Data / Travel Data: Retained for as long as your account remains active.
  • Deleted Accounts: If you delete your account, your data will be queued for deletion. It may remain in our database backups for up to 30 days before being permanently erased.
  • Payment Records (Stripe): Generally retained by Stripe for 7 years to comply with financial, tax, and legal obligations, even after you delete your StayRight account.
  • Anonymised Analytics: Retained indefinitely to help us improve the service. This data cannot be linked back to you.

4. Data Processors (Who We Share Your Data With)

We use trusted third-party service providers ("Data Processors") to run StayRight. We have Data Processing Agreements (DPAs) in place with them to protect your data.

  • Supabase: Core database and hosting (Servers located in the UK).

[LEGAL REVIEW REQUIRED: Confirm Supabase server region is specifically set to eu-west-2 (London)]

  • Stripe: Payment processing.
  • Resend: Email delivery and notifications.

5. Your Rights Under UK GDPR

You have the right to:

  • Access: Request a copy of the data we hold about you.
  • Rectification: Ask us to correct inaccurate or incomplete data.
  • Erasure ("Right to be Forgotten"): Request that we delete your data (subject to certain exceptions, like tax records).
  • Restriction of Processing: Ask us to limit how we use your data.
  • Data Portability: Request your data in a structured, commonly used format.
  • Objection: Object to our processing of your data based on legitimate interests.
  • Automated Decision Making: Not be subject to decisions based solely on automated processing. (Note: StayRight computes values based on formulas you input, but does not make legal decisions on your behalf).

6. How to Exercise Your Rights

To exercise any of these rights, please contact us at [Contact Email]. We will respond to your request within one month. You can also view, edit, download, and delete your data directly within the application's account settings.

7. How to Complain to the ICO

If you are unhappy with how we have handled your personal data, you have the right to complain to the Information Commissioner’s Office (ICO).

8. Cookies

We use cookies to keep you logged in and to remember your preferences. Please review our Cookie Policy for details.

9. Changes to this Policy

We may update this policy periodically. We will notify you of any major changes by email or through a notice in the app.