Privacy Policy
DRAFT — this document has NOT been reviewed by a solicitor. It is a starting point only and must be professionally reviewed before use with real customers.
Version 2026-07-13
This policy explains how DataDeadline handles personal data, in line with the UK GDPR transparency requirements (Articles 13 and 14).
Who we are
DataDeadline ("we", "us") provides software that helps businesses receive, track and respond to data-rights requests.
Our two roles
- For your business account (the people who sign up and log in), we are the data
controller and this policy applies.
- For the personal data of members of the public who submit requests through a
business's form, that business is the controller and we act only as its processor — governed by our Data Processing Agreement, not this policy.
What we collect (as controller)
- Account data: your name, email, business name, notification email, and a hashed
password.
- Acceptance records: which legal version you accepted, when, and the IP address.
- Technical data: a strictly necessary session cookie and standard server logs.
Why we use it, and our lawful basis
- To provide and secure the service — performance of our contract with you.
- To keep records and meet our own legal obligations — legal obligation and our
legitimate interests in running the service safely.
Cookies
We use only a strictly necessary session cookie to keep you signed in. See the Cookie Policy for details.
Sharing and sub-processors
We use sub-processors (for example hosting and email providers) under contract. We do not sell personal data. We do not share it except as needed to provide the service or where required by law.
International transfers
We do not transfer your personal data outside the UK without an appropriate safeguard in place.
Retention
We keep account data while your account is active and for a reasonable period afterwards, then delete or anonymise it.
Your rights
You have the right to access, rectify, erase, restrict, port or object to the processing of your personal data, and to withdraw consent where relevant. To exercise these, contact us using the details below. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.
Security
We encrypt personal data at rest, hash passwords, and isolate each customer's data. See SECURITY.md for detail and current limitations.
Contact
amiinking415@gmail.com
(Consider using a dedicated address such as privacy@yourdomain once you have your own domain.)