Privacy Policy

Last updated: 2 May 2026 · Effective immediately

Contents

  1. Introduction
  2. Data Controller
  3. What Data We Collect
  4. How We Use Your Data
  5. Legal Basis for Processing
  6. Data Sharing
  7. AI and Automated Processing
  8. Cookies and Tracking
  9. Data Retention
  10. Your Rights
  11. International Transfers
  12. Children
  13. Security
  14. Changes to This Policy
  15. Contact and Complaints

1. Introduction

PlanningCore ("we", "us", or "our") is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, store, and share your personal data when you use the PlanningCore website and platform (the "Service").

This policy is written in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).

2. Data Controller

PlanningCore is the data controller for the personal data we collect through the Service. If you have any questions about this policy or how we handle your data, please contact us:

ICO Registration Reference: [Registration reference to be added upon completion of ICO registration]

3. What Data We Collect

3.1 Account Information

When you create an account, we collect:

  • Full name
  • Email address
  • Password (stored in hashed form only; we never store plain-text passwords)
  • Account type and role (e.g. homeowner, developer, consultant)

3.2 Project Data

When you use the Service, you may provide:

  • Site addresses and postcodes
  • Project descriptions, development type, and scale
  • Uploaded documents (e.g. planning drawings, reports, photographs)
  • Notes, preferences, and project-specific settings

3.3 Usage Data

We automatically collect:

  • Pages visited, tools used, and features accessed
  • Search queries within the Service
  • Device type, browser type, and operating system
  • IP address and approximate geographic location
  • Date and time of access
  • Referring website or page

3.4 Payment Information

If you subscribe to a paid plan, payment processing is handled by our third-party payment processor. We do not store full credit card numbers. We may store the last four digits, card type, and expiry date for your reference.

3.5 Communications

If you contact us (via email, contact form, or other means), we collect the content of your communications and any information you choose to provide.

4. How We Use Your Data

Purpose Data Used
Providing the Service and its features Account info, project data, usage data
AI-powered analysis and document generation Project data, site addresses, uploaded documents
Personalising your experience Account info, usage data, project data
Processing payments and managing subscriptions Account info, payment information
Sending service notifications (e.g. planning alerts, project updates) Account info, project data
Improving the Service and developing new features Aggregated and anonymised usage data
Responding to support enquiries Account info, communications
Preventing fraud and maintaining security IP address, usage data, account info
Complying with legal obligations As required by law

We process your personal data on the following legal bases under the UK GDPR:

  • Contract (Article 6(1)(b)): Processing necessary to provide the Service you have signed up for, including managing your account, delivering features, and processing payments.
  • Legitimate interests (Article 6(1)(f)): Improving the Service, preventing fraud, ensuring security, and conducting analytics. We ensure our interests do not override your rights and freedoms.
  • Consent (Article 6(1)(a)): Where we send marketing communications or use non-essential cookies, we obtain your consent and you may withdraw it at any time.
  • Legal obligation (Article 6(1)(c)): Where we are required by law to process or retain certain data (e.g. tax and accounting records).

6. Data Sharing

We will never sell your personal data to third parties.

We may share your data with the following categories of recipients:

6.1 Service Providers

We use trusted third-party processors to help us operate the Service. These may include hosting providers, payment processors, email delivery services, and analytics tools. All processors are bound by data processing agreements and are required to handle your data in accordance with the UK GDPR.

6.2 Marketplace Professionals

If you use the PlanningCore Marketplace to contact a planning professional, we will share limited project information (such as site location and project description) with that professional to facilitate the enquiry. We will always inform you before sharing this information.

6.3 Legal Requirements

We may disclose your data if required to do so by law, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

7. AI and Automated Processing

PlanningCore uses artificial intelligence to provide features such as planning risk scores, document generation, and intelligent search. When you use these features:

  • Your project data (site address, development type, descriptions) may be processed by AI models to generate outputs.
  • We may use third-party AI providers (such as large language model APIs) to process your data. Data shared with these providers is used solely for generating your requested output and is subject to their data processing agreements.
  • AI outputs (risk scores, generated documents, recommendations) are indicative and should not be treated as professional advice. See our planning advice disclaimer.
  • No decisions with significant legal effect are made solely by automated processing. AI outputs are provided to assist your own decision-making.

8. Cookies and Tracking

8.1 Essential Cookies

We use essential cookies that are strictly necessary for the Service to function. These include session cookies for authentication and security tokens. These cookies do not require consent.

8.2 Analytics Cookies

With your consent, we may use analytics cookies to understand how visitors use the Service. This data is aggregated and anonymised where possible. You can withdraw your consent at any time through your browser settings or our cookie preferences.

8.3 No Third-Party Advertising

We do not use third-party advertising cookies or tracking pixels. We do not serve targeted advertisements on the Service.

8.4 Managing Cookies

You can control cookies through your browser settings. Please note that disabling essential cookies may prevent the Service from functioning correctly. For more information, visit aboutcookies.org.

9. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes described in this policy:

  • Account data: Retained for the lifetime of your account and for up to 12 months after account closure, to allow for account recovery.
  • Project data: Retained for the lifetime of your account. Deleted within 90 days of account closure.
  • Usage data: Retained in identifiable form for up to 24 months; thereafter aggregated and anonymised.
  • Payment records: Retained for 7 years as required by UK tax and accounting regulations.
  • Support communications: Retained for up to 36 months after resolution.

10. Your Rights

Under the UK GDPR, you have the following rights in relation to your personal data:

  • Right of access: You can request a copy of the personal data we hold about you.
  • Right to rectification: You can request correction of inaccurate or incomplete data.
  • Right to erasure: You can request deletion of your personal data, subject to legal retention requirements.
  • Right to restrict processing: You can request that we limit how we use your data in certain circumstances.
  • Right to data portability: You can request your data in a structured, commonly used, machine-readable format.
  • Right to object: You can object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at privacy@planningcore.uk. We will respond to your request within one month, as required by law. In complex cases, we may extend this by a further two months, and we will inform you if this is necessary.

11. International Transfers

Your data is primarily stored and processed within the United Kingdom and the European Economic Area. Where data is transferred outside the UK (for example, to AI processing providers based in the United States), we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the UK Information Commissioner
  • Adequacy decisions by the UK government
  • Other lawful transfer mechanisms recognised under the UK GDPR

12. Children

The Service is not directed at children under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete it promptly. If you believe a child has provided us with personal data, please contact us at privacy@planningcore.uk.

13. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS/SSL
  • Secure password hashing (bcrypt)
  • Regular security reviews and updates
  • Access controls limiting data access to authorised personnel
  • Secure hosting infrastructure

No method of transmission or storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the Service at least 30 days before the changes take effect.

We encourage you to review this policy periodically. The "Last updated" date at the top of this page indicates when the policy was most recently revised.

15. Contact and Complaints

If you have any questions, concerns, or complaints about this policy or our data practices, please contact us:

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: ico.org.uk
  • Telephone: 0303 123 1113
  • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Ask Planning Agent