Privacy Policy

doineedplanning.org — PLAIN (Planning + AI)

Privacy Policy

Effective date: 3 March 2026  |  Last updated: 3 March 2026

1. Introduction

This Privacy Policy explains how Do I Need Planning, trading as PLAIN (“we”, “us”, “our”), collects, uses, stores, and protects personal data when you visit our website at https://doineedplanning.org or use our planning report services.

We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

Please read this policy carefully. By using our website or purchasing our services, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for your personal data is:

Do I Need Planning (PLAIN)

Operated by James Lloyd

Ross-on-Wye, Herefordshire, United Kingdom

Email: privacy@doineedplanning.org

[Please insert your full registered name, address, and any company registration number as applicable.]

3. What Personal Data We Collect

We collect and process the following categories of personal data:

Category

Data Collected

Purpose

Identity & Contact Data

Name, email address

To create and deliver your report; to communicate with you about your order

Location Data

Property address or location coordinates (map pin drop)

To generate an accurate, location-specific planning assessment report

Project Data

Description of your proposed development or planning objection; any uploaded documents (e.g. planning application PDFs)

To provide the planning assessment report you have requested

Payment Data

Payment card details and billing information

To process your payment via Stripe (see Section 6)

Technical Data

IP address, browser type, device information, pages visited, referring URL

To maintain site security, analyse usage patterns, and improve our service

Communication Data

Any correspondence you send us (email, contact forms)

To respond to your enquiries and provide customer support

We do not knowingly collect any special category data (such as health information, racial or ethnic origin, political opinions, or religious beliefs). If any such data is inadvertently included within documents you upload, we will process it solely for the purpose of generating your report and will not use it for any other purpose.

4. How We Collect Your Data

We collect personal data through the following means:

  • Directly from you — when you complete our online form, drop a pin on the map to select a property location, upload documents, make a payment, or contact us.
  • Automatically — when you browse our website, through cookies and similar technologies (see Section 10).
  • From third-party services — payment confirmation data from Stripe; mapping data from Google Maps.

5. Lawful Basis for Processing

Under the UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases:

Lawful Basis

Processing Activity

Contract (Article 6(1)(b))

Processing your personal data to deliver the planning report you have purchased, including generating the report, sending it to you, and managing your order.

Legitimate interests (Article 6(1)(f))

Website analytics and security monitoring; improving our services; preventing fraud. Our legitimate interests do not override your fundamental rights and freedoms.

Legal obligation (Article 6(1)(c))

Retaining financial records to comply with tax and accounting obligations.

Consent (Article 6(1)(a))

Sending marketing communications, where applicable. You may withdraw consent at any time.

6. Payment Processing & Stripe

All payments are processed securely by Stripe Payments Europe, Ltd. When you make a purchase, your payment card details are transmitted directly to Stripe and are not stored on our servers. Stripe acts as an independent data controller for the payment data it receives.

Stripe is certified to PCI Service Provider Level 1, the most stringent level of certification available in the payments industry. For further information on how Stripe handles your data, please refer to Stripe’s Privacy Policy.

We receive from Stripe limited transaction information necessary to fulfil your order, including confirmation of payment, the last four digits of your card, and your billing name and email address.

7. How We Use Your Data

We use your personal data for the following purposes:

  • To generate your AI-powered planning assessment report or planning objection report based on the property location, project description, and any supporting documents you provide.
  • To process your payment and issue receipts.
  • To deliver your completed report to you by email or through our website.
  • To communicate with you regarding your order, including any follow-up queries.
  • To administer and manage Pass Key or subscription access where applicable.
  • To maintain, improve, and secure our website and services.
  • To comply with our legal and regulatory obligations.

8. AI-Generated Reports

Our planning reports are generated using artificial intelligence (the Anthropic Claude API). The data you provide — including your property location, project description, and any uploaded documents — is transmitted to the AI service provider solely for the purpose of generating your report. This data is processed in accordance with Anthropic’s data processing terms and is not used by Anthropic to train its AI models.

The AI-generated reports are intended as informational guidance only and do not constitute formal legal, planning, or professional advice. Please refer to our Terms of Service for further details on the limitations of our reports.

9. Data Sharing & Third Parties

We may share your personal data with the following third parties, solely to the extent necessary for the stated purposes:

  • Stripe — payment processing (as detailed in Section 6).
  • Anthropic (Claude API) — AI report generation. Your project data is transmitted to Anthropic’s servers to generate your report.
  • Amazon Web Services (AWS) — our cloud infrastructure provider, which hosts our backend systems and stores your data securely in the EU West (London) region.
  • Google Maps API — to provide the map-based location selection feature. Your use of the map is subject to Google’s Privacy Policy.
  • Amazon Simple Email Service (SES) — to send transactional emails (e.g. report delivery, order confirmations).
  • Fasthosts — our website hosting provider for the WordPress frontend.

We do not sell, rent, or trade your personal data to any third party for marketing purposes.

We may also disclose your personal data where required to do so by law, regulation, or court order, or to protect the rights, property, or safety of ourselves, our users, or others.

10. Cookies & Tracking Technologies

Our website uses cookies and similar technologies. Cookies are small text files placed on your device that help us provide and improve our service.

Types of cookies we use:

  • Strictly necessary cookies — required for the website to function properly (e.g. session management, security). These do not require your consent.
  • Functional cookies — remember your preferences and choices to enhance your experience.
  • Analytics cookies — help us understand how visitors interact with our website (e.g. Google Analytics, if enabled). These cookies collect information in an anonymised form.
  • Third-party cookies — set by services we integrate with, such as Stripe (for payment processing) and Google Maps.

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

For more information about cookies generally, visit www.aboutcookies.org.

11. International Data Transfers

Some of the third-party services we use (in particular, Anthropic and certain AWS services) may process your data outside the United Kingdom. Where personal data is transferred outside the UK, we ensure that appropriate safeguards are in place, which may include:

  • Transfers to countries that the UK Government has determined provide an adequate level of data protection.
  • Standard contractual clauses (International Data Transfer Agreement or Addendum) approved by the Information Commissioner’s Office.
  • Binding corporate rules or other lawful transfer mechanisms.

12. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

  • Report data and project information — retained for up to 12 months after report delivery to allow you to access your report and for us to handle any queries or issues.
  • Payment and transaction records — retained for 7 years in compliance with HMRC tax and accounting requirements.
  • Communication records — retained for up to 24 months unless required for ongoing matters.
  • Technical and analytics data — retained for up to 12 months.

When personal data is no longer required, we will securely delete or anonymise it.

13. Your Rights Under UK GDPR

Under the UK GDPR, you have the following rights in relation to your personal data:

  • Right of access — you may request a copy of the personal data we hold about you.
  • Right to rectification — you may request correction of any inaccurate or incomplete data.
  • Right to erasure — you may request deletion of your personal data where there is no compelling reason for us to continue processing it.
  • Right to restrict processing — you may request that we limit the way we use your data in certain circumstances.
  • Right to data portability — you may request a copy of your data in a structured, commonly used, machine-readable format.
  • Right to object — you may object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Rights in relation to automated decision-making — you have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects. While our reports are AI-generated, they are provided as informational guidance and do not constitute decisions that produce legal effects concerning you.

To exercise any of these rights, please contact us at planning@doineedplanning.org. We will respond to your request within one month of receipt.

14. Data Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include:

  • Encryption of data in transit (HTTPS/TLS) and at rest.
  • Secure cloud infrastructure hosted on AWS with access controls and monitoring.
  • Payment data handled exclusively by PCI-DSS-compliant Stripe infrastructure.
  • Regular review of security practices and access permissions.

While we implement robust safeguards, no method of transmission or storage is completely secure. If you become aware of any security breach, please notify us immediately.

15. Children’s Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will take steps to delete it promptly.

16. Links to Third-Party Websites

Our website may contain links to external websites operated by third parties. We are not responsible for the privacy practices of these websites. We encourage you to review the privacy policies of any third-party sites you visit.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. Where changes are significant, we will take reasonable steps to notify you (for example, by posting a notice on our website). The “Last updated” date at the top of this page indicates when this policy was most recently revised.

18. Complaints

If you are unhappy with how we have handled your personal data, we would appreciate the opportunity to resolve the matter directly. Please contact us at planning@doineedplanning.org.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection:

Information Commissioner’s Office

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Telephone: 0303 123 1113

Website: ico.org.uk/make-a-complaint

19. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

Do I Need Planning (PLAIN)

Email: planning@doineedplanning.org


Scroll to Top