Privacy Policy

Last updated: 7th April 2026

1. Introduction

This privacy policy explains how Plota ("we", "us", or "our") collects, uses, and protects your personal information when you use our service at plota.co.uk. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications Regulations (PECR).

2. Who We Are

Service: Plota - free planning application search for the UK
Purpose: Helping people find and monitor planning applications near them
Contact: hello@plota.co.uk

3. What Information We Collect

Information you provide:

  • Email address: Required to send you planning alert emails
  • Area preferences: The location data you give us when setting up an alert. This may be a postcode + radius, a town, a council, a custom drawn area on the map, an H3 hex grid selection, or a nation-wide alert with a planning-category filter
  • Schedule preferences: Whether you want daily, weekly, or fortnightly digests; the day of the week and time of day you want them delivered
  • Alert names and labels: Optional human-readable names you assign to your saved alerts
  • Filter preferences: Any application-type filter you apply to an alert (e.g. "new homes only"); whether you've opted to exclude tree applications

Information we collect automatically to operate the service:

  • IP addresses: Logged for security and abuse prevention
  • Alert lifecycle timestamps: When you subscribed, confirmed your email, last visited your My areas dashboard, last received an alert, and when each alert is scheduled to next fire
  • Alert delivery history: Records of which planning applications we've sent you, used to prevent duplicate notifications
  • Alert health status: A derived status flag (healthy / paused / portal-unavailable) per alert so we can surface issues in your dashboard
  • Session token: A signed token, stored in your browser, that lets you access your My areas dashboard without a password

Information we do NOT collect:

  • We do not require your name, phone number, or any other personal details
  • We do not track your precise location - only the postcode or area you tell us
  • We do not collect payment information (our service is free)

4. How We Use Your Information

  1. Service delivery: To send you email alerts about new planning applications in your chosen area
  2. Service improvement: To ensure alerts are relevant and avoid duplicates
  3. Security: To log IP addresses and prevent abuse of our service
  4. Communication: To send confirmation emails when you subscribe

We will NEVER:

  • Send you marketing emails or promotional content
  • Sell, rent, or share your email address with third parties
  • Send you emails unrelated to planning applications

5. Legal Basis for Processing

  • Consent (Article 6(1)(a) UK GDPR): When you subscribe, you provide explicit consent for us to send you email alerts. You can withdraw consent at any time by unsubscribing.
  • Legitimate interest (Article 6(1)(f) UK GDPR): We have a legitimate interest in logging IP addresses for security and fraud prevention.

6. How We Share Your Information

Email service provider (Brevo):

We use Brevo (formerly Sendinblue) to send alert emails. Your email address is shared with Brevo for email delivery. Brevo is GDPR-compliant. See their privacy policy.

Hosting provider (DigitalOcean):

Our service is hosted on DigitalOcean's London data centre. Your data is stored securely on servers in the United Kingdom.

Planning data sources:

We monitor publicly available council planning portals. We do not share any of your personal information with councils or any other third party.

We do NOT:

  • Share your data with advertisers or marketing companies
  • Sell your personal information to anyone
  • Transfer your data outside the UK/EEA (except to Brevo, which has appropriate GDPR safeguards)

7. Data Retention

While you're subscribed:

  • Your email and preferences are stored in our database
  • Alert history is retained to prevent duplicate notifications

When you unsubscribe:

  • Your personal data is permanently deleted immediately
  • We do not keep backup copies or "soft delete" records
  • Alert history for your account is deleted at the same time

8. Your Rights (UK GDPR)

Right to access:

You can request a copy of the personal information we hold about you by emailing hello@plota.co.uk.

Right to rectification:

You can update your preferences via the manage link in any alert email, or unsubscribe and re-subscribe with correct details.

Right to erasure:

Click the unsubscribe link in any alert email, or email us directly. Your data will be permanently deleted immediately.

Right to withdraw consent:

Unsubscribe at any time via the link in any email. This stops all future emails and deletes your data.

Right to data portability:

Request a copy of your subscription data in JSON format by emailing hello@plota.co.uk.

9. How to Unsubscribe

Every alert email includes an unsubscribe link. Click the link, confirm on the unsubscribe page, and your data is immediately deleted. You can also email hello@plota.co.uk to request removal.

10. Data Security

  • Encrypted connections: All communication uses HTTPS/TLS
  • Secure storage: Data stored in a secure database with restricted access
  • Rate limiting: We implement rate limits to prevent spam and abuse
  • Regular updates: Our servers and software are regularly updated

11. Cookies and Tracking

Our website uses minimal tracking. We do not use advertising cookies, tracking pixels, or cross-site tracking. We may use essential cookies for basic functionality.

12. International Data Transfers

  • Database hosting: DigitalOcean, London data centre (UK)
  • Email delivery: Brevo (EU-based, GDPR-compliant)

13. Changes to This Policy

We may update this policy from time to time. The "last updated" date will be revised. Significant changes will be communicated to subscribers via email.

14. Contact Us

Email: hello@plota.co.uk

Website: plota.co.uk

We aim to respond to all enquiries within 7 working days.

In plain English:

  • We collect your email address, the areas + categories you want to be alerted about, your schedule preferences, and the operational data needed to deliver those alerts (when we last sent you something, which apps we've already sent, whether each alert is healthy)
  • We use your data solely to send planning alerts and run your My areas dashboard - no marketing, no spam
  • You can unsubscribe anytime via the link in any email
  • When you unsubscribe, we immediately delete all your data
  • We use Brevo to send emails and DigitalOcean (London) to host the service
  • We never sell your data or share it with advertisers