Privacy Policy — PolicyAndPlay

    PolicyAndPlay is committed to protecting your personal data. This policy explains what we collect, how we use it, and your rights under UK GDPR and the Data Protection Act 2018.
  

1. Who We Are

PolicyAndPlay is a UK-based digital subscription service providing website templates, policy guides, and activity plans for childcare settings. References to "we", "us", or "our" refer to PolicyAndPlay.

For data protection enquiries, contact us at: hello@policyandplay.co.uk

ICO Registration Number: C1925950

2. What Data We Collect

We may collect the following personal data:

Account data: name, email address, and password when you register
Payment data: billing details processed securely by Stripe — we never store your card details
Usage data: pages visited, downloads, and subscription activity
Communications: any messages you send us

3. How We Use Your Data

We use your personal data to:

Provide and manage your subscription
Process payments via Stripe
Send service-related emails (receipts, updates, policy changes)
Improve our products and website
Comply with legal obligations

We do not sell your personal data to third parties.

4. Legal Basis for Processing

We process your data under the following lawful bases:

Contract: to fulfil your subscription
Legal obligation: for tax and financial records
Legitimate interests: to improve our service and prevent fraud
Consent: for any optional marketing emails

5. Third Parties

We share data only with trusted third parties necessary to run the service:

Stripe — payment processing (stripe.com/gb/privacy)
Netlify — website hosting
Supabase — secure account & database storage
Resend — sending account and service emails
Google Fonts — font delivery (your IP may be logged by Google)
Meta (Facebook) & Google Ads — advertising and conversion measurement, only if you accept analytics & marketing cookies (see Cookies below)

6. Cookies

We use two kinds of cookies:

Essential cookies — needed to run the site and keep you securely signed in (for example your login session). These are always on, as the site can't work without them.
Analytics & marketing cookies — set by the Meta (Facebook) Pixel and Google Ads tag to help us understand site usage and measure our advertising. These are only set if you choose "Accept all" in our cookie banner.

When you first visit, a cookie banner lets you Accept all or keep only Essential cookies. No analytics or marketing cookies are set until you accept them. You can change your choice at any time using the "Cookie settings" link in the website footer.

7. Data Retention

We retain your personal data for as long as your account is active, plus 7 years for financial records as required by HMRC. You can delete your account at any time from your dashboard ("Delete my account"), or request deletion by email (see Your Rights below).

8. Your Rights

Under UK GDPR you have the right to:

Access the personal data we hold about you
Correct inaccurate data
Request deletion of your data ("right to be forgotten") — you can do this instantly yourself via "Delete my account" in your dashboard
Object to or restrict processing
Data portability
Withdraw consent at any time — use the "Cookie settings" link in the footer to change your cookie choices

You can delete your account and data yourself at any time from your dashboard. To exercise any other right, email hello@policyandplay.co.uk. We will respond within 30 days.

9. Complaints

If you are unhappy with how we handle your data, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or call 0303 123 1113.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by email or by posting a notice on our website.