Legal

Privacy Notice

Last updated: 21 April 2026

1. Who we are

Plott (“we”, “us”) operates the Plott SaaS platform at plott.uk. We are the “controller” for the personal data we process about our customers and their colleagues. Customers (typically construction, architecture, planning or property firms) are the controller for any personal data they upload and for their own outreach communications.

2. What personal data we process

  • Account data: name, work email, role, company name, and authentication identifiers (issued by Neon Auth).
  • Billing data: Stripe customer IDs, subscription status, VAT / tax IDs, billing address. We do not store card numbers; Stripe handles all payment card data as a PCI-DSS Level 1 processor.
  • Product usage: map searches, saved searches, generated letters, reminders, audit logs. Used to operate the service and detect abuse.
  • Uploaded assets: company logos, drawn/uploaded signatures, generated PDFs. Stored on Vercel Blob under tenant-scoped paths.
  • Third-party data about property owners and applicants:retrieved on-demand from public sources (HM Land Registry, PlanWire, Companies House, LPA portals). We cache minimally and expire data within 30 days.

3. Lawful bases (UK GDPR Art.6)

  • Contract — for operating your account and providing the service you subscribe to.
  • Legitimate interests — for security, anti-abuse, analytics, and product improvement.
  • Legal obligation — for statutory accounting, anti-money-laundering and tax records.
  • Consent — for optional analytics cookies and marketing emails, where applicable.

4. Sub-processors

We rely on the following sub-processors:

  • Vercel (hosting, Blob storage, Edge, EU regions)
  • Neon (Postgres database, EU region)
  • Neon Auth (authentication)
  • Stripe (payments & billing)
  • Resend (transactional email)
  • Upstash (Redis rate-limiting, EU region)
  • Google (Maps JavaScript API, Places, Street View)
  • Sentry and PostHog (error + product analytics, EU regions)
  • PropertyData (HM Land Registry title/proprietor lookups)
  • PlanWire (planning application enrichment)

Current sub-processor list is maintained at /legal/subprocessors. We notify customers of material changes at least 30 days in advance.

5. Data retention

  • Account + product data: retained while your subscription is active, and up to 90 days after cancellation to handle reactivation and statutory obligations.
  • Enrichment cache (applicant names, agent contacts from public sources): auto-expires after 30 days.
  • Billing records: retained for 7 years as required by UK tax law.
  • Audit logs: retained for 12 months.

6. International transfers

Primary data storage is in the EEA / UK. Where sub-processors transfer data outside the UK (e.g. Sentry US, Google global), we rely on the UK International Data Transfer Addendum and EU SCCs (2021/914) with appropriate safeguards.

7. Your rights

Under UK GDPR you have the right to access, rectify, erase, restrict processing, portability, and to object to processing. Email us at privacy@plott.uk. We respond within 30 days. You can also complain to the UK Information Commissioner's Office at ico.org.uk.

8. Security

We encrypt data in transit (TLS 1.2+) and at rest, isolate tenants via our data model, rate-limit our APIs, and require MFA for staff access. See our Trust Centre for the full security posture.

9. Contact

Plott Ltd, registered in England & Wales. Privacy enquiries: privacy@plott.uk.

Return home

Plott

Map-first planning intelligence for the UK construction, property and planning sector. Built in Britain, covering all 337 local planning authorities.

Product

  • How it works
  • Features
  • Pricing
  • Open app

Company

  • About
  • Contact

Legal

  • Privacy
  • Terms

Support

  • Support
  • Heritage Construction Group

Part of the Heritage Construction Group a professional construction company offering an array of building services across the London area and beyond.

© 2026 Plott · Built in the UK

hello@plott.uk

Plott
AboutPricingPrivacy
Sign inStart free trial