Legal
Privacy Notice
How Rasmere collects, uses, and protects your personal data under the UK GDPR.
Who we are
Rasmere ("we", "us", "our") is the data controller for personal data collected through the Rasmere planning risk intelligence service at rasmere.com. Rasmere is established in the United Kingdom and processes personal data under the UK GDPR and the Data Protection Act 2018. You can contact us at team@rasmere.com.
Personal data we collect
- Account data: name, email address, company (optional), password (hashed).
- Usage data: site addresses you submit, reports you generate, plan and credit usage, in-product activity.
- Support data: messages and attachments you send to our support team.
- Technical data: IP address, device and browser identifiers, log data, cookies and similar identifiers.
- Marketing data: preferences and consents for service updates and marketing emails.
Payment data (card number, billing address, tax ID) is collected and processed directly by our payment provider, Stripe. Rasmere does not see or store full card details.
How and why we use your data
- Provide the Service: create your account, generate reports, manage credits and subscriptions. Legal basis: performance of a contract.
- Customer support: respond to enquiries and resolve issues. Legal basis: legitimate interests / contract performance.
- Security and fraud prevention: detect abuse, secure accounts, and protect the Service. Legal basis: legitimate interests and legal obligations.
- Service improvement and analytics: understand how the Service is used and improve product quality. Legal basis: legitimate interests.
- Service communications: send transactional emails (receipts, account notices, important updates). Legal basis: contract performance.
- Marketing: send product updates and offers where you have opted in. Legal basis: consent (you can withdraw at any time).
- Legal compliance: meet our legal, accounting, and regulatory obligations. Legal basis: legal obligation.
International transfers
Where personal data is transferred outside the UK or European Economic Area, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, EU Standard Contractual Clauses, or an adequacy decision.
Data retention
We retain personal data only as long as necessary for the purposes set out in this notice. Account and report data is kept for as long as your account is active and for up to 24 months after closure. Billing and tax records are retained for 6 years to comply with UK tax law. Support records are generally retained for 24 months. Data is then deleted or anonymised.
Your rights
Under UK GDPR you have the right to:
- access your personal data;
- request correction of inaccurate data;
- request erasure of your data;
- restrict or object to certain processing;
- request portability of data you provided to us;
- withdraw consent at any time where processing is based on consent; and
- lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.
To exercise any of these rights, email team@rasmere.com. We will respond within one month.
Security
We use appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, hashed credentials, and regular review of our infrastructure. No system can be guaranteed completely secure; please notify us immediately if you suspect any unauthorised access to your account.
Changes to this notice
We may update this notice from time to time. Material changes will be communicated via the Service or by email. The "Last updated" date at the top reflects the latest revision.
Contact
For privacy questions or to exercise your rights, contact team@rasmere.com.
Questions
Anything unclear? Email team@rasmere.com and a real person will reply.