Skip to main content
Planpath
Get Started

Privacy Policy

Last updated: 24 March 2025

1. Who we are

Planpath (“we”, “us”, “our”) is a business-to-business telecoms marketplace operated by Planpath. We are the data controller for the personal data described in this policy.

If you have questions about how we handle your data, contact us at support@planpath.com.

2. Data we collect

We collect personal data in the following ways:

2.1 Data you provide directly

  • Early access registration: name, business email address, and optionally your company name.
  • Account creation: name, email address, job title, and organisation details (company name, size, industry, address).
  • Requirements and proposals: telecoms requirement specifications, proposal details, and negotiation messages you submit through the platform.
  • Payment information: processed securely by Stripe. We do not store card numbers or payment credentials on our servers.

2.2 Data collected automatically

  • Authentication data: encrypted session tokens stored in secure, HTTP-only cookies to keep you signed in.
  • Analytics data: page views, feature usage events, and performance metrics collected via PostHog (product analytics) and Google Analytics (marketing analytics via Google Tag Manager). PostHog is configured to track identified users only; anonymous visitor tracking is not enabled.
  • Error data: application errors and performance traces collected via Sentry. All user text is masked by default and no personally identifiable information is sent automatically.
  • Device and browser information: browser type, operating system, screen resolution, and IP address (anonymised where possible).

3. Lawful basis for processing

Under UK GDPR, we process your data on the following bases:

  • Contract: to provide the marketplace service you have registered for, including matching requirements with providers, processing proposals, and managing your account.
  • Legitimate interests: to improve our platform, detect errors, prevent fraud, and communicate service updates. We balance our interests against your rights and only process data where the impact on you is minimal.
  • Consent: for marketing communications and non-essential cookies. You can withdraw consent at any time.
  • Legal obligation: to comply with applicable laws, including tax and financial record-keeping requirements.

4. How we use your data

  • Operating and improving the marketplace platform.
  • Matching customer requirements with suitable providers.
  • Processing lead purchases and payments via Stripe.
  • Sending transactional emails (account confirmations, requirement updates, proposal notifications) via Resend.
  • Analysing platform usage to improve features and performance.
  • Detecting and resolving technical errors.
  • Preventing fraud and ensuring platform security.

5. Who we share your data with

We share personal data only where necessary:

  • Service providers (marketplace): when a provider purchases a lead, they receive the requirement details you submitted. Providers cannot see your personal details until a lead is purchased.
  • Infrastructure partners: Supabase (database and authentication, EU-hosted), Vercel (hosting), Stripe (payments), Resend (email), Sentry (error monitoring), and PostHog (analytics, EU-hosted).
  • Google: anonymised analytics data via Google Tag Manager and Google Analytics 4.

We do not sell your personal data. We do not share it with third parties for their own marketing purposes.

6. International data transfers

Some of our infrastructure partners are based outside the UK. Where data is transferred internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA), and we only transfer data to countries with adequate levels of protection or to organisations with appropriate contractual protections.

7. How long we keep your data

  • Account data: retained while your account is active, then deleted within 90 days of account closure.
  • Early access registrations: retained until the platform launches and you either create an account or request deletion.
  • Requirement and proposal data: retained for the duration of the contract lifecycle plus 6 years for legal and financial record-keeping.
  • Analytics data: aggregated and anonymised after 26 months.
  • Error logs: automatically deleted after 90 days.

8. Your rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your data (subject to legal retention requirements).
  • Restrict processing in certain circumstances.
  • Data portability — receive your data in a structured, machine-readable format.
  • Object to processing based on legitimate interests.
  • Withdraw consent at any time where consent is the lawful basis.

To exercise any of these rights, email support@planpath.com. We will respond within one month.

9. Security

We take appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), row-level security on our database, secure HTTP-only authentication cookies, and role-based access controls. Payment processing is handled by Stripe, which is PCI-DSS Level 1 certified.

10. Cookies

We use cookies and similar technologies to operate the platform and analyse usage. For full details, see our Cookie Policy.

11. Children

Our platform is designed for business use and is not directed at individuals under 18. We do not knowingly collect personal data from children.

12. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email or a prominent notice on the platform. The “last updated” date at the top reflects the most recent revision.

13. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

  • Website: ico.org.uk
  • Telephone: 0303 123 1113

We would appreciate the opportunity to address your concerns before you contact the ICO — please reach out to support@planpath.com first.

Cookie preferences

We use cookies to improve your experience and analyse site usage. Essential cookies are always active. You can choose to accept analytics cookies or use essential cookies only.

Cookie Policy