NoticeWindow
Start tracking
Legal

Privacy Policy

Last updated: 14 June 2026

This policy explains what data NoticeWindow collects, why we collect it, how we use it and what rights you have over it. It is written in plain English on purpose. NoticeWindow is operated from the United Kingdom and complies with the UK GDPR and the Data Protection Act 2018.

1. Who we are

"NoticeWindow", "we" and "our" refer to the operator of noticewindow.co.uk. For any data protection questions, write to hello@noticewindow.co.uk.

2. What we collect

Account data

  • Email address, name, and a hashed password (or an OAuth identifier if you sign in with a provider).
  • Workspace name and role.

Renewal records you add

  • Supplier names or aliases, renewal dates, notice periods, recurring values and owner contact details that you enter.
  • Decisions you record against a renewal (renew, cancel, renegotiate, review later).

Billing data

  • Subscription status and plan. Payment card details are handled directly by Stripe and never stored on our servers.

Operational data

  • Email send logs (when a reminder went out, whether it was delivered, suppressed, or bounced).
  • Basic request logs for security and abuse prevention.

3. Why we collect it

  • To run the service: store your renewals, send the reminders, take payment.
  • To support you: reply to your messages and resolve issues.
  • To comply with legal obligations (tax records, fraud prevention).

The lawful bases we rely on are: performance of a contract, legitimate interests (security, support, basic analytics) and legal obligation.

4. What we do not do

  • We do not sell your data, ever. No ad networks, no data brokers.
  • We do not use your renewal records to train AI models, ours or anyone else's.
  • We do not track you across the web. We use minimal first-party analytics only.

5. Sub-processors

To deliver the service we share data with a small set of trusted providers:

  • Supabase (EU hosting). Database and authentication.
  • Stripe. Payment processing.
  • Mailgun. Outbound email delivery.
  • Cloudflare, DNS and edge runtime.

A current list of sub-processors and our Data Processing Agreement (DPA) is available on request from hello@noticewindow.co.uk.

6. How long we keep it

  • Account and renewal data: for as long as your account is active. After cancellation your workspace becomes read-only; we delete it 90 days after closure unless you ask us to delete it sooner.
  • Email send logs: 12 months.
  • Billing records: 7 years (UK tax requirement).

7. Your rights

Under UK GDPR you have the right to access, correct, export, restrict or delete the personal data we hold about you, and to object to certain processing. Email hello@noticewindow.co.uk and we will respond within one calendar month. You can also complain to the Information Commissioner's Office (ico.org.uk).

8. Security

All data is encrypted in transit (TLS) and at rest. Passwords are hashed with industry-standard algorithms. Access to production systems is restricted and logged.

9. Cookies

We use a small number of strictly necessary cookies to keep you signed in. We do not use advertising or third-party tracking cookies.

10. Changes

If we make a material change to this policy we will email account holders and update the "last updated" date at the top of this page.