Privacy Policy

Last updated: February 2026

PlanWatch.ie ("we", "our", "us") is operated by AMG Digital. We are committed to protecting your privacy. This policy explains what personal information we collect, how we use it, who we share it with, how we share it, and how we keep it safe — in accordance with the General Data Protection Regulation (GDPR) and Irish data protection law.

1. Data Controller

AMG Digital, trading as PlanWatch.ie, is the data controller for personal data collected through this website. If you have questions about this policy, contact us at hello@planwatch.ie.

2. Information We Collect

Information you provide directly:

• Account information: Email address when you sign up or subscribe
• Alert preferences: Locations and addresses you set for planning alerts
• Watched plans: Planning applications you choose to follow
• Contact submissions: Name, email, and message content when you contact us

Information collected during payment:

• Payment details: When you subscribe to a paid plan, your payment card details, billing address, and email are collected directly by our payment processor, Stripe. We do not receive, process, or store your full card number, CVV, or other sensitive payment credentials on our servers.
• Billing identifiers: We store a Stripe customer ID linked to your account so we can manage your subscription (upgrades, cancellations, billing portal access). We also store your subscription plan and billing status.

Information collected automatically:

• Usage data: IP address, browser type, pages visited, search queries, and timestamps
• Session data: Authentication tokens to keep you logged in
• Analytics data: Page views and feature usage via Google Analytics (anonymized)

3. How We Use Your Information

We use the information we collect to:

• Provide our service: Process planning searches, deliver alert notifications, and display planning application data
• Process payments: Create and manage subscriptions, process upgrades and cancellations, and provide billing history via Stripe
• Communicate with you: Send planning alert emails, magic link login emails, subscription confirmations, and respond to support requests
• Improve our service: Analyse anonymized usage patterns to improve search quality, fix bugs, and develop new features
• Prevent abuse: Rate-limit searches, detect fraudulent activity, and enforce our terms of service
• Comply with legal obligations: Maintain records as required by Irish and EU law

4. Who We Share Your Information With

We share your information with the following third parties, solely for the purposes described:

• Stripe (payment processing): When you subscribe to a paid plan, your email address is shared with Stripe to create a customer account. Stripe collects your payment card details directly on their hosted checkout page — this data never passes through our servers. Stripe processes payments, manages subscriptions, and handles billing. Stripe's use of your data is governed by the Stripe Privacy Policy.
• Resend (email delivery): Your email address is shared with Resend to deliver transactional emails including login links, alert notifications, and subscription confirmations. Resend's use of your data is governed by the Resend Privacy Policy.
• Google Analytics (website analytics): Anonymized usage data (pages visited, session duration) is collected by Google Analytics to help us understand how users interact with our service. No personally identifiable information is sent to Google. Google's use of this data is governed by the Google Privacy Policy.

We do not sell, rent, or trade your personal data to any third party. We do not share your data with advertisers or data brokers.

5. How Information Is Shared

Data is transmitted to third parties via:

• Encrypted API calls: All data shared with Stripe and Resend is transmitted over HTTPS/TLS encrypted connections via their official APIs
• Client-side redirect: When you subscribe, you are redirected to Stripe's hosted checkout page where you enter payment details directly with Stripe — your card information never touches our servers
• Webhooks: Stripe sends encrypted webhook notifications to our server to confirm successful payments, subscription changes, and cancellations
• Analytics tags: Google Analytics collects anonymized data via a JavaScript tag loaded in your browser

6. Legal Basis for Processing

We process your data based on:

• Contract: To provide the services you've subscribed to (account management, alerts, search, billing)
• Consent: For optional communications beyond service delivery
• Legitimate interest: To improve our service, prevent fraud, and ensure security
• Legal obligation: To comply with Irish and EU law, including tax and financial regulations

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encryption in transit: All connections to PlanWatch.ie use HTTPS/TLS encryption. Data shared with third-party services is transmitted over encrypted channels.
• Secure authentication: We use passwordless magic link authentication — no passwords are stored. Session tokens are cryptographically generated and expire automatically.
• Payment security: Payment card details are collected and processed exclusively by Stripe, a PCI DSS Level 1 certified payment processor. We never receive, transmit, or store your card details.
• Access controls: Access to production systems and databases is restricted to authorised personnel only.
• Infrastructure security: Our servers use firewall rules, automatic security updates, and encrypted database backups.
• Regular reviews: We conduct regular security reviews of our codebase and infrastructure.

8. Data Retention

• Account data: Retained for as long as your account is active. If you delete your account, we delete your personal data within 30 days.
• Payment records: Billing records and Stripe customer IDs are retained for 7 years to comply with Irish tax and financial record-keeping obligations.
• Usage logs: Server logs containing IP addresses are retained for 90 days, then deleted.
• Analytics data: Google Analytics data is retained for 14 months.

9. Your Rights (GDPR)

Under GDPR, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a machine-readable format
• Object: Object to processing based on legitimate interest
• Restrict: Restrict how we process your data
• Withdraw consent: Where processing is based on consent, withdraw it at any time

To exercise any of these rights, email hello@planwatch.ie. We will respond within 30 days.

10. Cookies

We use the following cookies:

• Essential cookies: Session authentication tokens to keep you logged in. These are strictly necessary and cannot be disabled.
• Preference cookies: To remember settings such as cookie consent and display preferences.
• Analytics cookies: Google Analytics cookies (_ga, _gid) to collect anonymized usage statistics. These can be blocked via your browser settings.

We do not use third-party advertising or tracking cookies.

11. International Transfers

Your data is primarily processed within the EU/EEA. Some of our third-party providers (Stripe, Google) may process data in the United States under appropriate safeguards including Standard Contractual Clauses (SCCs) and adequacy decisions. Resend processes data in the United States under SCCs.

12. Children's Privacy

PlanWatch.ie is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

13. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via email to registered users. The "last updated" date at the top of this page indicates when the policy was last revised.

14. Complaints

If you're unhappy with how we handle your data, you have the right to lodge a complaint with the Irish Data Protection Commission:

• Website: www.dataprotection.ie
• Phone: +353 (0)1 765 0100 / 1800 437 737
• Email: info@dataprotection.ie