Privacy Policy

For the purposes of UK and EU data protection law, the Company is the data controller in respect of the personal data described in this Privacy Policy.

Contact: You may contact us via the in-app contact form.

This Privacy Policy applies to personal data processed in connection with:

• creating and using a PyDrills account;
• subscribing and paying for the Service;
• using the Service (including usage, device, and log data);
• contacting us through the in-app contact form; and
• cookies and similar technologies used on the Service.

We collect personal data in the following categories (depending on how you use the Service):

3.1 Account and profile data

• Name (if provided)
• Email address
• Username / account identifier
• Account settings and preferences

3.2 Payment and transaction data (Stripe)

• Subscription status, plan, billing cycle
• Payment confirmation, charge and refund status (if any), invoices/receipts
• Billing country/region and limited billing details (if provided)

Card details: Payment card details are processed by Stripe. We do not store full payment card numbers on our servers.

3.3 Usage and technical data

• IP address
• Device type, browser type, operating system
• App events and usage patterns (e.g., features used, timestamps)
• Log data (e.g., error logs, diagnostic data)
• Approximate location inferred from IP (country/region)

3.4 Content you submit to the Service

• Information you submit through forms or inputs (e.g., prompts, text, files, or other content) where applicable ("User Content")
• Messages and attachments sent via the in-app contact form

3.5 Cookies and similar technologies

• Cookie identifiers and related device data
• Analytics and performance data (where enabled)

We process personal data for the following purposes:

1. Provide and operate the Service (account creation, authentication, feature delivery)
2. Process subscriptions and payments (billing, invoicing, payment status, fraud prevention)
3. Customer support and communications (respond to enquiries via contact form)
4. Service improvement and development (troubleshooting, performance analytics, feature optimisation)
5. Security and fraud prevention (abuse detection, access control, monitoring, enforcement of Terms)
6. Legal compliance (tax, accounting, lawful requests, dispute handling)
7. Marketing (where permitted, e.g., product updates) — you can opt out at any time where applicable

Where UK GDPR / EU GDPR applies, we rely on the following legal bases:

• Contract: to provide the Service and perform our agreement with you (e.g., account, subscription).
• Legitimate interests: to secure and improve the Service, prevent fraud, and maintain reliability (balanced against your rights).
• Legal obligation: to comply with applicable laws (e.g., accounting/tax, lawful requests).
• Consent: for certain cookies and (where required) certain marketing communications. You can withdraw consent at any time.

We may disclose personal data to:

6.1 Service providers (processors)

Third parties that help us provide the Service, such as:

• Payment processing: Stripe
• Hosting/infrastructure: cloud hosting, storage, and content delivery providers
• Analytics and monitoring: performance and error monitoring providers
• Customer support tooling: ticketing/helpdesk tools (if used)

These providers are authorised to process personal data only as necessary to provide services to us and are contractually required to safeguard it.

6.2 Legal and compliance disclosures

We may disclose personal data where we reasonably believe it is necessary to:

• comply with law, regulation, legal process, or lawful request;
• enforce our Terms or protect rights, safety, and security; or
• detect, prevent, or address fraud, abuse, or technical issues.

6.3 Corporate transactions

If we are involved in a merger, acquisition, restructuring, or sale of assets, personal data may be transferred as part of that transaction, subject to appropriate safeguards.

6.4 We do not "sell" personal data

We do not sell personal data for money. If you are in a jurisdiction that defines "sale" or "share" broadly (e.g., some US state laws), see Section 12.

Because we serve users globally and use global service providers, your personal data may be processed in countries outside the UK/EU, including jurisdictions that may not provide the same level of data protection.

Where UK/EU data protection law applies and we transfer personal data internationally, we use appropriate safeguards such as:

• UK International Data Transfer Addendum and/or EU Standard Contractual Clauses, and
• additional technical and organisational measures where appropriate.

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, including:

• to provide the Service;
• to comply with legal obligations (e.g., tax/accounting retention);
• to resolve disputes and enforce agreements; and
• to maintain security and prevent abuse.

Retention periods vary based on data type and legal requirements. When no longer needed, we delete or anonymise the data.

We implement reasonable technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. However, no system is 100% secure, and we cannot guarantee absolute security.

If you are located in the UK/EU (and certain other jurisdictions), you may have rights including:

• Access to your personal data
• Correction of inaccurate data
• Deletion (in certain circumstances)
• Restriction of processing (in certain circumstances)
• Objection to processing (in certain circumstances, especially where we rely on legitimate interests)
• Data portability (where applicable)
• Withdraw consent (where processing is based on consent)

To exercise rights, contact us via the in-app contact form. We may need to verify your identity before responding.

UK complaint right: You may lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have infringed data protection law.

We use cookies and similar technologies to:

• keep you signed in (where applicable),
• remember preferences,
• measure performance and usage, and
• improve reliability.

Where required by law, we will request your consent for non-essential cookies (such as analytics/advertising cookies). You can also manage cookies through your browser settings. Disabling certain cookies may affect Service functionality.

If you reside in a US state with specific privacy laws (e.g., California), you may have additional rights regarding:

• access, deletion, and correction of personal information;
• opting out of certain targeted advertising (sometimes called "sharing");
• non-discrimination for exercising privacy rights.

Sale/Sharing: We do not sell personal information for money. We do not knowingly share personal information for cross-context behavioural advertising in a manner that constitutes a "sale" or "share" under applicable law, except to the extent certain cookies/analytics might be interpreted that way. Where required, we provide opt-out mechanisms via cookie controls and/or settings.

Requests can be made via the in-app contact form.

The Service is intended for adults and is not directed to children. We do not knowingly collect personal data from children under 13 (or under 16 where applicable). If you believe a child has provided us personal data, contact us via the in-app contact form and we will take appropriate steps to delete it.

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties, and your use of them is subject to their policies.

We may update this Privacy Policy from time to time. Changes take effect when posted in the Service with an updated Effective Date. If changes are material, we will take reasonable steps to notify you.