Privacy Policy for Plotwell

Last Updated: June 1, 2025

1. Introduction

Welcome to Plotwell ("we," "us," "our"). We provide a comprehensive management platform (the "Platform") for allotment sites ("Sites") and their communities.

This Privacy Policy explains how we collect, use, share, and protect your personal information. It also describes your rights regarding your data. This policy applies to all users of the Plotwell platform, including Site Administrators, tenants, and community members ("Users," "you").

A key aspect of our Platform is its multi-tenant nature. It is crucial to understand the roles:

• Plotwell (Data Processor & Controller): We act as the Data Controller for the information you provide to create your central Plotwell account. We act as a Data Processor on behalf of the Allotment Site Administrators for the data they manage about their specific tenants and members.
• Allotment Site Administrators (Data Controllers): Your local allotment management team is the Data Controller for the data related to your tenancy, membership, or waiting list status for their specific Site. They determine the purposes and means of processing that data.

2. Information We Collect

We collect information in the following ways:

a) Information You Provide Directly to Us:

• Account Registration: When you create a Plotwell account, we collect your name, email address, and a hashed password. This creates your central, portable account that you can use across different Sites.
• Communications: If you contact us directly for support or inquiries, we will collect your name, email address, and the content of your message.

b) Information Collected on Behalf of Site Administrators:

When you join a specific Allotment Site (as a tenant, member, or on a waiting list), the Site Administrator may collect additional information from you via our Platform, such as:

• Contact details (e.g., phone number, postal address).
• Plot number and tenancy start/end dates.
• Membership status and renewal dates.

This information is controlled by the Site Administrator and is linked to your central Plotwell account for ease of access.

c) Information from Third-Party Services:

• Payment Information (Pro Plan): For Sites on our Pro Plan, we use Stripe to process payments for rent and membership fees. We do not store your credit card details on our servers. Stripe processes your payment, and we receive a transaction confirmation, which may include your name, the amount paid, and the payment date. Your payment information is subject to Stripe's Privacy Policy.

d) Information We Collect Automatically:

• Log and Usage Data: Like most websites, we automatically collect information when you access our Platform, including your IP address, browser type, operating system, pages visited, and the dates/times of your visits. This is stored in server logs (e.g., activity_log, sessions).
• Cookies: We use cookies to operate and administer our site, including keeping you logged in and understanding site usage. You can manage cookie preferences through your browser settings.

3. How We Use Your Information

We use your information for the following purposes:

• To Provide and Maintain the Service: To create and manage your account, facilitate your connection to Allotment Sites, process payments, and provide core features like digital membership cards and event notifications.
• To Manage Our Relationship with Site Administrators: To manage subscriptions, provide support, and administer the service.
• To Enable Site Administrators: To provide them with the tools they need to manage their plots, tenants, members, waiting lists, and communications.
• For Communication: To send you service-related notifications (e.g., password resets, security alerts) and to allow Site Administrators to send you relevant news and event updates for their Site.
• For Security and Compliance: To monitor for and prevent fraudulent activity, enforce our terms, and comply with legal obligations.
• For Future Services: As noted in our README, we may use your account information to offer you new, optional services in the future, such as premium plot planners.

4. How We Share Your Information

We do not sell your personal data. We share it only in the following circumstances:

• With Allotment Site Administrators: When you join or apply to join a Site, we share your relevant account and profile information with that Site's Administrator so they can manage their community.
• With Service Providers: We work with third-party service providers for hosting, payment processing (Stripe), email delivery, and other services. These providers are only given access to the information necessary to perform their functions and are contractually obligated to protect your data.
• For Legal Reasons: We may disclose your information if required by law, subpoena, or other legal process, or if we have a good faith belief that disclosure is necessary to protect our rights, your safety, or the safety of others.
• In Case of Business Transfer: If Plotwell is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Your Data Rights (GDPR)

You have specific rights regarding your personal data. The process for exercising these rights depends on whether the data is controlled by us or a Site Administrator.

• Right to Access, Rectify, or Erase:

  • For your core Plotwell account (name, email), you can access and update this information in your account settings or by contacting us at [[email protected]].
  • For data related to your tenancy or membership with a specific Site, please contact the Site Administrator directly. They are the Data Controller and are responsible for managing that data.

• Right to Data Portability: You have the right to receive a copy of your personal data in a machine-readable format. Please contact us for your core account data, and the relevant Site Administrator for your site-specific data.

• Right to Object or Restrict Processing: You can object to the processing of your data in certain circumstances. Please direct your request to the relevant Data Controller (us or the Site Administrator).

• Right to Withdraw Consent: Where we rely on consent, you can withdraw it at any time.

To exercise your rights for data controlled by a Site Administrator, you should refer to their contact information, which should be available on their public-facing site page.

6. Data Security and Retention

We implement industry-standard technical and organisational measures to protect your data from loss, misuse, and unauthorised access. All data is stored on encrypted servers, and access is strictly limited.

We retain your core Plotwell account data for as long as your account is active. Data controlled by a Site Administrator is retained according to their own policies and for as long as they remain a client of our Platform. When an account is deleted, we will remove personal data in accordance with our data deletion protocols.

7. Children's Privacy

Our service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will take steps to delete such information.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and, where appropriate, through email.

9. Contact Us

If you have any questions about this Privacy Policy or our data practices:

• For questions about your Plotwell account, please contact us at: [email protected].
• For questions about your data at a specific Allotment Site, please contact your Site Administrator.