Introduction
This Privacy Policy describes how PolicyStack ("we", "us", or "our") collects, uses, and shares information about you when you use our services. Effective Date: 2026-05-12.
If you have questions about this policy, please contact us at jamie@openpolicy.sh.
Information We Collect
We collect the following categories of personal data for the purposes described below. Under GDPR Article 6, we rely on the lawful bases shown for each processing purpose:
| Category | Fields collected | Purpose | Lawful basis |
|---|---|---|---|
| Account Information | Name, Email address | To authenticate you, send service notifications, and provide customer support | Performance of a contract (Article 6(1)(b)) |
| Session Data | IP address, User agent | To secure sessions, detect abuse, and diagnose service issues | Legitimate interests (Article 6(1)(f)) |
| Usage Data | Pages visited, Referrer | To understand how the product is used and improve the experience | Legitimate interests (Article 6(1)(f)) |
Right to Withdraw Consent
Where we rely on your consent for any processing of your personal data, you have the right to withdraw that consent at any time by contacting us at jamie@openpolicy.sh. Withdrawing your consent does not affect the lawfulness of any processing we carried out before you withdrew it. Where consent is required to provide a particular feature or service, withdrawing it may mean we are no longer able to offer that feature or service.
Automated Decision-Making and Profiling
We do not engage in automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you within the meaning of GDPR Article 22.
Data Retention
We retain your data for the following periods:
| Category | Retention period |
|---|---|
| Account Information | Until account deletion |
| Session Data | Until session expiry |
| Usage Data | 13 months |
Whether You Are Required to Provide This Data
For each category of personal data we collect, we set out below whether you are required to provide it — by law, under our contract with you, or as a precondition to entering into a contract — or whether provision is voluntary, together with the consequences of failing to provide it.
| Category | Requirement | Consequences |
|---|---|---|
| Account Information | Required to enter into a contract | We cannot create or operate your account. |
| Session Data | Required to enter into a contract | We cannot secure the service or your session. |
| Usage Data | Required to enter into a contract | We cannot understand product usage to improve the service. |
Third-Party Services
We do not share your personal information with third parties except as required by law.
Your Rights
You have the following rights regarding your personal data:
- Right to access your personal data
- Right to correct inaccurate data
- Right to request deletion of your data
- Right to receive your data in a portable format
- Right to restrict how we process your data
- Right to object to processing
- Right to opt out of the sale of your personal information
- Right to non-discriminatory treatment for exercising your rights
GDPR Supplemental Disclosures
This section applies to individuals in the European Economic Area (EEA) under the General Data Protection Regulation (GDPR).
Data Controller: PolicyStack Ltd, 86-90 Paul Street, London, EC2A 4NE, United Kingdom
We have not appointed a Data Protection Officer. Our processing activities do not meet the thresholds in GDPR Article 37(1) that would require one. For any questions about this policy or how we handle your personal data, please use the contact details above.
You have the right to lodge a complaint with the data protection supervisory authority in your country of residence, place of work, or place of the alleged infringement. A list of EEA supervisory authorities is available at edpb.europa.eu/about-edpb/about-edpb/members_en.
Where we transfer your personal data outside the EEA, we rely on one or more of the safeguards permitted under Chapter V of the GDPR: (a) transfers to countries the European Commission has determined provide an adequate level of data protection (the current list is published at commission.europa.eu/.../adequacy-decisions_en); (b) Standard Contractual Clauses (SCCs) adopted by the European Commission under Article 46(2)(c); and (c) Binding Corporate Rules approved under Article 47 where applicable. You may request further information about the specific safeguards applied to a particular transfer by contacting us at jamie@openpolicy.sh.
UK Privacy Rights (UK-GDPR)
This section applies to individuals in the United Kingdom under the UK General Data Protection Regulation (UK-GDPR), as tailored by the Data Protection Act 2018.
Data Controller: PolicyStack Ltd, 86-90 Paul Street, London, EC2A 4NE, United Kingdom
We have not appointed a Data Protection Officer. Our processing activities do not meet the thresholds in GDPR Article 37(1) that would require one. For any questions about this policy or how we handle your personal data, please use the contact details above.
The supervisory authority for data protection in the UK is the Information Commissioner's Office (ICO). If you believe we have not handled your data in accordance with UK data protection law, you have the right to lodge a complaint with the ICO at ico.org.uk/make-a-complaint.
If we transfer your personal data outside the United Kingdom, we ensure appropriate safeguards are in place in accordance with the UK-GDPR, including the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses where applicable.
California Privacy Rights (CCPA)
If you are a California resident, you have the following additional rights:
- Right to Know — You may request disclosure of the personal information we collect, use, and share about you.
- Right to Delete — You may request deletion of personal information we have collected about you.
- Right to Opt-Out — You may opt out of the sale of your personal information.
- Right to Non-Discrimination — We will not discriminate against you for exercising your CCPA rights.
Submitting requests. To exercise any of these rights, contact us using one of the methods below. We will respond within the timeframes required by CCPA §1798.130.
- Email: jamie@openpolicy.sh
Contact Us
Contact us:
- Legal Name: PolicyStack Ltd
- Address: 86-90 Paul Street, London, EC2A 4NE, United Kingdom
- Email: jamie@openpolicy.sh