Privacy Policy
Last updated: 20th October 2025
Company Name: costPrice+
Contact Email: [email protected]
1. Introduction
This Privacy Policy explains how costPrice+ (“we”, “our”, “us”) collects, uses, and protects personal information when you use our website and software platform (the “Service”).
We are committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We act as the Data Controller for personal data relating to our customers and website users.
2. Data We Collect
We may collect and process the following categories of personal data:
| Category | Examples | Purpose |
| Account Data | Name, business email, company name, password | To create and manage your account |
| Billing Data | Payment details, billing address | To process payments and subscriptions |
| Usage Data | Login history, feature usage, IP address, browser type | To improve the Service and maintain security |
| Support Data | Messages, emails, support tickets | To provide customer support |
| Marketing Data | Email preferences, interaction with marketing emails | To send relevant updates (only with consent) |
If you provide us with personal data relating to other individuals (such as employees or authorised users), you confirm that you have the authority to do so and have provided them with this Privacy Policy.
3. How We Use Personal Data
We use your information to:
- Provide, maintain, and improve our software and website
- Authenticate your access to the Service
- Process payments and issue invoices
- Respond to support requests
- Communicate important updates about the Service
- Comply with legal obligations
We will never sell your personal data.
4. Legal Basis for Processing
We process personal data under the following lawful bases:
- Contractual necessity – to provide our web app and related services
- Legitimate interests – to improve our platform and prevent fraud
- Legal obligation – to comply with tax or accounting laws
- Consent – for marketing emails or cookies where required
You can withdraw consent at any time by contacting us at [email protected].
5. How We Share Data
We only share data with trusted third-party service providers (“sub-processors”) who help us operate our Service, including:
Current sub-processors include (non-exhaustive):
| Sub-processor | Purpose | Location |
| Railway | Application hosting infrastructure | EU/US |
| MongoDB Atlas | Managed database hosting | EU/US |
| Stripe | Payment processing | EU/US |
| Google LLC | Analytics | EU/US |
All third-party providers are bound by Data Processing Agreements (DPAs) and Standard Contractual Clauses (SCCs) where data is transferred outside the UK.
6. Data Retention
We retain personal data only as long as necessary for the purposes outlined above, or as required by law.
If you close your account, we delete or anonymise data within 90 days, unless retention is required for legal or financial compliance.
7. Data Security
We use secure cloud infrastructure, encrypted connections (HTTPS), and access controls to protect your data.
In the unlikely event of a data breach, we will notify affected users and the ICO within 72 hours in accordance with legal requirements.
8. Your Rights
Under UK GDPR, you have the following rights:
- Access your personal data
- Request correction or deletion
- Restrict or object to processing
- Data portability
- Withdraw consent (where applicable)
To exercise any of these rights, email [email protected].
9. International Transfers
Where data is transferred outside the UK (e.g., to the US), we ensure adequate protection via the UK International Data Transfer Addendum or Standard Contractual Clauses.
10. Cookies
We use cookies to operate the Service and improve user experience.
For detailed information, see our Cookie Policy.
11. Contact & Complaints
If you have questions or complaints about this policy, contact:
[email protected]
If you are unsatisfied with our response, you have the right to complain to the Information Commissioner’s Office (ICO):
https://ico.org.uk/