Last updated: 27 June 2026
Planur is operated by Planur Ltd, a company registered in England and Wales. We are the data controller for your personal data. This policy covers both the Planur app and this website, and is governed by the UK GDPR / EU GDPR. For any privacy question, use the Contact form on this website.
In the app, when you create an account and use Planur:
| Data | Why |
|---|---|
| Email and/or phone number | Sign-in via one-time code |
| Display name, and optionally date of birth / age band, gender, school, year group, subjects | Set up your planner and tailor it to you |
| Your content — timetable, assignments, to-dos, exams, sports fixtures, focus sessions, group-study plans | The core features of the app |
| Friends & contacts | If you choose to find friends, contacts are matched as one-way hashes — we never store your raw contacts. Connections and invites you create are stored. |
| Device push token | To send reminders and invites (Firebase Cloud Messaging) |
| Subscription status | To unlock paid plans (via RevenueCat and the app store). We never receive your card details. |
On this website, when you join the waitlist or contact us: first name, email, year group and country (waitlist), and the content of any message you send via the Contact form.
We do not collect your home/postal address, and we do not profile you or show third-party advertising.
Where consent is the basis, you can withdraw it at any time.
Planur is intended for students aged 13 and over. We follow the UK ICO’s Age Appropriate Design Code (the “Children’s Code”): we minimise the data we collect, default to high-privacy settings, do not profile children or serve them targeted advertising, and offer a Parent mode for guardian involvement. We do not knowingly collect data from children under 13 — if you are a parent or guardian and believe your child under 13 has provided us data, contact us and we will delete it.
Your data is stored securely in Supabase (EU region), which is GDPR-compliant and SOC 2 Type II certified. Data is encrypted in transit (HTTPS/TLS) and the app’s on-device database is encrypted at rest (AES-256). Backend access is restricted by authentication and row-level security. We do not store payment information.
We do not sell, rent or trade your personal data. We share it only with service providers (sub-processors) acting on our instructions:
Some providers (notably AI processing) may process data outside the UK/EEA, including in the United States. Where they do, we rely on appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses.
Under UK/EU GDPR you have the right to access, rectification, erasure, restriction, objection, data portability, and to withdraw consent. To exercise any right, use the Contact form on this website; we respond within 30 days. You can also complain to the Information Commissioner’s Office (ICO) at ico.org.uk (or your local EU supervisory authority).
You can delete your account and all associated data at any time — in the app via Profile → Delete account, or see theplanur.co.uk/delete-account for full instructions.
This website uses no tracking cookies, advertising cookies, or third-party analytics (no Google Analytics or similar). Fonts are self-hosted — no requests to Google Fonts or any external font service. Only strictly necessary browser storage is used.
When an account is deleted we keep only a one-way hash of your email/phone (a deletion record with no readable personal data) and records we are legally required to retain (e.g. billing records held by the app stores).
We may update this policy as Planur develops. If we make material changes we will update the date above and, where appropriate, notify you.
For privacy questions, use the Contact form on this website. You also have the right to complain to the ICO at ico.org.uk.