{# Pre-built Tailwind bundle + project custom styles. Replaces the old cdn.tailwindcss.com script so we can drop 'unsafe-inline' from the CSP. Rebuild with `.venv/bin/tailwindcss -i tailwind_src/input.css -o static/css/app.css --minify`. #}
C
Fill in the sidebar to personalise, or scroll down to read the raw template (placeholders shown as {{ ORG_NAME }}). 
# Privacy Notice — {{ ORG_NAME }}

**Effective date:** {{ EFFECTIVE_DATE }}

This notice explains how **{{ ORG_NAME }}** ("we", "us") collects and uses
personal data. It is written for the general public and for anyone whose
data we process. If anything is unclear, contact us at
**{{ CONTACT_EMAIL }}** and we will help.

## 1. What we collect

We collect only the data we need to provide our service:

- **Identity & contact**: name, email address, phone number where given
- **Service-use data**: records of your interactions with our service
- **Communications**: emails or messages you send us

We do **not** collect special-category data (health, biometrics,
political views, religion, sexual orientation) unless explicitly told
otherwise in a separate consent screen.

## 2. Why we collect it (lawful basis)

| Purpose | Lawful basis |
|---|---|
| Providing the service you signed up for | Contract |
| Replying to your support enquiry | Legitimate interest |
| Sending occasional service updates | Legitimate interest, with opt-out |
| Marketing | Consent (you can withdraw any time) |

## 3. How long we keep it

We retain personal data for **{{ RETENTION_DEFAULT }} days** by default,
unless a longer period is required by law (for example, accounting
records that must be kept for tax purposes). After that we delete or
anonymise it.

## 4. Who sees it

Personal data stays inside {{ ORG_NAME }} except where we use trusted
processors (cloud hosting, email delivery, payment processing). We have
written data-processing agreements with each of those processors. We
never sell personal data.

## 5. Your rights

Under applicable data-protection law you have the right to:

- access the personal data we hold about you;
- ask us to correct it if it is wrong;
- ask us to delete it, where there is no overriding legal reason to keep it;
- object to certain processing (for example, marketing);
- withdraw consent you have given us;
- complain to your data-protection authority if you think we have got it wrong.

## 6. How to exercise your rights

Email **{{ CONTACT_EMAIL }}** with the subject "Data request" and tell
us what you would like. We will reply within **30 days**. We may need
to confirm your identity before acting on a request — this protects
you from impersonators.

## 7. Security

We protect personal data with appropriate technical and organisational
measures, including access controls, encrypted transport (HTTPS), and
encrypted backups. No system is perfect; if we discover a breach that
puts you at risk we will notify you and the relevant authority within
72 hours where the law requires.

## 8. Changes to this notice

We will update this notice when our practices change and post the
revised version on our website with a new effective date.

## 9. Contact

**{{ ORG_NAME }}**
Data protection contact: **{{ CONTACT_EMAIL }}**