Privacy Policy

Last updated: February 2026

Who we are

This website ("UK Inquiry Tracker" or "the Service") is an independent service tracking the implementation of recommendations from UK public inquiries.

The data controller is Matt Lewsey LTD (ICO registration number ZC064261). For data protection queries, please use our contact form.

What data we collect

Account information

• Email address and password: Collected when you create an account, used for authentication and email communications.
• Profile preferences: Digest frequency, timezone, home constituency — stored to personalise your experience.
• Watchlist data: The inquiries, recommendations, and other items you choose to watch.
• Saved searches: Search queries you choose to save for later.

Payment information

• Billing: Payment is processed by Stripe. We do not store card numbers, bank details, or other payment credentials. We store only your Stripe customer ID to manage your subscription.

Information you provide

• AI Q&A questions: When you use the "Ask the Data" feature, your questions are processed to generate responses. We do not permanently store your questions or the conversation history beyond your browser session.
• Contact form: Name, email, organisation, and message are stored when you submit a contact enquiry.

Information collected automatically

• Server logs: Like most websites, our servers automatically collect information including your IP address, browser type, referring page, and the date/time of your visit. These logs are used for security and to understand how the site is used.
• Cookies: We use essential cookies to make the website function properly. See our Cookie Policy for details.

Logged-in user activity

• Page views: When you are signed in, we record which pages you visit and when. This data is associated with your account.
• Session duration: We compute how long you spend on the site per session based on page view timestamps.
• Actions: We record certain actions you take, such as search queries, filter usage, data exports, and watchlist changes.
• Purpose: This data helps us understand how the site is used, which features are valuable, and where to prioritise improvements.
• Retention: Activity data is automatically deleted after 90 days.
• Export: All activity data is included when you export your data.
• Deletion: Activity data is permanently deleted when you delete your account.

How we use your data

We use the information we collect to:

• Provide and maintain the Service
• Authenticate your account and manage your subscription
• Send digest emails about changes to your watched items (with your consent)
• Respond to your questions via the AI feature
• Monitor and analyse usage to improve the Service
• Detect and prevent security issues

Legal basis for processing

• Contract: Account management, subscription processing, and service delivery.
• Consent: Email digest notifications (you can withdraw consent at any time via Account Settings).
• Legitimate interest: Security logging, service improvement, and fraud prevention.

Third-party services

We use the following third-party services to operate the Service. Each acts as a data processor under a data processing agreement.

Payment processing

Subscriptions are processed by Stripe. When you subscribe, your payment details are collected and processed directly by Stripe. Their privacy policy: stripe.com/gb/privacy

AI Question Answering

Our AI-powered Q&A feature uses Google's Gemini API to process your questions. When you submit a question:

• Your question and relevant database context are sent to Google's servers for processing
• Google's privacy policy applies to this processing: policies.google.com/privacy
• We do not send any personal information beyond the question text itself

Email delivery

Digest emails are sent via Resend. Their privacy policy: resend.com/legal/privacy-policy

Analytics

We use GoatCounter, a privacy-respecting analytics service that does not use cookies and does not collect personal data. GoatCounter provides aggregate traffic statistics only. Their privacy policy: goatcounter.com/help/privacy

Hosting

This website is hosted on Railway. Their privacy policy: railway.app/legal/privacy

Data retention

• Account data: Retained while your account is active. Deleted within 30 days of an account deletion request.
• AI conversations: Not stored permanently; cleared when you close your browser or click "Clear".
• Activity data (logged-in users): Automatically purged after 90 days.
• Server logs: Retained for up to 30 days for security purposes.
• Contact enquiries: Retained for 12 months then deleted.
• Deletion audit records: Email address and timestamp only, retained for 6 years for legal compliance.

Your rights

Under UK GDPR, you have the right to:

• Access your personal data — download your data from Account Settings
• Rectification — request correction of inaccurate data
• Erasure — delete your account from Account Settings
• Restrict processing — you can disable digest emails at any time
• Data portability — export your data as JSON from Account Settings
• Object to processing — contact us to object to any processing
• Lodge a complaint with the Information Commissioner's Office (ICO)

To exercise any right not available through self-service, please contact us. We will respond within 30 days.

Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. For material changes, we will notify registered users by email.