Privacy Policy
Last updated: 7 April 2026
1. Data Controller
The data controller for your personal data is Chxrles LTD, trading as Pip Decks. Company number 11587388, registered in England and Wales.
Registered address: Merchants House, Market Place, Stockport, England, SK1 1EU.
For data protection queries, contact us at support@pipdecks.com.
2. Data We Collect
| Data Type | Examples | Legal Basis |
|---|---|---|
| Account information | Name, email address, profile picture | Contract performance |
| Authentication data | OAuth tokens, sign-in method (Google/Apple/email) | Contract performance |
| Conversation data | Messages you send to Pip and responses received | Contract performance |
| Payment data | Subscription status, billing history (card details held by Stripe) | Contract performance |
| Usage data | Pages visited, features used, session duration | Legitimate interest / Consent |
| Device data | Browser type, operating system, screen size | Legitimate interest |
| Marketing preferences | Email subscription status, consent choices | Consent |
3. How We Use Data
We use your personal data to:
- Provide and maintain the Pip coaching service
- Process your subscription payments
- Send transactional emails (account confirmations, billing receipts)
- Send marketing communications (only with your consent)
- Analyse usage patterns to improve the Service (only with your consent for analytics cookies)
- Detect and prevent fraud or abuse
- Comply with legal obligations
4. Conversation Data Handling
Your conversations are NOT used to train AI models.
When you chat with Pip, your messages are sent to Anthropic's Claude API to generate responses. Under our data processing agreement with Anthropic, your conversation data is not used by Anthropic to train or improve their AI models.
Anthropic may temporarily retain conversation data for up to 30 days for trust and safety purposes (such as detecting abuse), after which it is deleted.
Your conversation history is stored in our database (Firebase/Google Cloud) so you can access previous chats. You can request deletion of your conversation history at any time.
5. Third-Party Processors
We share your data with the following processors, each under appropriate data processing agreements:
| Processor | Purpose | Data Shared |
|---|---|---|
| Anthropic | AI conversation processing | Chat messages |
| Stripe | Payment processing | Email, payment card details |
| Firebase / Google Cloud | Authentication and database | Account data, conversations |
| Vercel | Hosting and edge delivery | IP address, request data |
| PostHog | Product analytics (with consent) | Usage events, device info |
| Resend | Transactional email | Email address |
| Klaviyo | Marketing email (with consent) | Email address, name |
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data and conversation history | Duration of account + 30 days after deletion |
| Payment and billing records | 7 years (legal requirement) |
| Analytics data | 26 months |
| Cookie consent preferences | 365 days |
When you delete your account, we will remove or anonymise your personal data within 30 days, except where we are required by law to retain it (such as payment records).
7. Your Rights (UK GDPR)
Under UK data protection law, you have the right to:
- Access your personal data (Subject Access Request)
- Rectify inaccurate or incomplete data
- Erase your personal data ("right to be forgotten")
- Restrict processing of your data in certain circumstances
- Data portability: receive your data in a machine-readable format
- Object to processing based on legitimate interest
- Withdraw consent at any time where processing is based on consent
To exercise any of these rights, contact us at support@pipdecks.com. We will respond within 30 days.
If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.
8. International Transfers
Some of our processors (including Anthropic, Stripe, Google Cloud, and Vercel) are based in the United States. Where your data is transferred outside the UK, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses (SCCs) approved by the UK government
- The processor's adherence to recognised data protection frameworks
- Data processing agreements that require equivalent levels of protection
9. Cookies
We use the following types of cookies:
- Essential cookies: Required for authentication and core functionality. Cannot be disabled.
- Analytics cookies: Help us understand how you use the Service (PostHog). Only set with your consent.
- Marketing cookies: Used for email marketing attribution (Klaviyo). Only set with your consent.
You can manage your cookie preferences at any time using the cookie consent banner or by contacting us.
10. Children's Privacy
The Service is not intended for children under 16. We do not knowingly collect personal data from anyone under 16 years of age.
If you believe a child under 16 has provided us with personal data, please contact us at support@pipdecks.com and we will promptly delete it.
11. Security
We take reasonable technical and organisational measures to protect your personal data, including:
- Encryption in transit (TLS/HTTPS) and at rest
- Secure authentication via Firebase Auth (Google, Apple, email)
- Access controls limiting who can view your data
- Regular security reviews of our infrastructure
No system is completely secure. If you discover a security vulnerability, please report it to support@pipdecks.com.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Service.
Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.