Privacy Notice
Last updated: June 28, 2026
1. Who we are
Plonk is operated by Plonk, an unincorporated business ("Plonk", "we", "us"). We act as the data controller for personal data collected through the Plonk service.
2. Data we collect and why
| Category | Examples | Purpose | Legal basis |
|---|---|---|---|
| Account data | Email, password hash, display name | Create and secure your account | Contract |
| Content | Prompts, generated sites, uploaded assets | Provide the service | Contract |
| Usage & telemetry | Pages viewed, feature usage, error logs | Improve and debug the service | Legitimate interests |
| Device & network | IP address, browser, device identifiers | Security, fraud prevention, abuse detection | Legitimate interests |
| Support messages | Email content you send us | Respond to your inquiries | Legitimate interests |
| Marketing (if opted in) | Email address | Product updates and newsletters | Consent |
Payment information is collected and processed by our payment processor, Stripe. We don't receive or store your full card details.
3. Who we share data with
- Service providers (subprocessors) — hosting, database, AI inference, analytics, and customer-support tooling that operate the service on our behalf.
- Stripe (payment processor) — for processing payments, subscription billing, tax calculation, fraud prevention, and invoicing.
- Professional advisers — legal and accounting professionals, where needed.
- Authorities — where required by law, court order, or to protect rights and safety.
We do not sell your personal data.
4. International transfers
Our service providers may process data outside your home country, including in the United States. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses or adequacy decisions) for these transfers.
5. Data retention
We keep account and content data while your account is active and for a reasonable period afterwards to handle disputes, comply with legal obligations, and back up systems. We delete or anonymise data when it is no longer needed. You can request deletion at any time (see Your rights).
6. Security
We use appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, and audit logging. No system is perfectly secure, but we take reasonable steps to protect your data.
7. Cookies
We use essential cookies required to sign you in and remember your session. We may use limited analytics cookies to understand product usage. You can manage cookies through your browser settings.
8. Your rights
Depending on where you live, you may have the right to:
- access the personal data we hold about you;
- correct inaccurate data;
- request deletion of your data;
- restrict or object to certain processing;
- request a portable copy of your data;
- withdraw consent where processing is based on consent;
- lodge a complaint with your local data protection authority.
We aim to respond within one month. To exercise any of these rights, email hello@plonkai.app.
9. Children
Plonk is not directed to children under 13 (or under 16 in the EEA/UK). We don't knowingly collect their data.
10. Changes
We may update this notice. Material changes will be announced by email or in-app notice.
11. Contact
Email hello@plonkai.app.