Skip to main content
Samaritans: 116 123

Privacy

Last updated: 26 April 2026

The short version

  • Almost everything you write in Connect & Support — your Safety Plan, mood logs, body scans, sand-tray scenes, compassion letters, mandalas — stays on this device only. We never see it. It never leaves your phone or browser.
  • We don't use tracking cookies. We don't share anything with Google, Meta, or advertising networks.
  • We count anonymous page views through Vercel (our hosting provider) to see how the app is being used. No names, no emails, no IP addresses.
  • If you subscribe to Premium, your payment details are handled by Stripe — we never store your card number.

Who we are — the data controller

Under UK GDPR Article 4(7), the “data controller” is the person or organisation that decides how and why your personal data is processed. For Connect & Support UK, the data controller is:

Play North West CIC
A Community Interest Company registered in England and Wales.
Email: hello@playnorthwestcic.com
Website: playnorthwestcic.com

Play North West CIC is the only entity that decides what data this app collects, what it's used for, and how long it stays. Any privacy question — access, correction, erasure, complaint — comes to us at the email above.

Companies House registration: 15796794 (community interest company, England and Wales).

Play North West CIC is registered with the Information Commissioner's Office (ICO) under reference C1915738 and is exempt from the data protection fee. We are the data controller for this app and are fully bound by the UK GDPR and the Data Protection Act 2018.

What we collect, why, and where it lives

On your device (never sent to us)

When you use the app's tools — Safety Plan, TIPP, Urge Surf, Breathing, Grounding, Body Scan, Feelings Wheel, Sand Tray, Three Good Things, Compassion Letter, Mandala Maker, Heartbeat Tapper, Resonance Garden, Behavioural Activation, CBT-I, Fall — anything you type or save is stored in your browser's localStorage. That's a small, private store inside your browser. We don't have access to it. It doesn't travel over the internet.

Retention:until you clear it yourself, or until your browser clears it (some phones — including iPhones — clear it after about a week of you not using the app). To see everything that's saved, go to Me → Your data.

Lawful basis:Article 6(1)(b) — necessary to provide the service you've asked for. Things like your Safety Plan or mood logs are health data. You give consent to store them just by choosing to save them here. That's Article 9(2)(a).

Account data (only if you sign up for Premium)

Today, Connect & Support works entirely without an account. Premium features exist but are mocked locally — no real subscription flow yet. When we turn real Premium on, we'll store: your email address, a hashed password, and your subscription status. Your email is used to deliver the account itself (Article 6(1)(b)) and to contact you about your subscription (Article 6(1)(f) — legitimate interest).

Anonymous usage (Vercel Analytics)

We use Vercel Analytics — our hosting provider's first-party, cookieless page-view counter. It doesn't store your IP address, doesn't set cookies, and doesn't follow you around the web. We see counts like “120 people opened /calm today” — not who you are. Two custom anonymous events fire: “signup” (with a tag showing free / premium) and “premium_upgrade”. Neither carries your email, name, or device ID.

Lawful basis: Article 6(1)(f) — legitimate interest in understanding whether the service is reaching people. The anonymity and lack of cookies means the impact on you is negligible.

Location (only if you ask for it)

The "Find Services" map uses your device's location only if you tap Enable location. If you don't, it defaults to Liverpool and tells you so clearly. Location is processed in your browser and never sent to our servers — the list of services lives in the app and the browser does the distance maths locally. Mapbox (the map provider) sees anonymous map-tile requests; see “Who else touches the data” below.

Payment (only if you subscribe)

When Premium subscriptions go live, payment will be processed by Stripe. Your card details go directly to Stripe — we never see or store them. Stripe tells us only that a payment succeeded so we can mark your account as Premium.

Who else touches the data

  • Vercel Inc. (USA)— hosts the app + runs Vercel Analytics. Sees anonymous page requests. Covered by Vercel's Data Processing Agreement and UK IDTA / Standard Contractual Clauses.
  • Mapbox Inc. (USA) — serves map tiles when you use the map view of /services. Sees anonymous tile requests; does not see any Connect & Support user data.
  • Stripe Payments Europe Ltd (Ireland) + Stripe Inc. (USA) — will process payments when Premium goes live. Sees your payment details, not your in-app journal content.

We don't use Google Analytics, Meta Pixel, advertising SDKs, or any marketing trackers.

Your rights

UK GDPR gives you the right to:

  • See what we hold about you (Article 15).
  • Correct anything that's wrong (Article 16).
  • Ask us to erase your data (Article 17). For on-device data you can do this yourself right now by tapping the "Clear all my data on this device" button on Your data.
  • Get a copy of your data in a portable format (Article 20). The same "Your data" page exports everything as JSON.
  • Object to processing or withdraw consent (Articles 21–22).

To exercise any of these, email hello@playnorthwestcic.com. We'll reply within one month.

You also have the right to complain to the Information Commissioner's Office if you think we've got something wrong. You can also reach the ICO on 0303 123 1113.

For under-18s

Connect & Support follows the ICO's Age-Appropriate Design Code (the Children's Code). Our architecture gives you the strongest privacy settings by default — all your data stays on your device, we never profile you, we never use nudge tactics (no streaks, no shame prompts, no push notifications). The app is designed to be used by anyone from about age 13 upwards; if you're younger, please use it with a trusted adult.

If you're under 35 and having thoughts of suicide, Papyrus HOPELINE247 (0800 068 4141) is free, 24/7, and designed specifically for young people.

How the data is kept safe

  • All traffic between your device and the app is encrypted with HTTPS.
  • On-device storage sits inside your browser's sandboxed storage — isolated from other websites by the browser.
  • We don't run a database of user journal content. There is nothing for an attacker to steal.
  • When Premium goes live with real accounts, passwords will be hashed (never stored in plain text) and payments will be handled entirely by Stripe.

Changes to this notice

If we change how we handle data in a significant way, we'll update this page and bump the "Last updated" date at the top. Material changes will be flagged on the home page for the next time you open the app.

See also: Terms of use · Your data

© 2026 Play North West CIC. Connect & Support UK is a trade mark of Play North West CIC. All rights reserved.