Privacy Policy

Last updated: November 2025

Overview

Pledgely is designed with privacy as a core principle. We collect the minimum data necessary to provide our service and help you achieve your goals.

What We Collect

Account Information

Email address and password (hashed) for authentication.

Payment Information

Payment details are processed securely by Stripe. We do not store your full card number on our servers.

Activity Data

What we see: Only the domains you visit that match our blacklist (e.g., "example.com").

What we don't see: Specific pages, content, or any browsing activity on non-blacklisted sites. Modern TLS encryption prevents us from seeing anything beyond the domain name.

How it works: Domain checking happens entirely on your device. Only blacklist hits are sent to our servers to trigger charges. Your general browsing history never leaves your device.

How We Use Your Data

  • To authenticate your account
  • To process pledge charges when blacklist hits occur
  • To send important service communications

Data Sharing

We do not sell your data. We share data only with:

  • Stripe: For payment processing

Data Retention

We retain data for the following periods:

During Active Use

  • Account information: While your account is active
  • Activity records: Duration of active pledge plus 120 days (to resolve billing disputes)
  • Device information: While devices are registered to your account

Financial Records

We are legally required to retain billing and transaction records for 7 years to comply with tax and financial regulations in the UK and EU. This data may be anonymized after account deletion (removing name and email while retaining transaction amounts and dates).

Automatic Deletion

Activity records from closed billing cycles are automatically deleted 120 days after the billing cycle ends, unless required for active disputes or legal obligations.

Account Deletion

You can request deletion of your account and associated data at any time. Visit our account deletion page for instructions.

What Gets Deleted

  • Your account and login credentials
  • Activity monitoring records (after billing disputes are resolved)
  • Device associations
  • Personal information (name, email)

What We Must Retain

Financial transaction records must be retained for 7 years to comply with UK and EU tax regulations. This data will be anonymized (name and email removed) after your account deletion, retaining only transaction amounts and dates for regulatory compliance.

Deletion Timeline

Account deletion requests are processed within 30 days. Some data may be retained longer where we have a legal obligation or legitimate interest (such as resolving active billing disputes).

Your Rights

Under GDPR and UK data protection laws, you have the right to:

  • Access your data: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your account and data (subject to legal retention requirements)
  • Data portability: Request your data in a machine-readable format
  • Restriction: Request temporary restriction of processing
  • Objection: Object to processing based on legitimate interests

To exercise these rights, visit our account deletion page or contact us at [email protected].

Security

We use industry-standard security measures including encrypted connections (HTTPS), hashed passwords, and secure payment processing through Stripe.

Changes to This Policy

We may update this policy. Significant changes will be communicated via email.

Contact

Questions? Email us at [email protected]