Home
ILThe Itch Loop

Legal

Privacy Policy

Last updated: 16 June 2026

This Privacy Policy explains how [YOUR COMPANY NAME] ("we", "us", "our") collects, uses and protects personal data when you visit theitchloop.co.uk or use the member area (the "Service"). We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data controller

The data controller is [YOUR COMPANY NAME], registered office [YOUR UK REGISTERED ADDRESS], company number [COMPANY NUMBER]. For any privacy enquiry contact privacy@theitchloop.co.uk.

2. Data we collect

  • Account data: email address (for sign-in).
  • Profile data: your dog's name, start date and (optionally) a photo you upload.
  • Progress data: daily check-ins, slider values, completed protocols.
  • Quiz data: answers to the 60-second itch check, if you complete it.
  • Payment data: handled by Stripe; we receive a customer reference, email, amount and status — never your card details.
  • Technical data: IP address, browser, device, basic logs needed to operate and secure the Service.

3. Why we use it (legal basis)

  • Performance of contract: create your account, deliver the Service, process payment, support refunds.
  • Legitimate interests: keep the Service secure, prevent fraud, improve features.
  • Consent: non-essential cookies; optional marketing emails (you can withdraw anytime).
  • Legal obligation: retain transaction records for UK tax and accounting law.

4. How long we keep it

Account and progress data: while your account is active, plus 12 months after last sign-in, unless you ask us to delete it sooner. Payment records: 7 years (UK tax law). Support emails: 24 months.

5. Who we share it with (sub-processors)

  • Supabase — database and authentication (EU region).
  • Stripe — payment processing (UK/EU/US).
  • Lovable / Cloudflare — hosting and CDN.
  • Email provider — transactional and (if you consent) marketing emails.

We never sell your data.

6. International transfers

Where data leaves the UK/EEA, we rely on adequacy decisions or Standard Contractual Clauses (SCCs) to ensure equivalent protection.

7. Your rights

Under UK GDPR you have the right to:

  • Access a copy of your data.
  • Have inaccurate data corrected.
  • Have your data erased ("right to be forgotten").
  • Restrict or object to certain processing.
  • Data portability.
  • Withdraw consent at any time.
  • Lodge a complaint with the UK Information Commissioner's Office (ico.org.uk).

To exercise any of these, email privacy@theitchloop.co.uk.

8. Cookies and local storage

We use strictly necessary cookies and browser local storage to keep you signed in and save your in-app preferences (e.g. progress, dismissed banners). Non-essential cookies are only set with your consent via the cookie banner. You can change your choice at any time by clearing site data in your browser.

9. Security

Data is encrypted in transit (HTTPS) and at rest. Access to production data is restricted and logged. Despite reasonable safeguards, no system is 100% secure.

10. Children

The Service is not directed at children under 18 and we do not knowingly collect their data.

11. Changes

We may update this Policy. Material changes will be flagged in the app and the "Last updated" date above will change.

12. Contact

privacy@theitchloop.co.uk or via the Contact page.