Skip to main content

Privacy Notice

This privacy notice tells you what to expect us to do with your personal information.

Contact Details

Email: hello@gyrinx.app

What information we collect, use, and why

We collect or use the following information to provide services:

  • Names and contact details
  • Account information
  • Website user information (including user journeys and cookie tracking)

We collect or use the following information for service updates or marketing purposes:

  • Names and contact details
  • Marketing preferences
  • IP addresses
  • Website and app user journey information
  • Records of consent, where appropriate

Lawful bases and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

Our lawful bases for collecting or using personal information to provide services are:

  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

Where we get personal information from

  1. Directly from You: When you fill out forms, register, subscribe to newsletters, or contact us by email.
  2. Cookies & Tracking Technologies: We use cookies, pixels, and beacons to understand user preferences, provide analytics.

How long we keep information

We retain personal data only as long as needed for our stated purposes or as required by law. Retention periods may vary based on:

  • Legal Requirements: e.g., accounting or regulatory obligations.
  • Business Needs: e.g., ongoing user accounts or resolving disputes.

When data is no longer required, we securely delete or anonymise it (e.g., via encryption or certified destruction).

Typically:

  • Account information, name, contact details and marketing preferences are kept for the duration of your account existence on Gyrinx, and may be kept for 2 years after you deactivate your account.
  • Website user information (including user journeys and cookie tracking) and IP addresses are kept for two years.
  • Records of consent, where appropriate, are kept indefinitely

Who we share information with

Data processors

Google

Google provide cloud infrastructure & storage, including databases for storing information and compute resources for processing it.

Sharing & Disclosure of Your Data

We may share your data with:

  1. Service Providers: cloud hosting, payment processors, email delivery services, marketing platforms, etc.
  2. Professional Advisers: Lawyers, auditors, insurers where necessary.
  3. Regulators & Authorities: If required by law or for compliance (e.g., tax authorities, data protection regulators).
  4. Business Transfers: If we merge, sell or reorganise parts of the organisation..
  5. Third Parties (with Consent): We will explicitly inform you if we share your data for reasons beyond our core service delivery.

We do not sell personal information unless explicitly stated and lawfully permitted.

International Transfers

If we transfer data outside the UK or EEA, we ensure appropriate safeguards, such as:

  • Adequacy Decisions from the relevant data protection authorities.
  • Standard Contractual Clauses (SCCs) or equivalent measures.

You can contact us for details on the specific mechanism we use.

Data Security & Breach Notification

We implement technical measures (e.g., encryption, firewalls, access controls) to protect personal data against unauthorised access or accidental loss.

In the event of a data breach, we will promptly notify affected users and relevant authorities (within 72 hours for GDPR) if the breach is likely to result in a high risk to your rights and freedoms.

Children’s Data (COPPA)

Our site and services are not generally aimed at children under 13. If we learn we have collected personal data from a child under 13 without appropriate consent, we will delete it.

Your Rights

Depending on your location and applicable law, you may have the right to:

  • Access: Request a copy of your personal data.
  • Rectification: Correct inaccuracies in your data.
  • Erasure: Request deletion where there is no lawful reason to retain data.
  • Restriction: Ask us to limit processing in certain circumstances.
  • Object: Object to processing based on our legitimate interests or direct marketing.
  • Data Portability: Receive data in a structured format for transfer to another controller.
  • Withdraw Consent: If processing is based on consent, you can withdraw it at any time.
  • Complain: Lodge a complaint with the supervisory authority, the ICO

If you have any concerns about our use of your personal data or to exercise these rights, please contact us. We will respond as soon as practicable and within any legal deadlines.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint