Legal · The True Troop Consulting Ltd
Privacy Notice
Privacy Notice
Service: TrueTroop Planner Intelligence Hub Effective date: [TO BE SET ON LAUNCH] Version: 1.0 Last updated: [TO BE SET ON LAUNCH]
Disclaimer for Dr. Osadare: This is a working draft prepared by Archie. It is aligned with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and ICO guidance, but must be reviewed by a UK-qualified solicitor before going live. Items in square brackets need your input. The Information Commissioner's Office (ICO) provides free template guidance at
https://ico.org.ukif you want to cross-check.
1. Who we are
This service is provided by The True Troop Consulting Ltd, the data controller.
- Registered office: [INSERT REGISTERED ADDRESS]
- Company number: [INSERT COMPANIES HOUSE NUMBER]
- ICO registration number: [INSERT ICO NUMBER — register at https://ico.org.uk/for-organisations/data-protection-fee/ if not yet registered]
- Privacy contact: privacy@truetroop.co.uk
If you have any concerns about how we handle your personal data, please contact us first. You also have the right to complain to the ICO at any time.
2. Scope of this notice
This notice covers the personal data we process when you use the TrueTroop Planner Intelligence Hub ("the Service"). It does not cover personal data processed in other contexts (for example, when you enrol in the Primavera P6 Masterclass, which is governed by a separate notice).
3. What personal data we collect
We collect only the data we need to operate the Service.
| Category | Examples | Source |
|---|---|---|
| Account data | Email address, name (optional), Supabase user identifier | You |
| Authentication data | Session tokens, magic-link timestamps, login IP address (transient) | Supabase Auth |
| Preferences | Preferred regions, sectors, salary minimum, digest cadence | You |
| Activity data | Jobs you save, application status you log voluntarily | You |
| Service usage | Page views and feature usage (aggregated, no cookies) | Plausible Analytics |
| Error data | Crash reports, error stack traces (anonymised where possible) | Sentry |
We do not collect: special category data (race, religion, health, sexual orientation, political opinion), biometric data, or financial payment data. The Service has no payment processing in Phase 1.
4. Job listing data is not yours
The Service aggregates public job postings from third-party APIs (Adzuna, Reed.co.uk) and direct employer career systems. That data is published by the employers and recruitment platforms; it is not your personal data. We do not share your personal data with those parties.
5. Why we process your data and the lawful basis
| Purpose | Lawful basis (UK GDPR Art. 6) |
|---|---|
| Create and manage your account; authenticate you with a magic link | Performance of a contract |
| Show you relevant job listings based on your preferences | Performance of a contract |
| Send you the optional weekly digest email | Consent (you opt in; you may withdraw at any time) |
| Operate, secure and improve the Service; investigate misuse | Legitimate interests (operating a reliable service) |
| Comply with legal obligations (e.g., responding to lawful requests) | Legal obligation |
You can object to processing based on legitimate interests at any time by emailing privacy@truetroop.co.uk; we will weigh your objection against our legitimate interest and respond within one month.
6. Who else processes your data (our subprocessors)
We use the following processors. Each has signed a data processing agreement with us, or operates under terms equivalent to one.
| Subprocessor | Purpose | Location |
|---|---|---|
| Supabase, Inc. | Database, authentication, file storage | EU/UK regions |
| Resend, Inc. | Transactional email (magic links, digest) | EU/US |
| Vercel, Inc. | Frontend hosting | Global edge network |
| Railway Corp. | Worker (ingest) hosting | EU region (London) |
| Sentry / Functional Software, Inc. | Error monitoring | EU region available |
| Plausible Insights OÜ | Privacy-friendly analytics (no cookies) | EU |
Where data is transferred outside the UK or EEA, we rely on the UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses (SCCs), together with any additional safeguards the receiving country requires.
7. How long we keep your data
| Data | Retention |
|---|---|
| Account data | Kept while your account is active and for 30 days after you request deletion (to handle accidental requests) |
| Preferences and saved jobs | Deleted with your account |
| Authentication logs | 90 days |
| Error data (Sentry) | 90 days |
| Aggregated usage analytics (Plausible) | Anonymised and retained 24 months |
| Backups | Up to 35 days, then permanently deleted |
8. Your rights
Under UK GDPR you have the right to:
- Be informed — this notice is part of that.
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate or incomplete data.
- Erasure — ask us to delete your data (the "right to be forgotten").
- Restrict processing — ask us to pause processing while a dispute is resolved.
- Data portability — request your data in a structured, commonly used format.
- Object — object to processing based on legitimate interests or direct marketing.
- Withdraw consent — for any processing we do based on your consent.
To exercise any of these, email privacy@truetroop.co.uk. We respond within one month.
You also have the right to lodge a complaint with the Information Commissioner's Office at https://ico.org.uk/make-a-complaint/ or telephone 0303 123 1113.
9. Cookies and tracking
The Service uses first-party session cookies for authentication only. These are essential cookies; no consent banner is required by law.
We do not use third-party advertising cookies, Google Analytics, or similar tracking. Our analytics provider (Plausible) operates without cookies and without collecting personal data.
10. Children
The Service is not directed at children and is gated to invitation-only adult professional students. If you believe a child has signed up, please contact us so we can delete the account.
11. Security
We use industry-standard security: TLS encryption in transit, encryption at rest in Supabase, hashed magic-link tokens, Row Level Security on every database table containing personal data, and access logging. No system is perfect; if we discover a personal data breach that creates a risk to your rights, we will notify the ICO within 72 hours and you without undue delay, as required by law.
12. International transfers
Where data is transferred outside the UK, we use legal safeguards as set out in Section 6.
13. Changes to this notice
We will update this notice as the Service evolves. Material changes will be notified to you by email or by a banner in the Service. The "Last updated" date at the top of this page reflects the latest version.
14. Contact
For all privacy queries: privacy@truetroop.co.uk For other queries: info@truetroop.co.uk
Postal: [INSERT REGISTERED ADDRESS]
This Privacy Notice is published as a static page in the Service at /privacy. It is also available on request.