// privacy policy
Privacy Policy
Last updated 11 June 2026. Questions? Email [email protected].
1. Who we are
GanttDeck is operated by Solutions Delivered (trading as GanttDeck), registered in England and Wales under company number 12063264 at Belmont Suite, Paragon Business Park, Chorley New Road, Horwich, Bolton, England, BL6 6HG.
For questions about this policy or your data, contact [email protected].
2. What data we collect
We only collect what the product needs to work:
- Account details: your name, email address, and a hashed password, supplied when you register.
- Plan uploads: the CSV files you upload and the PPTX files we generate from them. These are stored against your account so you can download them.
- Technical logs: server access logs (IP, user-agent, URL) kept for a short operational window, and error context surfaced through our error monitoring processor (see §4).
- Analytics (optional): aggregate, anonymised usage data — only if you accept analytics cookies via the consent banner.
3. Legal bases for processing
- Contract (UK GDPR Art. 6(1)(b)) — account details and plan uploads are required to deliver the service you've signed up for.
- Legitimate interest (Art. 6(1)(f)) — server logs and error monitoring so we can keep the service secure and working.
- Consent (Art. 6(1)(a)) — analytics cookies, only set when you accept via the banner. You can withdraw consent at any time by clearing the laravel_cookie_consent cookie.
4. Who we share data with
We don't sell your data. We do use a small number of processors to deliver the service. Each is under contract and processes only what's listed here.
Sentry
error and performance monitoring
data: technical error context (stack traces, request URL, user ID where attached)
location: EU (Frankfurt) — functional-sentry.io EU region
Brevo (formerly Sendinblue)
transactional email delivery (account verification, password reset)
data: recipient email address and message content
location: EU (France)
Google Analytics 4
optional — consent onlyaggregate site usage analytics — only when the user accepts analytics cookies
data: anonymised page views, referrer, coarse geolocation (country), device class
location: United States (Google LLC), with EU-US Data Privacy Framework
Cloudflare
DNS and DDoS protection
data: IP address (transient, not stored by us)
location: Global edge network
5. How long we keep it
- Account details: for as long as your account is open. When you delete your account, all associated records are removed within 30 days.
- Plan uploads: until you delete them or close your account. Orphaned uploads older than 90 days may be pruned.
- Server logs: 30 days.
- Analytics: per the retention periods on the Google Analytics 4 cookies listed in §7.
6. Your rights
Under UK GDPR you can:
- Access the data we hold about you.
- Ask us to correct it.
- Ask us to delete it (right to erasure).
- Ask us to give you a portable copy.
- Object to processing based on legitimate interest.
- Withdraw consent for anything consent-based at any time.
Email [email protected] to exercise any of these. We'll respond within one calendar month.
If you're not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office: ico.org.uk/make-a-complaint.
7. Cookies
We use a small number of cookies. Essential cookies are set without consent because the site would not function without them. Non-essential cookies are only set after you click Accept in the banner.
* non-essential — only set when you accept analytics cookies.
8. Changes to this policy
We'll update this page if we change how we handle data. Material changes will trigger a notification on your next sign-in. The effective date above always reflects the latest revision.