Legal
Privacy Policy
Last updated: May 2026 · Carpe Diem London
1. Introduction
Carpe Diem London ("we", "our", or "us") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our platform (the "Service"), in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
By using the Service, you acknowledge that you have read and understood this Privacy Policy.
2. Information We Collect
We collect the following categories of personal data:
Account and identity data
• Name, email address, and profile picture (from direct registration or via Google/Apple OAuth)
• Phone number (when provided for SMS verification)
Usage data
• Pages and features visited, search queries, pins and plans saved, offers claimed
• Device type, browser, IP address, and approximate location
Payment data
• Billing details processed via our third-party payment provider (we do not store card numbers directly)
User-generated content
• Pin suggestions, feedback, and any other content you submit to the Service
Communications
• Messages you send to us via email or contact forms
3. How We Use Your Information
We use your personal data to:
• Create and manage your account
• Deliver and personalise the Service (daily plans, pin recommendations, offers)
• Process Premium membership payments
• Send transactional communications (booking confirmations, account notifications)
• Send marketing emails if you have opted in (you may opt out at any time)
• Process and respond to your Pin suggestions using AI assistance
• Improve the Service through analytics and usage insights
• Comply with our legal obligations and enforce our Terms of Service
4. Legal Basis for Processing (UK GDPR)
We process your personal data under the following lawful bases:
• Contract — to fulfil our obligations to you as a user or Premium member
• Legitimate interests — to improve the Service, prevent fraud, and ensure security
• Consent — for marketing communications and optional features (you may withdraw consent at any time)
• Legal obligation — where required by applicable law
6. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account:
• Your profile and activity data will be deleted within 30 days
• Anonymised usage data may be retained for analytical purposes
• Data required for legal or financial compliance (e.g. payment records) may be retained for up to 7 years in accordance with UK law
7. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
• Right of access — request a copy of the data we hold about you
• Right to rectification — request correction of inaccurate data
• Right to erasure ("right to be forgotten") — request deletion of your data
• Right to restriction — request that we limit processing of your data
• Right to data portability — receive your data in a machine-readable format
• Right to object — object to processing based on legitimate interests or for direct marketing
• Rights related to automated decision-making — including profiling
To exercise any of these rights, please contact us at hello.carpediemlondon@gmail.com. We will respond within one month.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
9. Security
We take appropriate technical and organisational measures to protect your personal data, including:
• HTTPS encryption for all data in transit
• HTTP-only cookies for authentication tokens (not accessible to JavaScript)
• Access controls limiting who can view personal data within our team
• Regular security reviews of our infrastructure
No method of transmission or storage is 100% secure. If you believe your account has been compromised, please contact us immediately.
10. Children's Privacy
The Service is not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18. If we become aware that we have inadvertently collected data from a child, we will delete it promptly. If you believe a child has provided us with personal data, please contact us.
11. International Transfers
Some of our third-party service providers may process data outside of the UK or European Economic Area. Where this occurs, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses) to protect your data in accordance with UK GDPR.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes, we will notify you by email or by a prominent notice on the Service.
Your continued use of the Service after changes take effect constitutes your acknowledgement of the updated policy.
13. Contact Us
If you have questions, concerns, or requests relating to your personal data or this Privacy Policy, please contact:
Email: hello.carpediemlondon@gmail.com
Carpe Diem London
London, United Kingdom
For complaints, you may also contact the Information Commissioner's Office (ICO):
Website: ico.org.uk
Phone: 0303 123 1113
Questions about your data? Contact us
Also see our Terms of Service