Legal
Privacy Policy
Last updated: 9 June 2026
This policy explains how Stag Report (“we”, “us”), of Unit 2A, Swordfish Business Park, Burscough, Ormskirk, Lancashire, L40 8JW, United Kingdom, collects and uses your personal data when you use Stag Report. We are the data controller for that personal data. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. What we collect
- Account data: your email address, and a display name.
- Event data: event details, member names and emails you enter, itineraries, ledger entries, RSVPs and kitty figures.
- Content you upload: photographs and videos, and any avatar image.
- Payment data: handled by Stripe. We receive confirmation of payment and a limited reference, not your card number.
- Technical data: basic logs, device and usage information needed to run and secure the Service, and (if you opt in) a push-notification subscription.
2. How and why we use it (legal bases)
- To provide the Service — creating your dossier, enrolling members, generating the report (performance of a contract).
- To send service emails and, if enabled, push notifications — sign-in links, invitations and photo-round reminders (contract / legitimate interests).
- To take payment — processing your purchase (contract).
- To keep the Service secure and improve it — preventing abuse and fixing faults (legitimate interests).
- To meet legal obligations — for example, keeping records required for tax.
3. Who we share it with
We do not sell your personal data. We share it only with the service providers (processors) who help us run Stag Report, under contracts that require them to protect it:
Vercel
Website and application hosting (EU/US).
Supabase
Database, authentication and file storage for your account and content.
Stripe
Secure payment processing. We never see or store your full card details.
Resend
Sending transactional email (sign-in links, invitations, photo-round reminders).
Anthropic
AI generation of report summaries, roasts and speeches from your event entries.
Google Maps Platform
Venue and route information for the pub-crawl planner.
Some providers may process data outside the UK. Where they do, appropriate safeguards (such as the UK International Data Transfer Agreement or equivalent) are in place.
4. Photographs, videos and other people
Content you upload may show other people. You are responsible for ensuring you have a lawful basis to upload and share images of others within your event. Event content is visible to members of that event and is included in the event’s final report. Please do not upload images of anyone who has asked not to be included.
5. How long we keep it
We keep your account and event data for as long as your account is active, and for a reasonable period afterwards to support re-access to your report. You can ask us to delete your account and content at any time (see your rights below). Some records may be retained where the law requires it. Note that, for your protection, certain destructive actions are handled by our team rather than automatically.
6. Cookies
We use only the cookies and similar storage necessary to keep you signed in and to run the Service. We do not use advertising cookies. Because we rely on essential storage only, you will not be pestered with intrusive consent banners.
7. Your rights
Under UK GDPR you have the right to:
- access the personal data we hold about you;
- have inaccurate data corrected;
- have your data erased, and to restrict or object to processing;
- data portability; and
- withdraw consent where processing is based on consent.
To exercise any of these, email privacy@stagreport.com. You also have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk, though we would appreciate the chance to put things right first.
8. Contact
Data protection enquiries: Stag Report, Unit 2A, Swordfish Business Park, Burscough, Ormskirk, Lancashire, L40 8JW, United Kingdom. Email: privacy@stagreport.com. See also our Terms & Conditions.