Privacy Policy

Last updated: 12 April 2026

This Privacy Policy explains how MOAP (“Mission On A Plan”, “we”, “us”, “our”) collects, uses and protects personal data when you use our website, create an account, purchase time-limited membership access (3, 6 or 12 months), or use the MOAP Planner.

1) Who we are

Data Controller: MOAP — Mission On A Plan
Website: https://moap.uk
Contact: Contact form

2) What personal data we collect

• Account data — email address, encrypted password, login/session identifiers.
• Membership data — membership status, start/expiry date, plan code (e.g. 3/6/12 months), and access flags.
• Planner data — the text you submit to the MOAP Planner and the Planner output you receive.
• Usage data — monthly request counts/limits (to prevent abuse and manage costs).
• Payments metadata — transaction IDs, payment status, plan code, and payer email (where provided by PayPal).
• Support/contact data — messages submitted via forms, plus any details you include.
• Technical data — IP address, browser/device info, pages visited, and server logs (security + reliability).
• Cookie/consent data — cookie preferences and consent records (where applicable).
• Cooling-off waiver record (if used) — if you choose “immediate access” and tick an explicit waiver checkbox, we may store a record of that choice (e.g. timestamp + confirmation).

Note: payment card details are processed by PayPal — MOAP does not store full card numbers.

3) How we collect data

• Directly from you (account registration, planner input, forms, membership checkout actions).
• Automatically (cookies, server logs, basic analytics/performance data where enabled).
• From payment providers (transaction confirmation and related metadata).

4) How we use your data

• To create and manage your account and keep you signed in.
• To provide membership access and enforce expiry dates for 3/6/12-month access.
• To operate the MOAP Planner (send your input for processing and return an answer).
• To enforce usage limits, prevent abuse, and control service costs.
• To provide customer support and respond to enquiries.
• To maintain site security, prevent fraud, and troubleshoot issues.
• To comply with legal obligations (e.g. accounting records where required).

5) Lawful bases (UK GDPR)

We process personal data under one or more of the following lawful bases, depending on the context:

• Contract — to provide membership access and run the Planner for logged-in members.
• Legitimate interests — to secure the website, prevent abuse, and improve reliability (balanced against your rights).
• Consent — for non-essential cookies/marketing (where used) and any optional choices you actively opt into.
• Legal obligation — where we must retain certain records for compliance.

Under UK GDPR you must be told what’s happening with your data when it’s collected (Articles 13/14 “right to be informed”). [oai_citation:1‡ICO](https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/data-sharing/data-sharing-a-code-of-practice/sharing-personal-data-in-databases-and-lists/?utm_source=chatgpt.com)

6) The MOAP Planner & AI processing

When you use the MOAP Planner, the text you submit is processed using third-party services (including AI providers such as OpenAI) to generate a response.

• Planner input is used to generate your reply and to operate the feature.
• We do not sell your Planner content.
• Do not include sensitive personal information in Planner messages.

7) Payments, PayPal & membership activation

Payments are processed by PayPal under PayPal’s own privacy policy. MOAP receives payment confirmation and limited payment metadata (for example: transaction ID, payment status, plan code, and payer email where provided) so we can activate and manage your membership access.

Membership access is time-based (3 / 6 / 12 months). Your account records an expiry date which is used to control access to members-only features.

If you use an “immediate access” checkbox that waives the cooling-off period, that record may be stored as part of your membership event history. UK consumer rules about losing the right to cancel digital content typically require express consent and acknowledgement. [oai_citation:2‡Legislation.gov.uk](https://www.legislation.gov.uk/uksi/2013/3134/part/2/made/data.xht?view=snippet&wrap=true&utm_source=chatgpt.com)

8) Cookies

We use cookies for:

• Essential site functionality (logins, sessions, security)
• Cookie preference storage
• Performance and reliability monitoring (where enabled)

Full details are available in our Cookie Policy.

9) Who we share data with

We do not sell personal data. We may share data with:

• Hosting/infrastructure providers (to run the website)
• AI/technical providers (to operate Planner features)
• Payment processors (PayPal) to process payments and confirm membership
• Professional advisers or authorities where legally required

10) International data transfers

Some service providers may process data outside the UK/EEA. Where required, we use appropriate safeguards (for example contractual protections) to help protect your personal data.

11) How long we keep data

• Account data — kept while your account is active; may be retained longer if needed for security or legal reasons.
• Membership/payment records — kept for accounting, fraud prevention, and to resolve disputes.
• Planner input/output — kept only as long as operationally necessary to provide the service and maintain reliability.
• Contact messages — typically retained up to 24 months unless you ask us to delete them sooner (where applicable).
• Server logs — retained for a limited period for security and diagnostics.
• Cookie consent records — retained as needed to respect your preferences.

12) Your rights (UK GDPR)

You may have the right to:

• Request access to personal data we hold about you
• Request correction of inaccurate data
• Request deletion (where applicable)
• Restrict or object to processing (where applicable)
• Request data portability (where applicable)
• Withdraw consent (where processing relies on consent)

To exercise your rights, use the Contact Form.

13) Complaints

If you’re unhappy with how we handle your data, you can contact us first. You can also complain to the UK Information Commissioner’s Office (ICO):
https://ico.org.uk

14) Changes to this policy

We may update this Privacy Policy from time to time. The latest version will always be available on this page.

15) Contact

For privacy/data protection enquiries, use the Contact Form.