PYYRAH+ Header
Founding access · $99 lifetime · Closes in Get Pyyrah+
Get Pyyrah+
Privacy Policy · Pyyrah+
Privacy Policy

Privacy Policy

Effective date: 2 June 2026 · Version: 2.0 · Data controller: Pyyrah Limited (trading as Pyyrah+)

Contents

  1. Who we are and how to contact us
  2. The personal data we collect
  3. How we use your data and lawful bases
  4. How we share your data
  5. Third-party processors
  6. International transfers
  7. Your rights
  8. How long we keep your data
  9. Security
  10. Marketing communications
  11. Cookies
  12. Children's data
  13. Contact us
Section 1

Who we are and how to contact us

The data controller is Pyyrah Limited (trading as Pyyrah+), a private limited company registered in England and Wales (company number 12176473) with its registered office at 27 Old Gloucester Street, London WC1N 3AX.

For any privacy question, data-rights request, or concern, contact privacy@pyyrahplus.com. We respond within 30 days, normally much faster.

You also have the right to complain to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection: ico.org.uk/concerns. We'd prefer you contact us first so we can resolve directly, but you can go to the ICO at any time.

Section 2

The personal data we collect

We collect data in three contexts: when you visit the website, when you purchase Pyyrah+, and when you use the product after purchase.

Section 2.1 When you visit the website

  • Standard analytics data: pages visited, time on page, approximate location (country/region only), referrer, device and browser type. Collected via privacy-respecting analytics tools after you've granted consent.
  • Lead-magnet email addresses, if you submit one for our free tools.
  • Anything you write in the contact form or a support email.

Section 2.2 When you purchase

  • Name, email address, billing country, and IP address, captured by Stripe at checkout.
  • Payment method details (these are held by Stripe under PCI-DSS Level 1 security; we never see or store full card details).
  • Order metadata: products purchased, price paid, timestamp, currency, applicable VAT.

Section 2.3 When you use the product

  • Login credentials and authentication metadata for the course platform and the Pyyrah+ research platform.
  • Niche and Instagram handle, if you submit them for the DFY research dashboard.
  • Anything you submit during Voice Calibration: best posts, worst posts, voice question answers, generated voice profile.
  • Platform usage data: which features you use, frequency of access, content you generate using the AI prompts.
  • Customer support correspondence.
Section 3

How we use your data and lawful bases

PurposeData usedLawful basis (UK GDPR)
Delivering Pyyrah+ to youAccount credentials, niche/handle, DFY submissions, Voice ProfilePerformance of contract (Art. 6(1)(b))
Processing payments and refundsStripe data, billing email, order metadataPerformance of contract; legal obligation
Providing customer supportSupport correspondence, login data, account detailsPerformance of contract
Improving the productAggregated, anonymised platform usage dataLegitimate interest (Art. 6(1)(f))
Marketing emails (where you've consented)Email, name, marketing-engagement signalsConsent (Art. 6(1)(a))
Website analytics (after consent)Page-view and session dataConsent
Legal compliance (tax, accounting, dispute resolution)Transaction recordsLegal obligation (Art. 6(1)(c))
Fraud preventionIP address, payment-method patterns, chargeback signalsLegitimate interest
Section 4

How we share your data

We share your data only with: (a) the processors listed in Section 5, who process data on our behalf under written agreements complying with UK GDPR Article 28; (b) professional advisers (accountants, lawyers, auditors) where required and under confidentiality; (c) authorities where required by law or to defend against legal claims; (d) acquirers, in the event Pyyrah Limited is acquired, restructured, or merged - and only after we ensure the acquirer accepts equivalent privacy obligations.

We do not sell your personal data. We do not share it with advertisers, data brokers, or anyone else for monetisation purposes.

Section 5

Third-party processors

These are the service providers that process personal data on our behalf to operate Pyyrah+. Each is contractually bound by UK GDPR Article 28 obligations.

ProcessorPurposeData processedLocation
Stripe Payments Europe LtdPayment processing, refunds, fraud preventionName, email, billing country, IP, payment detailsIreland / EU; some transfers to Stripe Inc. (US) under SCCs
Shopify International LtdCourse hosting and content deliveryName, email, course access logs, content engagementIreland / EU
Brevo (Sendinblue SAS)Transactional and marketing emails (where consented)Name, email, engagement signalsFrance / EU
Cookiebot (Cybot A/S)Cookie consent managementConsent state, IP (hashed)Denmark / EU
Cloudflare Inc.Website performance, security, DDoS protectionIP address, request metadataUS under SCCs and UK adequacy
Google LLC (Workspace)Email infrastructure, document collaborationSupport correspondence, internal recordsUS under SCCs and UK adequacy
Plausible AnalyticsWebsite analytics (privacy-respecting; no individual tracking)Aggregated, anonymised visit data onlyEU

If we add or change a processor, we update this list. Subscribers to product news are notified when a material change occurs.

Section 6

International transfers

Where data is transferred outside the UK or EEA, we rely on UK GDPR Article 46 safeguards: the UK government's adequacy decisions (where they exist for the destination country), the UK International Data Transfer Agreement (IDTA), or the EU Standard Contractual Clauses with the UK addendum.

Our main non-UK/EEA processor is Stripe Inc. (US), used for payment processing. Stripe operates under the EU-US Data Privacy Framework and the UK extension to that Framework. Cloudflare and Google Workspace also process some data in the US under equivalent safeguards.

Section 7

Your rights

Under UK GDPR you have the right to:

  • Access - request a copy of the personal data we hold about you
  • Rectification - ask us to correct inaccurate or incomplete data
  • Erasure - ask us to delete your personal data, subject to legal retention requirements
  • Restriction - limit how we process your data while a query is resolved
  • Portability - receive your data in a structured, commonly used format
  • Object - to processing based on legitimate interest, including direct marketing
  • Withdraw consent - for processing based on consent (e.g. marketing emails), at any time
  • Not be subject to automated decisions with significant effects - none of our processing involves such decisions

To exercise any of these rights, email privacy@pyyrahplus.com. We respond within 30 days. Identity verification may be required for security reasons. There is no charge for exercising these rights except where requests are manifestly unfounded or excessive.

Section 8

How long we keep your data

  • Active customer records: for the duration of your access to Pyyrah+ (which is for the lifetime of the product)
  • Payment and order records: 7 years from purchase, for tax and accounting compliance under UK law
  • Support correspondence: 3 years from the last interaction
  • Marketing-list data: until you unsubscribe or for 24 months after last engagement, whichever comes first
  • Website analytics: aggregated and anonymised after 14 months
  • Cookie consent records: 12 months from the last consent event

After the retention period expires, we delete or fully anonymise the data.

Section 9

Security

We protect your data with technical and organisational measures appropriate to the risk: TLS 1.2+ encryption in transit; encryption at rest for all customer data; access controls based on least-privilege; multi-factor authentication for all team members with access to customer data; regular security review of our processors; and a documented incident response procedure.

If we ever suffer a personal-data breach that's likely to result in a high risk to your rights and freedoms, we will notify you and the ICO within 72 hours as required by UK GDPR Article 33.

Section 10

Marketing communications

We only send marketing emails to people who have opted in. Opt-in is via a clear checkbox at the relevant point (lead-magnet signup or post-purchase confirmation), separate from any consent required to deliver the product itself. You can unsubscribe at any time using the link in any marketing email, or by emailing privacy@pyyrahplus.com.

Transactional emails (order confirmation, refund confirmation, support replies, security notifications) are sent on the lawful basis of contract performance and are not subject to marketing opt-in.

Section 11

Cookies

Pyyrah+ uses cookies and similar technologies. The full list, what each cookie does, and how to manage consent is in our Cookie Policy. Non-essential cookies are only set after you grant consent via our cookie banner.

Section 12

Children's data

Pyyrah+ is sold to and intended for use by individuals aged 18 or over. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, contact privacy@pyyrahplus.com and we will delete it.

Section 13

Contact us

For any privacy question or to exercise your rights:

Email: privacy@pyyrahplus.com

Response time: within 30 days, usually much faster

Postal: Pyyrah Limited, 27 Old Gloucester Street, London WC1N 3AX

ICO: ico.org.uk/concerns

Questions about your data?

We respond to all privacy requests within 30 days.

Contact privacy@pyyrahplus.com