Privacy Policy for IRL Playground
Effective Date: 30th April 2025
1. Introduction
Welcome to Playground (the “App” and the “Website”), a product of Interfacing Research Laboratory Ltd (“IRL,” “we,” “us,” or “our”). This Privacy Policy explains how we collect, use, and protect your personal data when you access or use our App (a web-based application) and our Website (collectively, the “Services”).
By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with any part of this Policy, please discontinue using the Services.
2. Our Contact Details
Interfacing Research Laboratory Ltd (IRL)
326 Netil Corner, 89-115 Mare Street
London, E8 4RU
United Kingdom
Email: support@irlplayground.com
2.1 Data Controller & Data Protection Officer
3. Hosting, Processing, and Data Storage Locations
- Primary Hosting & Storage: European Union (EU).
- AI & Global Services: For certain AI-powered features, we may use servers outside the EU/EEA under adequate safeguards (e.g., Standard Contractual Clauses).
- Cross-Border Transfers: Copies of our Standard Contractual Clauses are available on request at privacy@irlplayground.com.
- No LLM Training Without Consent: We will not share your personal data to train large language models without your explicit consent.
4. What Data We Collect and Why
4.1 Legal Basis for Processing
Under the UK GDPR, we rely on:
- Contract: to create and manage your account and fulfill our obligations to you.
- Legitimate interests: to maintain and secure the Services, improve user experience, and diagnose issues, provided your rights don’t override these interests.
- Consent: for non-essential cookies, analytics tracking, and any marketing communications.
- Legal obligation: to retain billing records, respond to law-enforcement requests, and comply with other statutory requirements.
4.2 Information We May Collect via Technological Means
Log Data
Whenever you access our Services, our servers automatically record:
- Browser type & version
- Operating system
- IP address (anonymized/truncated)
- Domain name
- Date/time stamps of visits or activities
- Pages or features accessed
We store log data to diagnose technical issues, monitor performance, and enhance security. Alone, it generally cannot identify you.
Analytics Data
We use PostHog, a privacy-focused analytics platform, to collect aggregated and event-level usage data from both our Website and App (page views, session durations, clicks, feature interactions, user flows, referring URLs/UTM parameters, device/browser metadata). We configure PostHog to respect “Do Not Track” settings by ignoring sessions where DNT is enabled, and we retain analytics data only as needed for improvement. For more information, please see PostHog’s Privacy Policy: https://posthog.com/privacy
4.3 Cookies, Web Beacons, and Other Tracking Technologies
We use cookies and web beacons to understand how you interact with our Services and to provide certain features.
- Strictly Necessary Cookies
- Essential for login, form submissions, session management.
- Performance Cookies (via PostHog)
- Track visits, traffic sources, page popularity, navigation paths; data is anonymous and aggregated.
- Functional Cookies
- Enable features such as saved preferences and embedded content.
Cookie Consent & Management
- We obtain your prior consent via a cookie banner before setting non-essential cookies.
- You can manage or withdraw consent at any time via the banner or your browser settings (disabling may affect functionality).
We do not sell your personal data.
4.4 Information You Provide Directly
Some features require you to create an account or submit information:
- Account Creation & Service Requests: name, email, password (hashed), organization/role, location (country/region), phone number (optional).
- Support & Contact: details you choose to share when contacting us.
- Billing & Payments: processed by a secure third-party; we store only minimal transaction records (no full payment details).
We may combine your submissions with publicly available or trusted third-party data.
4.5 How We Use Your Data
We use your personal data to:
- Create and manage your account (Contract)
- Operate, maintain, and secure the Services (Legitimate interest)
- Personalize and improve your experience (Legitimate interest)
- Communicate updates, support, and security notices (Contract/Legal obligation)
- Fulfill your requests (paid features, demos) (Contract)
- Comply with legal obligations and protect against fraud (Legal obligation/Legitimate interest)
Anonymized, aggregated data may also be used for internal analytics, product development, or AI-model training—with opt-in consent.
4.6 Third-Party AI Services
When we integrate external AI APIs (e.g., Azure AI Services, OpenAI), we ensure:
- No training of third-party models on your data without explicit consent.
- Secure handling and minimal retention of any data sent through APIs.
4.7 Other Third-Party Services
We engage the following subprocessors under strict data-processing agreements. Please review each vendor’s privacy policy for full details:
4.8 Personalized Advertising & Profiling
We do not use your data for targeted advertising or automated profiling that produces legal or similarly significant effects on you, unless you explicitly consent in advance.
4.9 Data Encryption and Security
Your data is protected in transit (TLS/SSL) and at rest (AES-256). However, no method of storage or transmission is 100% secure; we cannot guarantee absolute security.
4.10 Breach Notification
In the event of a personal-data breach, we will:
- Notify the ICO (or applicable supervisory authority) within 72 hours.
- Inform affected users without undue delay if there is a high risk to their rights and freedoms.
4.11 Data Retention & Deletion
- Log & Analytics Data: retained for up to 12 months, then anonymized or deleted.
- Account & Profile Data: retained for the duration of your active account plus six months.
- Billing Records: retained for a minimum of seven years to comply with tax and legal obligations.
- Deletion: upon request or account closure, we will delete or anonymize your personal data within 30 days, unless legal obligations require further retention.
4.12 Children’s Privacy
Our Services are not directed at or intended for children under 16 (or the applicable local age). We do not knowingly collect data from minors. If you believe we have collected such data, contact us to have it deleted.
5. Calendar Integrations
We offer integrations with Google Calendar, iCal, and Microsoft Calendars:
- OAuth2 Authentication — We never handle your raw credentials.
- Data Access — Only with your permission; you can revoke access anytime.
- Token Storage — Minimum required to provide functionality.
6. Your Data Protection Rights
Under the UK GDPR, you have the right to:
- Access your data
- Rectify inaccuracies
- Erase (where applicable)
- Restrict processing
- Object to certain processing (e.g., direct marketing)
- Portability of your data
To exercise these rights, you can email support@irlplayground.com with "Data Subject Access Request" in the subject line with the following information:
- Your full name
- Email address associated with your account
- Description of your request (e.g., access, correction, deletion)
We aim to respond within one month of receiving complete information.
7. Concerns and Complaints
Contact us first at support@irlplayground.com. We strive to reply within 24–48 hours on weekdays. If unsatisfied, you may lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk.
8. Changes to This Privacy Policy
We may update this Policy periodically. For material changes, we will notify you by email and via an in-App banner, and require consent if mandated by law. The updated Effective Date will appear at the top.
9. Contact Us
For questions or concerns, email: support@irlplayground.com.
