Privacy Policy — BenefitsClaim UK

Summary: We collect only what we need to run this service. We do not sell your data. We do not share it with the DWP or any government body. You can request deletion of your data at any time.

1. Who We Are

BenefitsClaim UK operates the website at benefitclaimuk.co.uk (the "Platform"). We are an independent information and tools service. We are not affiliated with the Department for Work and Pensions (DWP), His Majesty's Revenue and Customs (HMRC), or any government body.

For data protection purposes, the data controller is BenefitsClaim UK. You can contact us at: [email protected]

2. What Data We Collect

We collect the following categories of personal data:

Data Type	Why We Collect It	Legal Basis
Name and email address	To create and manage your account	Contract performance
Login credentials (via OAuth)	To authenticate your identity securely	Contract performance
Subscription status	To determine your access tier (Free/Premium/Professional)	Contract performance
Letters you generate	To save them to your document vault	Contract performance / Consent
Diary entries and deadlines	To provide the Benefits Diary feature	Contract performance
Newsletter email address	To send you benefit updates (only if you subscribe)	Consent
Usage analytics (anonymised)	To improve the platform (only with your consent)	Consent
Cookie preferences	To remember your consent choices	Legal obligation
Payment data	Processed by Stripe — we never see your card details	Contract performance

3. How We Use Your Data

We use your personal data solely to provide and improve the BenefitsClaim UK service. Specifically:

To authenticate you and manage your account
To generate, store, and retrieve your letters and diary entries
To process your subscription payment via Stripe
To send you the newsletter you subscribed to (you can unsubscribe at any time)
To improve the platform based on anonymised usage patterns (only with your consent)

We will never: sell your data to third parties, share it with the DWP or any government body, use it for profiling or automated decision-making, or send you unsolicited marketing.

4. Sensitive Personal Data

The letters and information you enter into the Platform may contain sensitive personal data relating to your health, disability, or financial circumstances. This is classified as "special category data" under UK GDPR. We process this data solely on the basis of your explicit consent (given when you use the letter generator) and solely for the purpose of generating your letter. We do not analyse, share, or use this data for any other purpose.

Your letters are stored in encrypted form and are accessible only to you. No BenefitsClaim UK staff member reads your letter content.

5. Cookies

We use the following types of cookies:

Strictly necessary cookies: Session authentication and security tokens. These cannot be disabled.
Analytics cookies: Anonymised usage data to help us improve the platform. Only set with your consent.
Preference cookies: Remember your settings between visits. Only set with your consent.

You can manage your cookie preferences at any time using the cookie banner or by clearing your browser's local storage for this site.

6. Third-Party Services

We use the following third-party services, each with their own privacy policies:

Stripe — Payment processing. Stripe is PCI-DSS compliant. We never receive or store your card details.
Manus OAuth — Authentication. Used to securely verify your identity.
postcodes.io — Free, open-source postcode lookup API. No personal data is sent.

7. How Long We Keep Your Data

Data	Retention Period
Account data	Until you delete your account
Generated letters	Until you delete them, or your account is deleted
Diary entries	Until you delete them, or your account is deleted
Newsletter subscription	Until you unsubscribe
Payment records	7 years (UK legal requirement for financial records)
Analytics data (anonymised)	24 months, then automatically deleted

8. Your Rights Under UK GDPR

You have the following rights:

Right of access — Request a copy of all personal data we hold about you
Right to rectification — Ask us to correct inaccurate data
Right to erasure — Ask us to delete your data ("right to be forgotten")
Right to restrict processing — Ask us to pause processing your data
Right to data portability — Receive your data in a machine-readable format
Right to object — Object to processing based on legitimate interests
Right to withdraw consent — Withdraw consent for analytics or newsletter at any time

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

9. Data Security

We take the security of your data seriously. All data is transmitted over HTTPS (TLS encryption). Database access is restricted to authorised systems only. We conduct regular security reviews. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the ICO within 72 hours as required by UK GDPR.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the Platform and, where appropriate, by email. The "Last updated" date at the top of this page will always reflect the most recent version.

11. Contact Us

Data Protection Enquiries

Email: [email protected]

We aim to respond to all data protection enquiries within 5 working days.