Privacy Policy
Effective date: 16 May 2026 · Last updated: 16 May 2026
This Privacy Policy explains how Dana House Limited collects, uses, and protects personal data in connection with the Dana House platform and related services (the "Service").
We are committed to handling personal data lawfully, fairly, and transparently in accordance with the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018.
1. Who we are
Dana House Limited is the data controller responsible for personal data described in this policy.
- Registered in England and Wales, company number 17222717
- Registered office: 24 Crane Avenue, Isleworth, TW7 7JL, United Kingdom
- Contact: contact@danahouse.co.uk
If you have questions about this policy or about how we handle your personal data, please contact us at the email above.
2. Scope of this policy
This policy covers personal data we process in connection with:
- The Dana House website and marketing pages;
- Account registration and management;
- Customer support and communications;
- Provision of the Service (including the dataset, API, and exports);
- Billing and payment processing.
The Service makes available data about UK registered charities. That data is sourced from public registers maintained by the UK charity regulators and primarily concerns charitable organisations rather than individuals. Where it includes information about individuals (for example, named trustees as published on the public register), section 8 of this policy explains our basis and approach.
3. Personal data we collect
We collect and process the following categories of personal data:
Account and contact data
Name, email address, job title, organisation, and similar information you provide when registering, contacting us, or corresponding with our team.
Billing data
Billing name, billing address, VAT number where applicable, and a token reference to your payment method. Full card details are collected and processed directly by our payment processor (Stripe) and are not stored on our systems.
Usage data
Information about how you use the Service, including API requests made, endpoints accessed, response volumes, IP addresses, user agent strings, login timestamps, and similar technical data.
Cookies and similar technologies
We use a limited set of cookies and similar technologies on our website and application for authentication, security, and basic functionality. See section 11 for details.
Communications
Records of correspondence between you and us, including support tickets and emails.
Marketing data (where applicable)
If you sign up to a mailing list or content download, the email address and preferences you provide. You can unsubscribe at any time.
4. How we collect personal data
We collect personal data:
- Directly from you when you register, purchase a subscription, contact support, or interact with our website;
- Automatically when you use the Service, via standard server logs;
- From third parties, where you sign in or are introduced through a partner or referrer (limited scenarios; we will tell you if this applies).
5. Why we process personal data and our lawful bases
We process personal data for the following purposes:
| Purpose | Lawful basis under UK GDPR |
|---|---|
| Providing and operating the Service under your subscription | Performance of a contract |
| Billing, invoicing, and collecting payment | Performance of a contract; legal obligation |
| Authentication and securing accounts | Legitimate interests (account security and fraud prevention) |
| Customer support and communication | Performance of a contract; legitimate interests |
| Service improvement, debugging, and analytics | Legitimate interests (running and improving the Service) |
| Direct marketing to existing customers about similar products | Legitimate interests (subject to your right to object) |
| Direct marketing to prospects who have opted in | Consent |
| Complying with legal, regulatory, and accounting obligations | Legal obligation |
| Establishing, exercising, or defending legal claims | Legitimate interests |
Where we rely on legitimate interests, we have carried out a balancing assessment and consider that our interests are not overridden by your rights and freedoms. You can ask us for further detail at any time.
6. Who we share personal data with
We share personal data only with:
- Service providers acting as our data processors, including our hosting provider, database provider, email provider, and payment processor. These providers process personal data on our behalf under written contracts and only as instructed by us;
- Professional advisors such as accountants and lawyers, where reasonably necessary;
- Regulators and authorities, where required by law or to protect our rights;
- Successors in interest, in the event of a merger, acquisition, or sale of assets.
We do not sell personal data, and we do not share it with third parties for their own marketing purposes.
Key processors we currently use include:
- Stripe, Inc. — payment processing (stripe.com/privacy)
- Resend — transactional email (resend.com/privacy)
- Neon — managed PostgreSQL database hosting (neon.tech/privacy-policy)
- Vercel, Inc. — application hosting (vercel.com/legal/privacy-policy)
The current list of sub-processors is available on request.
7. International transfers
Some of our service providers are based outside the United Kingdom, including in the United States and the European Economic Area. Where we transfer personal data outside the UK, we ensure an appropriate safeguard is in place, typically:
- A finding of adequacy in respect of the recipient country;
- The UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses; or
- Another lawful transfer mechanism recognised under UK data protection law.
You may request further information about the safeguards in place for a particular transfer by contacting us.
8. Data published by charity regulators
The Dana House dataset is built from public registers maintained by the Charity Commission for England and Wales, the Office of the Scottish Charity Regulator, and the Charity Commission for Northern Ireland. The registers concern charitable organisations.
Some fields published by the regulators may include the names of individuals, principally trustees and named contacts. Where such personal data is processed in the Service, we do so as controller, on the basis of our legitimate interests in providing a sector intelligence service that supports philanthropy, research, and accountability in the charitable sector. We rely on the fact that the regulators publish this information in furtherance of public transparency requirements.
Individuals whose details appear on the public registers and who wish to exercise rights in respect of that data may contact us using the details in section 1. We will respond in accordance with section 9.
9. Your rights
Under UK GDPR you have the following rights in respect of your personal data:
- Access — to obtain a copy of the personal data we hold about you;
- Rectification — to have inaccurate personal data corrected;
- Erasure — to have personal data deleted in certain circumstances;
- Restriction — to restrict our processing in certain circumstances;
- Portability — to receive a copy of certain personal data in a portable format;
- Objection — to object to our processing based on legitimate interests, including direct marketing;
- Withdraw consent — where processing is based on consent, you can withdraw it at any time.
To exercise any of these rights, contact us at contact@danahouse.co.uk. We will respond within one month, or tell you if we need longer.
You also have the right to complain to the Information Commissioner's Office ("ICO"), the UK supervisory authority for data protection: ico.org.uk.
10. Data retention
We retain personal data only for as long as necessary for the purposes set out in this policy:
- Account and customer data — for the duration of your subscription and for up to 6 years after termination, to meet legal, accounting, and contractual obligations;
- Billing and transaction records — for at least 6 years, as required by UK tax and accounting law;
- Support communications — for up to 3 years after the issue is resolved;
- Usage and log data — typically for up to 12 months, except where retained longer for security or legal reasons;
- Marketing data — until you unsubscribe or otherwise withdraw consent, plus a short suppression list retention to honour your preference.
We may retain personal data longer where required by law or where reasonably necessary to establish, exercise, or defend legal claims.
11. Cookies and similar technologies
We use a small number of cookies on our website and application:
- Strictly necessary cookies for authentication, security, and core functionality (no consent required);
- Preference cookies to remember your settings.
We do not use third-party advertising cookies or behavioural tracking. You can control cookies through your browser settings.
12. Security
We take appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These include encryption in transit, access controls, audit logging, supplier due diligence, and regular review of our practices.
No method of transmission or storage is completely secure, however. If you believe your account or our systems have been compromised, contact us immediately at contact@danahouse.co.uk.
13. Children
The Service is not intended for, directed at, or used by individuals under 18. We do not knowingly collect personal data from anyone under 18.
14. Changes to this policy
We may update this policy from time to time. The "last updated" date at the top will reflect the most recent change. Where changes are material, we will notify registered customers by email and/or via the Service.
15. Contact
If you have any questions, requests, or complaints about this policy or our handling of personal data, please contact:
Dana House Limited
contact@danahouse.co.uk
24 Crane Avenue, Isleworth, TW7 7JL, United Kingdom
Dana House Limited · Registered in England and Wales · Company no. 17222717