← Back to HomeLast updated: January 2026

Privacy Policy

At GrassrootsPay, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our payment platform.

1. Information We Collect

1.1 Personal Information

When you register for GrassrootsPay, we collect:

  • Name, email address, and phone number
  • Club or organization details
  • Bank account information for payment processing
  • Payment card details (securely processed by our payment partner Stripe)

1.2 Usage Data

We automatically collect information about how you use our service, including:

  • Device and browser information
  • IP address and location data
  • Pages visited and features used
  • Transaction history and payment data

2. How We Use Your Information

We use your personal information to:

  • Process payments and manage subscriptions
  • Send transaction confirmations and receipts
  • Provide customer support
  • Improve our service and develop new features
  • Detect and prevent fraud
  • Comply with legal obligations
  • Send marketing communications (with your consent)

3. Payment Data Security

We never store your full payment card details. All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor. When you make a payment:

  • Card details are encrypted and sent directly to Stripe
  • We only receive a secure token for future payments
  • Your CVV is never stored by us or Stripe

4. Data Sharing and Third Parties

We share your data with trusted third parties only when necessary:

  • Stripe: Payment processing
  • Cloud hosting providers: Secure data storage (AWS/Vercel)
  • Email service providers: Transactional emails and notifications
  • Analytics tools: Service improvement (anonymized where possible)

We never sell your personal data to third parties.

5. Data Retention

We retain your personal information for as long as your account is active, or as required by law for tax and accounting purposes. Typically:

  • Account data: Retained while your account is active
  • Transaction records: 7 years (HMRC requirement)
  • Marketing data: Until you withdraw consent

6. Your Rights (GDPR)

Under UK GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to processing for marketing purposes
  • Restriction: Request we limit how we use your data

To exercise any of these rights, email us at privacy@grassrootspay.co.uk

7. Cookies

We use cookies to improve your experience. See our Cookie Policy for details.

8. Contact Us

If you have questions about this Privacy Policy, contact us at:

GrassrootsPay Ltd

Email: privacy@grassrootspay.co.uk

Data Protection Officer: Available upon request