Privacy Policy
Last updated: 12 June 2026
1. Who is the data controller
PilgrimCompare is a trading name of Paramount Consultants Limited, registered in England and Wales, company number 09679002. For data protection purposes, Paramount Consultants Limited is the data controller of your personal information.
Contact: support@pilgrimcompare.co.uk
Data Protection Officer: dpo@pilgrimcompare.co.uk
2. What we collect
- Account data: name, email address, password hash, user role.
- Enquiry details: travel preferences (destination, dates, hotel rating, room occupancy, budget, inclusions), departure city, and any notes you provide when submitting an enquiry.
- Booking intent data: reference codes, selected package, payment evidence metadata, and communication notes.
- Analytics data: anonymised page view data via Plausible Analytics, which uses no cookies and stores no personal identifiers. See Section 8.
3. Lawful bases for processing
- Performance of a contract: processing your account, routing your enquiry to the operator you choose, and managing booking intents.
- Legitimate interests: anonymised analytics to improve the service, fraud prevention, and platform security.
- Legal obligation: retaining audit logs and complaint records as required by UK consumer and financial regulation.
4. Data sharing — important disclosure
When you send an enquiry, your contact details are shared with the operator you enquire with. From that point the operator is an independent data controller of your details under its own privacy policy.
We do not sell your personal data. Beyond the operator disclosure above, we share data only with:
- Service providers: Supabase (database, EU West / Ireland region), Vercel (hosting), and Resend (transactional email delivery) — all under GDPR-compliant data processing agreements.
- Regulators: where required by law.
5. How long we keep your data
| Data type | Retention period |
|---|---|
| User account (active) | Until you delete your account |
| User account (deleted) | 90-day grace period, then permanently deleted |
| Enquiry and booking intent data | 90 days (auto-deleted unless a dispute is open) |
| Audit log entries | 7 years (legal and financial requirement) |
| Complaint records | 7 years (consumer protection requirement) |
6. Your rights
Under UK GDPR you have the right to:
- Access: request a copy of your personal data.
- Rectification: correct inaccurate or incomplete data.
- Erasure: request deletion of your personal data.
- Portability: receive your data in a structured, machine-readable format.
- Objection: object to processing based on legitimate interests.
- Restriction: ask us to limit processing in certain circumstances.
To exercise any right, email privacy@pilgrimcompare.co.uk. We will respond within one month.
7. Complaints to the ICO
You have the right to complain to the Information Commissioner's Office (ICO) if you believe we have not handled your personal data lawfully. Visit ico.org.uk/make-a-complaint or call 0303 123 1113. We ask that you contact us first so we can try to resolve your concern.
8. Cookies and analytics
Analytics: We use Plausible Analytics, a privacy-first service that collects no personal data and uses no cookies. It measures page views and aggregate traffic patterns only, with no cross-site tracking or personal identifiers. No cookie consent is required for Plausible.
Strictly necessary cookies: We use one session cookie for authentication (Supabase Auth). No consent is required for strictly necessary cookies.
| Cookie | Purpose | Type | Duration |
|---|---|---|---|
| Auth session (Supabase) | Authentication and session management | Strictly necessary | Session + 7-day refresh token |
We do not use tracking cookies, advertising cookies, or third-party analytics cookies. If this changes, we will update this policy and obtain your consent first where required.
Governed by the laws of England and Wales. Compliant with UK GDPR and the Data Protection Act 2018.