FloodWatch Beta — data may be periodically unavailable.
FloodWatch
Get Started

Privacy Policy

Last updated: March 2026

1. Introduction

FloodWatch Ltd (Company No. 17031025), registered in England & Wales, registered office: 3rd Floor, 86-90 Paul Street, London, EC2A 4NE ("we", "our", "us"), is the data controller for the personal information described in this policy. We are committed to protecting your privacy. This policy explains how we collect, use, and protect your personal information when you use our flood monitoring service.

We are registered with the Information Commissioner's Office (ICO). Registration number: 00013169180.

This service is intended for business use by individuals aged 18 and over. We do not knowingly collect data from children or individuals under 18.

2. Information We Collect

Account Information

  • Email address (for account creation and notifications)
  • Password (stored securely using industry-standard hashing)
  • Full name (optional)
  • Organisation name

Site Data

  • Site names you provide
  • UK postcodes for your monitored locations
  • Notes and tags you add to sites

Subscription Data

  • Subscription plan and status
  • Stripe customer ID (we do not store your payment card details)

Usage Data

  • Log data (IP addresses, browser type, pages visited)
  • Feature usage patterns (to improve the service)

3. How We Use Your Information

We use your information to:

  • Provide the FloodWatch monitoring service
  • Send flood alerts and notifications you've requested
  • Process payments and manage subscriptions
  • Generate AI-enhanced portfolio briefs when requested
  • Improve our service based on usage patterns
  • Communicate important service updates
  • Respond to support requests

Lawful Basis for Processing

Under UK GDPR Article 6, we process your data on the following bases:

Processing Activity Lawful Basis
Account creation and management Contract (Art. 6(1)(b)) — necessary to provide the service
Payment processing via Stripe Contract (Art. 6(1)(b)) — necessary to fulfil your subscription
Flood alerts and notifications Contract (Art. 6(1)(b)) — core service delivery
AI brief generation via OpenAI Contract (Art. 6(1)(b)) — feature you request
Google Analytics Consent (Art. 6(1)(a)) — only with your cookie consent
Security logging (IP, user agent) Legitimate interest (Art. 6(1)(f)) — fraud prevention and security
Service improvement Legitimate interest (Art. 6(1)(f)) — improving features based on usage

4. Data Sharing

We do not sell your personal information. We share data with the following third-party services:

  • Stripe: Payment processing. Stripe receives your email address and handles all payment card information securely. We never see or store your card numbers. Stripe Privacy Policy
  • OpenAI: When you generate an AI brief, site names, postcodes, and current flood/river status are sent to OpenAI for summarisation. This data is used only to generate your report and is not stored long-term. OpenAI Privacy Policy
  • Google: If you sign in with Google OAuth, we receive your email and name from your Google account. If you consent to analytics cookies, we use Google Analytics to understand how visitors use our site. Google Privacy Policy
  • Environment Agency: We send postcode coordinates to fetch flood warnings and river levels. No personal data is shared.
  • Postcodes.io: Postcodes are sent for geocoding. No personal data is shared.

We may also share data when required by law or to protect our rights.

5. Data Security

We protect your data using:

  • HTTPS encryption for all data transmission
  • Secure password hashing
  • Row-level security policies on our database
  • Regular security reviews

6. Data Retention

We retain your data for as long as your account is active. When you delete your account:

  • All personal data is removed immediately
  • Active subscriptions are cancelled from the next billing date
  • Cached flood data (from public sources) may be retained longer for service improvement

7. Your Rights (UK GDPR)

Under UK data protection law, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Delete your account and associated data
  • Portability: Export your site data (CSV export available in dashboard)
  • Object: Opt out of marketing communications
  • Withdraw Consent: Change your cookie preferences at any time

To exercise these rights, contact us at hello@floodwatch.uk. We will respond to data subject requests within one calendar month of verifying your identity, as required by UK GDPR.

8. Cookies and Tracking

We use cookies and similar technologies to provide our service and, with your consent, to understand how visitors use our site.

Always Active Essential Cookies

These cookies are necessary for the website to function properly. They include:

  • Authentication cookies: Keep you signed in securely
  • Session cookies: Remember your preferences during a visit
  • Security cookies: Protect against cross-site request forgery

These cookies are strictly necessary and cannot be disabled without affecting site functionality.

Requires Consent Analytics Cookies

With your consent, we use Google Analytics and Google Tag Manager to collect anonymised data about how visitors use our website. These cookies:

  • Track pages visited and time spent
  • Identify returning visitors (anonymously)
  • Understand which features are most popular

We do not use analytics data to personally identify you. You can withdraw consent at any time via the cookie settings in the footer or by contacting us.

Managing Your Cookie Preferences

When you first visit our site, you'll see a cookie consent banner where you can:

  • Accept all cookies
  • Accept only essential cookies
  • Customise your preferences

You can also manage cookies in your browser settings. Note that blocking essential cookies may prevent parts of the site from working correctly.

Third-Party Cookies

If you consent to analytics, the following third parties may set cookies:

  • Google Analytics: _ga, _ga_*, _gid cookies for analytics. Learn more
  • Google Tag Manager: Manages the loading of analytics scripts. Learn more

9. Third-Party Services

Our service integrates with:

Environment Agency APIs
Natural Resources Wales (NRW)
SEPA (Scotland)
Postcodes.io (geocoding)
OpenStreetMap (mapping)
Stripe (payments)
OpenAI (AI briefs)
Google (OAuth, Analytics)

These services have their own privacy policies. Where these services act as sub-processors of personal data on our behalf, we have Data Processing Agreements (DPAs) in place as required by UK GDPR Article 28.

10. International Transfers

Some of our service providers (e.g., OpenAI, Stripe) may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses.

11. Changes to This Policy

We may update this policy periodically. We'll notify you of significant changes via email or in-app notification. If we make material changes to how we use cookies, we will ask for your consent again.

12. Contact Us

For privacy-related questions, contact us at hello@floodwatch.uk.

Terms of Service → Security → Trust & Methodology →