Last updated: 24 May 2026
This policy explains what personal data The Pain Points Project ("we", "us", "the site") collects, why, what we do with it, and the rights you have under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
The Pain Points Project is an independent platform operated from the United Kingdom. We are the data controller for the personal data described in this policy.
For privacy questions, data requests, or complaints: admin@thepainpointsproject.com
We don't want your personal data beyond what's strictly required for the site to work. We do not sell data, run advertising, or share it with third parties for marketing.
Sign-in is only needed to leave comments. If you sign in:
Lawful basis: performance of a contract (we cannot give you an account or let you comment without it) and our legitimate interest in operating the site securely.
We store the content of your submission, the target industry, your collaboration intent, any optional tags, and the timestamp. You do not need to sign in to submit a pain point — anonymous submissions are tied to an anonymous session, not to you personally. If you choose to include personal data in the pain-point text itself (for example, your name in a description), that data becomes part of the public record once approved.
Lawful basis: our legitimate interest in building a public database of real-world problems, balanced against your right not to over-share. Don't put confidential or identifying information in submissions.
We store the comment body, your account identifier, the email address associated with your account (used internally to verify admin status), and the timestamp. The email address is not shown publicly on your comments — visitors see only your display name.
You can delete any of your own comments at any time. Deleting a top-level comment also removes its reply thread.
On your first sign-in we generate a random, friendly username for you (something like swift-fox-742) so your comments aren't tied to your email. You can change it any time on the Settings page. Names are public, must be unique (case-insensitive), and a small set of reserved words (such as anything containing "admin", "moderator", or the project name) are blocked to prevent impersonation. We reserve the right to remove any display name we consider misleading or offensive.
The Contact form collects your email address and the message you write so we can reply. We hold these messages for up to 12 months and then delete them, unless an ongoing conversation requires keeping them longer.
Lawful basis: our legitimate interest in answering enquiries.
Our hosting provider and Supabase keep short-lived logs containing IP addresses, browser/user-agent strings, and request paths. These are used for security and debugging and are typically retained for 14–30 days at the infrastructure layer.
We use Vercel Web Analytics to monitor general, aggregated traffic on our platform (such as page views, device types, and country locations) so we can improve the user experience. This tool is cookie-free and does not collect or store any Personally Identifiable Information (PII) except for email addresses. Any data processed to calculate unique visitors is instantly anonymised. We cannot track your personal identity, search history, or activity across other websites.
We use the minimum cookies needed to make the site work:
We don't use analytics cookies, tracking pixels, or third-party advertising cookies. Because we only use strictly necessary cookies, no consent banner is required under the PECR rules.
We rely on a small number of trusted service providers ("processors") to run the site. Each is bound by a data-processing agreement and processes data only on our instructions:
Registering interest in a post. Signed-in users can click "I'm interested in collaborating!" on any pain point. We store one row per (user, post) pair recording your account ID and a timestamp — no other personal data. The post's author can see how many people have registered and when, and on the first click they receive a single email notification at the email address tied to their account. We send at most one email per post regardless of how many people click. Anonymous users can't register interest (no account = no way to enforce click-once). The email is sent via our SMTP provider Resend; see the processors list above.
Matrix (for collaboration chat) is separate. The "Open the project space" button on any pain point opens our single shared Matrix Space (a container for chat rooms) on Matrix.org — an independent open-source chat network — in a new tab. We don't share your email, name, or any activity from this site with Matrix or with anyone in the chat room. If you choose to create a Matrix account to chat, your relationship is with Matrix and the homeserver you use (e.g. matrix.org). Your participation there is governed by their privacy policy and the terms of whichever Matrix client (e.g. Element) you choose. The Pain Points Project does not record who clicked the button or who joined the room.
Our database is hosted in the European Union. We deliberately chose an EU region to keep your data within the EEA. If you sign in with Google, your sign-in handshake is processed by Google's global infrastructure under the appropriate data-transfer safeguards.
Under UK GDPR you have the right to:
To exercise any of these rights, email admin@thepainpointsproject.com. We aim to respond within one month.
The site is intended for users aged 13 and over. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us with their information, contact us and we'll delete it.
We use HTTPS for all connections, store passwords nowhere (sign-in is via magic link or Google), and rely on Supabase's encryption-at-rest. No system is perfectly secure — if you suspect a breach has affected your data, contact us immediately.
We may update this policy from time to time. The "Last updated" date at the top will reflect any change. Significant changes will be highlighted on the site.
If you're unhappy with how we've handled your data, you have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint. We'd appreciate it if you contacted us first so we can try to resolve it.
By using The Pain Points Project you acknowledge that you've read this policy. See also our Terms of Use.