Privacy notice

IncidentResponse.app is operated by Mew Era Consulting Ltd, registered in England & Wales. The platform is UK-hosted and aligned with the UK GDPR and the Data Protection Act 2018. We collect only the personal data needed to run the service — account email, organisation details, played-scenario logs — and we don’t sell or share it with advertisers.

Data we hold

• Account identity: name, email, role, organisation.
• Membership state: tier, renewal date, billing status (Stripe holds the payment instrument; we never see card numbers).
• Generated and uploaded scenario content, plus played-session logs (so we can show you what your team has rehearsed).
• Standard server access logs, kept for a rolling 30-day window for security and abuse-prevention.

Your rights

You can request access to, correction of, or deletion of any personal data we hold about you under the UK GDPR. Email hello@incidentresponse.app and we’ll respond inside the statutory 30-day window.