PoliceCase Toolkit UK Roleplay Investigation Suite
Phone Login / Register
Home Evidence Maker Login / Register Guides Legislation Phone Cool Things About
Phone Login / Register

Privacy Policy

This Privacy Policy explains how PoliceCase Toolkit ("we", "us", "our") collects, uses and protects personal data when you use this website and related features (the "Service").

Quick Summary

  • We store account information (username, optional email) and a password hash (never your raw password).
  • If you choose to save evidence, we store the exported PNG image and associated metadata in your account.
  • We log security events (such as login attempts and shared-phone edit activity, including IP address and user agent) to protect the Service.
  • We do not sell your personal data.

1. Who We Are

PoliceCase Toolkit is operated by the site operator. For contact details, please see the About page.

The Service is intended for fictional roleplay, training and lawful entertainment use. You should not enter or store real personal data about real individuals.

2. Personal Data We Collect

Depending on how you use the Service, we may collect and store the following categories of data:

  • Account data: username, optional email address, and a password hash.
  • Saved evidence: evidence metadata (template type, title, field values) and an exported PNG image when you use the "Save to account" feature.
  • Security and technical data: IP address, user agent, timestamps and success/failure for login attempts; shared-phone edit/audit events (including share-link edits); session identifiers; and password reset request metadata (request IP and expiry timestamps).
  • Support communications: if you contact us, we will process the information you provide.

Note: the exported image may include any content you add in templates (including images). Do not upload or save sensitive real-world data.

3. How We Use Your Data

  • To provide the Service: create accounts, authenticate users, and store saved evidence.
  • To secure the Service: detect and prevent abuse such as credential stuffing, brute-force attempts and automated misuse.
  • To administer the Service: allow administrators to manage users and delete stored content where required.
  • To troubleshoot: diagnose issues (for example, password reset delivery problems).

4. Legal Bases (UK GDPR)

Where the UK GDPR applies, we rely on the following lawful bases:

  • Contract: to provide account features and saved evidence functionality you request.
  • Legitimate interests: to protect the Service, prevent fraud and abuse, and keep the Service secure.
  • Consent: where we ask you to take an optional action (for example, providing an email address to enable password resets).

5. Cookies and Local Storage

We use essential cookies to run the Service (for example, to keep you logged in). Where required by applicable law (including the UK GDPR and UK ePrivacy rules), we will ask for your consent before using non-essential cookies or similar technologies.

  • Session cookie: used for authentication and CSRF protection.
  • Functional storage (optional): remembers convenience settings (for example, evidence maker usage notice).
  • Marketing / advertising (optional): if you opt in, we may load third-party advertising scripts (Google AdSense) which may set cookies and process device data.

You can change your preferences using the "Cookie settings" link in the site footer.

If you enable marketing cookies, Google may process data as described in Google's policies: Ads and technologies and Privacy Policy.

6. Sharing Your Data

We do not sell your personal data. We may share data in the following limited circumstances:

  • Administrators: admins can access user accounts, saved evidence, and security logs to keep the Service safe.
  • Service providers: hosting providers and content delivery networks may process basic technical data (such as IP address) when you access the Service.
  • Legal requirements: if we are required to disclose information by law.

7. Retention

  • Account data: retained until you delete your account or an admin removes it.
  • Saved evidence: retained until you delete it or an admin removes it.
  • Login attempts: retained for a limited time for security monitoring.
  • Password reset tokens: expire and are periodically pruned.

8. Security

We use reasonable technical and organisational measures designed to protect personal data, including modern password hashing, session hardening, CSRF protections, and rate limiting. No method of transmission or storage is completely secure.

9. Your Rights

Depending on your location and applicable law, you may have rights including access, rectification, erasure, restriction, objection, and data portability. You can manage some data directly in your account (for example, deleting saved evidence).

If you are in the UK, you can also make a complaint to the Information Commissioner's Office (ICO): ico.org.uk.

10. International Transfers

Depending on where the Service is hosted and which service providers are used, your data may be processed outside the UK. Where required, we rely on appropriate safeguards (such as adequacy regulations or standard contractual clauses).

11. Children's Privacy

The Service is not directed to children. If you believe a child has provided personal data to the Service, please contact the site operator.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the bottom of this page indicates when changes were last made.

13. Contact

If you have privacy questions or requests, please use the contact details on the About page.

Last updated: 2026-02-13