Privacy Policy

This policy explains what personal data OpenPolice collects, how we use it, and your rights under UK data protection law.

Last Updated: June 2026

1 Introduction

OpenPolice ("we", "us", "our") is an independent, community-run reference for the UK justice system — police forces, courts, prisons, custody centres, stop & search data and legal guidance. This Privacy Policy explains how we handle personal data when you use the platform.

We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

Most of OpenPolice can be used without giving us any personal data at all — the directory, listings, stop & search data and legal guidance are open to read without an account.

2 Data Controller

OpenPolice is the data controller responsible for the personal data described in this policy. We determine the purposes and means of processing that data.

Contact: For any data-protection enquiry or request, use our contact page.

Location: United Kingdom

3 Information We Collect

Information You Provide

Anonymous account: By default an account is anonymous. You receive a one-time recovery key and we store only a hashed version of it — no name, email or other identifying detail.
Full account (optional): If you upgrade to a full account, we collect your email address and a password (stored only as a secure hash). You may optionally use a third-party social login.
Contact messages: If you contact us, we process the details you choose to send — such as your message and, if you provide it, an email address to reply to.

Information Collected Automatically

Server logs: Standard technical data such as IP address, browser type and pages requested, used to operate the site securely and diagnose problems.
Essential cookies: A session cookie when you sign in, plus a cross-site-request-forgery protection token (see Cookies). We do not use advertising or third-party tracking cookies.

We do not use third-party analytics or advertising trackers. Browsing the public reference pages does not require an account.

4 How We Use Your Data

We use personal data only for the following purposes:

To provide and maintain your account and keep you signed in
To respond to messages and requests you send us
To keep the platform secure and prevent abuse, fraud and technical faults
To understand and improve how the platform performs (using our own server data, not third-party trackers)
To comply with our legal obligations

We do not use your personal data for advertising, and we never sell it.

5 Legal Basis for Processing

Under UK GDPR, we rely on the following lawful bases:

Contract

Processing necessary to provide an account and the services you ask for.

Consent

Where you give clear consent for a specific purpose, such as choosing to contact us. You can withdraw consent at any time.

Legitimate Interests

Keeping the platform secure, preventing abuse, and maintaining a public-interest reference resource — balanced against your rights.

Legal Obligation

Where processing is required to comply with the law or a valid legal request.

7 Data Retention

We keep personal data only as long as needed for the purpose it was collected:

Account data is kept while your account is active. You can delete your account at any time, after which we remove or anonymise the associated personal data.
Contact messages are kept for as long as needed to handle your enquiry and any follow-up.
Server logs are kept for a limited period for security and diagnostics, then deleted or anonymised.

Public reference records (forces, courts, prisons, legal listings) are not your personal data and are covered separately below.

8 Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right to Access

Request a copy of the personal data we hold about you

Right to Rectification

Request correction of inaccurate or incomplete data

Right to Erasure

Request deletion of your personal data in certain circumstances

Right to Restrict Processing

Request limitation of how we use your data

Right to Data Portability

Receive your data in a portable format

Right to Object

Object to processing based on legitimate interests

To exercise any of these rights, use our contact page. We will respond within one month of receiving your request.

If you are not satisfied with how we handle your request, you have the right to complain to the Information Commissioner's Office (ICO).

9 Data Security

We use appropriate technical and organisational measures to protect personal data:

Encryption in transit: Traffic is served over HTTPS (TLS).
Hashed credentials: Passwords and account recovery keys are stored only as secure hashes, never in plain text.
Access controls: Access to personal data is restricted to what is necessary to operate the platform.
Maintained infrastructure: Systems are kept updated and patched against known vulnerabilities.

No method of transmission or storage is completely secure, so we cannot guarantee absolute security, but we are committed to industry-standard protections.

10 Cookies

We use only strictly necessary cookies:

Essential / session cookies: Set when you sign in, to keep your session active and protect against cross-site request forgery. No advertising or third-party tracking cookies are used.

You can control cookies through your browser settings; blocking the essential cookie will stop sign-in from working but you can still browse the public pages. For full details, see our Cookie Policy.

11 Children's Privacy

OpenPolice is not intended for use by individuals under the age of 16, and we do not knowingly collect personal data from children under 16.

If you believe we have inadvertently collected data from a child under 16, please contact us so we can delete it.

12 Public Reference Data

OpenPolice publishes a reference directory built from publicly available information — police forces, force leadership, courts, prisons, custody centres, stop & search statistics, and listings of legal-help providers. We also publish staff-authored, fully cited editorial case studies of individuals whose convicted cases shaped UK policing.

Sources

Official open data (including UK police open data) and public registers
Published records from official authorities (forces, courts, tribunals, prison service)
Publicly listed information about legal-service providers

Where this involves named individuals

Some reference records name individuals in a public role (for example, a force's published leadership, or a person named in a public-record case study). Where we process such personal data, we rely on the public interest and our legitimate interests in maintaining an accurate public reference, balanced against the rights of the individual. We do not infer identities from partial or unofficial information.

Corrections & removal: If a reference record about you is inaccurate or you wish to request its removal, please contact us. We review such requests and correct or remove records where appropriate, balancing the public interest against individual rights.

13 Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will:

Update the "Last Updated" date at the top of this page
Post a notice on the platform for material changes

We encourage you to review this policy periodically.

14 Contact Us

If you have any questions about this Privacy Policy or our data practices, contact us:

Website: openpolice.net

Data requests & enquiries: contact page

Location: United Kingdom

For complaints about our data handling, you may also contact the Information Commissioner's Office (ICO).

Status: Online