Last updated: June 2026 (off-site sharing & freetext responsibility added)
OurManifesto.uk is operated by Scrapz Ltd, trading as scrapz.co.uk (“we”, “us”, or “our”). We are the data controller for personal data collected through this Service. UK GDPR and the Data Protection Act 2018 apply to everyone using OurManifesto.uk wherever you live in the United Kingdom — England, Scotland, Wales or Northern Ireland — and the Information Commissioner’s Office (ICO) is the supervisory authority for all four nations. For any privacy enquiries contact us at hello@ourmanifesto.uk.
We collect the following categories of personal data:
We process each category of personal data on a specific lawful basis under UK GDPR. Where we process special category data (political opinions), the additional Article 9 condition we rely on is explicit consent — Art. 9(2)(a). You can withdraw that consent at any time from Account settings → Data consent. Withdrawing your consent for "Use political features" cascades immediately: we delete your Personal Manifesto and every comment you have posted on a policy, we remove your membership from any Citizen Party you joined (the party itself is not deleted), we null your political leanings, and we force the "Publish my political stance" toggle off. Withdrawing only the optional sub-consents removes the corresponding processing without touching the rest (revoking "Publish my political stance" silently hides your weightings on your public Citizen Card; revoking "Include me in research aggregates" excludes you from all future Politoratzi statistics). Either way, withdrawal does not affect the lawfulness of any processing carried out before withdrawal.
What counts as you expressing a political opinion on this site: leaving a comment on a policy, associating yourself with a political party (national or local leaning, or joining a party), attaching a policy to your Personal Manifesto or to a Citizen Party you create, creating a policy, and creating either a Personal Manifesto or a Citizen Party. All of these expressions are publicly visible on the site alongside your public handle. When you tick the consent box at sign-up (or in Account settings), you are agreeing to OurManifesto.uk processing the political opinions you add to the site via these mechanisms now and via similar mechanisms as the site expands in the future. If we ever add a substantively new political-opinion feature, we will refresh the consent text and prompt you to re-consent before it applies to you.
Your consent is split into three independent sub-consents you can grant or withdraw separately:
| Processing category | Art. 6 lawful basis | Art. 9 condition (special category only) |
|---|---|---|
| Account creation, authentication, and subscription management | Contract — Art. 6(1)(b) | N/A |
| Demographic profile (postcode, constituency, age band, sex, voting eligibility) | Consent — Art. 6(1)(a) | N/A |
| Political opinions — party leanings, Personal Manifesto, policy stances, policies you create (citizen policies), party membership | Consent — Art. 6(1)(a) | Explicit consent — Art. 9(2)(a) |
| Comments and public activity you choose to publish | Contract — Art. 6(1)(b) | N/A |
| Anonymised, aggregated research statistics (k-anonymity applied) | Legitimate interests — Art. 6(1)(f) | Outputs are anonymised — no longer special category |
| Payment records (Stripe customer / subscription metadata) | Contract — Art. 6(1)(b); Legal obligation — Art. 6(1)(c) for retention | N/A |
| Security monitoring, abuse / fraud prevention, server logs | Legitimate interests — Art. 6(1)(f) | N/A |
| Transactional email (receipts, moderation notices) | Contract — Art. 6(1)(b) | N/A |
We do not sell your personal data to third parties.
Automated content moderation (UK GDPR Article 22). Text you post to the Service (comments, your bio and display name, policies, party names and descriptions, feedback, and flag reasons) is sent to our AI moderation processor (OpenAI, via the Replit AI Integrations proxy) to check it against UK criminal-law categories only: CSAM, racial and religious hatred, incitement to violence, terrorism content, and clearly unlawful defamation. A “block” verdict prevents that single submission from being published. “Borderline” submissions are held for human admin review. The model does not on its own suspend accounts; account suspension after three live strikes within thirty days is a rule we apply, and any strike can be reviewed and overturned by a human admin on appeal. You can appeal any blocked or borderline decision from your account, and you have the right under Article 22 to obtain human review, to express your point of view, and to contest the decision. See our Moderation Policy for full details.
gpt-4o-mini model for automated moderation against UK criminal-law categories only — see our Moderation Policy and section 4 above for details. OpenAI’s own handling of data is governed by the OpenAI Privacy Policy.All processors are contractually bound to process data only on our instructions and to maintain appropriate security standards.
If your profile is set to public (the default), your display name, bio, constituency, and party membership are visible to other users on your citizen profile page. You can make your profile private at any time in your Studio settings — this removes you from the citizens directory immediately. Comments already posted remain visible unless you delete them.
Public by design. Anything you post that constitutes a political opinion expression (a comment, a manifesto you publish, a party you create, a party you join, a policy you attach) is published next to your public handle and is readable by anyone visiting the site. We do not anonymise it in real time. If you want to remove an expression, delete the underlying item (or withdraw your political-opinion consent, which cascades).
Some features let you take your data off OurManifesto.uk. For example, the Political DNA share studio lets you download an image, video or GIF card of your manifesto, and lets you create a public share link (such as /dna/… or a friendly manifesto page with a social-media link preview) that anyone can open without logging in.
Once your data leaves the site, it leaves our control — and the protections we provide can no longer be enforced. When you download a card or screenshot, share a link, or otherwise publish your data on a page or platform we do not operate, we cannot recall, edit, or delete the copies that you, other people, or third-party platforms then hold. Deleting the original on OurManifesto.uk (or withdrawing your consent) removes it here, but it does not reach copies that already exist elsewhere. Your UK GDPR rights against us do not extend to those external copies, because we are no longer the party holding them.
Be especially careful where a shared or exported item could be tied to an externally identifiable page (for example, posting your DNA card alongside your real name on another network) — doing so can connect your special-category political data to your real-world identity in a place we cannot protect. Sharing off-site is your own choice and your own act; please treat it as publishing.
We retain your personal data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it by law (e.g. payment records for 7 years under UK tax law). Anonymised aggregate statistics are retained indefinitely.
Under UK GDPR you have the right to:
You can exercise the most common rights yourself, in seconds, from the Privacy & Data tab in your Studio:
For anything else — corrections, restriction of processing, complaints — email hello@ourmanifesto.uk. We will respond within one calendar month. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
We use only strictly necessary cookies (session tokens from Clerk) and do not use third-party advertising or analytics cookies. No cookie consent banner is currently required as a result. If this changes, we will update this policy and introduce appropriate controls.
We also save small drafts of in-progress content (for example, an unsubmitted policy block you are writing in the Studio or Builder) locally in your browser so you do not lose work if you accidentally close the tab. These drafts never leave your device and are not sent to us. The full list of entries is in our Cookie Policy.
We use industry-standard security measures including TLS encryption in transit, bcrypt hashing for sensitive tokens, and access controls on our infrastructure. No system is perfectly secure; please notify us at hello@ourmanifesto.uk if you discover a vulnerability.
Encrypted at rest (column-level). In addition to disk-level encryption, the following fields are encrypted at the column level using an authenticated envelope cipher, so they are unreadable to anyone with raw database access: your email, postcode, Clerk-provided names, Stripe identifiers, every policy headline / summary / implementation body, every comment body, party join/leave comments, feedback messages, your bio, the demographics on your profile (constituency, ward, age band, sex and voting eligibility), your Personal Manifesto name, and the “as-is / go-further / less-far” modifier you attach to a policy when joining a party. Where we need to filter or group on one of these fields (for example, to show constituency-level aggregates) we use a separate keyed hash so the underlying value never has to be decrypted.
Deliberately not encrypted (publicly served by design). A small set of fields is left in plaintext because the whole point is to publish them: your chosen public handle and profile slug; everything on a Party page (ballot parties are public record, and Citizen Parties are a paid publication you have explicitly chosen to publish); and the consent audit trail in special_category_consent (we need to be able to prove to you and to a regulator what wording you agreed to, when, and on which screen).
Keeping your identity separate from your politics — and your part in it. We make every reasonable effort to keep your real-world identity separated from your political data: you appear under a public handle of your choosing rather than your real name, and the sensitive fields listed above are encrypted at rest. But that separation only holds if you do not undo it yourself. It is your responsibility not to type personally identifying information — your real name, postal address, phone number, email address, National Insurance number, or anything else that could identify you — into freetext fields such as comments, your bio, policy and party text, feedback messages, or flag reasons. We do not scan freetext for these identifiers and cannot guarantee they will be caught: our automated moderation gate checks only against a narrow UK criminal-law floor (see section 4 and our Moderation Policy) and is explicitly not a personal-data scanner. If you put identifying information into freetext, you may link your special-category political data to your real identity, and that text is stored and may be published next to your public handle.
For the v1 soft launch, OurManifesto.uk is restricted to adults aged 18 or over. At sign-up every user is required to tick an “I confirm I am 18 or over” box; the tick is recorded with a timestamp on the user record and an entry is appended to our internal admin-PII audit log so we can demonstrate compliance to a regulator. The server independently refuses to complete onboarding, or to grant political-opinions consent, for any account whose 18+ confirmation is missing — so the check cannot be bypassed by editing the client.
We want to re-open OurManifesto.uk to the near-voting demographic (14–17) — the soon-to-be-eligible voters whose political opinions matter to the nation just as much as anyone else’s. The under-18 surfaces in the codebase (the onboarding minor panel, the “Too young to vote? You still matter.” banner, the soon-to-be-voter voting-status option, the Children’s Code-conformant minor experience) are intentionally retained and greyed out as “coming soon” for v2: we plan to expand to the near-voting demographic as soon as we can fund the proper legal review needed to do so safely under the UK Information Commissioner’s Age-Appropriate Design Code (the “Children’s Code”).
If an under-18 account is ever reported to us — for example by a parent or carer who has spotted that a child has signed up despite the 18+ self-declaration — we handle it through the existing account-deletion path. Email hello@ourmanifesto.uk (a parent or carer can email on the child’s behalf) and we will close the account and erase the associated personal data within one calendar month, the same as any other account-deletion request.
For the full picture of how we plan to identify and mitigate risks to under-18s once v2 re-opens, see our Children’s Code Risk Assessment — it remains published as a forward-looking commitment.
We may update this Privacy Policy from time to time. We will notify you of material changes by email. The “last updated” date at the top of this page indicates when it was last revised.