Privacy Policy

ILR Tracker · Document Version 1.0 · Last updated: 31 May 2026

Centora Ltd · Company No. 17218097 · Registered in England and Wales

In short

ILR Tracker is operated by Centora Ltd. We collect the data needed to run your account and provide our immigration-tracking tools: your name and email (via Google sign-in), the visa and travel information you enter, and your subscription status. We use privacy-friendly analytics to improve the product, and we only load non-essential analytics and marketing cookies if you consent. We never sell your personal data. You can access, export, correct, or delete your data at any time from your account settings, or by emailing hello@centora.uk.

1. Introduction

This Privacy Policy explains how Centora Ltd (“Centora”, “we”, “us”, or “our”) collects, uses, stores, and protects your personal data when you use the ILR Tracker website and services at ilrtracker.com (the “Service”). It also explains your rights under UK data protection law and how to exercise them.

This Policy is provided in accordance with:

  • the UK General Data Protection Regulation (UK GDPR); and
  • the Data Protection Act 2018.

ILR Tracker is a tool to help you track absences, eligibility, and applications for Indefinite Leave to Remain and British citizenship. It is not a substitute for legal advice. See our Terms of Service for the terms governing your use of the Service.

2. Data Controller

For the purposes of the UK GDPR, the data controller responsible for your personal data is:

  • Company: Centora Ltd
  • Company number: 17218097 (registered in England and Wales)
  • ICO registration: ZC161507
  • Registered office: 124 City Road, London, United Kingdom, EC1V 2NX
  • Data privacy contact: hello@centora.uk

We are not required to appoint a Data Protection Officer, and we have not appointed one. Privacy enquiries are handled by Centora at the contact address above.

3. Information We Collect

3.1 Account information

We use Google Sign-In (OAuth) for authentication. When you create an account, Google provides us with your name and email address. We never receive or store your Google password.

3.2 Immigration and travel information you enter

To provide our tools, we store the information you choose to enter, which may include:

  • travel history (trip dates, destinations, and reasons);
  • visa type, immigration status, and key dates;
  • application and decision dates you record (for example, ILR or naturalisation submission, biometrics, and decision dates);
  • Life in the UK test practice attempts and application-document progress; and
  • any other details you enter into our calculators, planners, or forms.

This information relates to your immigration circumstances. While it is not “special category” data under Article 9 of the UK GDPR, we recognise it is sensitive and we handle it with particular care.

3.3 Subscription and payment information

Payments are processed by Stripe. We do not collect or store your full card details. We receive and store a record of your transactions and subscription status (for example, plan, billing period, and renewal or cancellation state) to provide and manage your access.

3.4 Usage, analytics, and device data

When you use the Service we (and our analytics providers) may automatically collect usage data such as IP address, approximate location, browser and device type, pages visited, features used, referral or campaign (UTM) information, and error reports. With your consent, our analytics provider may also record anonymised session replays of how the app is used to help us diagnose problems and improve the product; input fields are masked where this feature is enabled.

3.5 Support communications

If you contact us, we collect your email address, the content of your message, and any information you choose to share. We use this solely to provide support.

4. How We Use Your Data and Legal Basis

We only process personal data where we have a lawful basis under the UK GDPR:

  • To provide the Service — creating and managing your account, storing your trips and visa data, running calculations, generating reports, and providing notifications you enable. Legal basis: performance of a contract (Art. 6(1)(b)).
  • To keep the Service secure and working — authentication, fraud and abuse prevention, debugging, and core product improvement. Legal basis: our legitimate interests in operating and securing the Service (Art. 6(1)(f)).
  • For analytics, session replay, and marketing — non-essential analytics cookies, session replay, advertising pixels, and any marketing emails. Legal basis: your consent (Art. 6(1)(a)), which you can withdraw at any time.
  • To meet legal obligations — for example, keeping transaction and tax records. Legal basis: legal obligation (Art. 6(1)(c)).
  • Service and account emails — important updates about your account, security, or material changes to the Service. Legal basis: performance of a contract and our legitimate interests (Art. 6(1)(b) and (f)).

5. Cookies and Tracking

We use essential cookies to keep you signed in and to remember your preferences. With your consent, we also use non-essential cookies and similar technologies for analytics and marketing. Non-essential cookies are not set unless and until you consent through our cookie banner, and you can change your choice at any time.

For a full description of the cookies and third-party services we use, please see our Cookie Policy.

6. Data Sharing and Processors

We do not sell, rent, or trade your personal data. We share data only with the service providers (processors) that help us run the Service, where required by law, or in connection with a business transfer. Our key processors are:

  • Supabase — authentication and database hosting for your account and data (EU region).
  • Vercel — application hosting and content delivery.
  • Stripe — payment processing and subscription management.
  • PostHog — product analytics and session replay (EU region).
  • Google — Google Sign-In (authentication) and Google Analytics (web analytics).
  • Reddit — advertising and conversion measurement pixel (loaded only with your marketing consent).
  • Resend — delivery of transactional and notification emails.

Each processor is bound by a data processing agreement and may only use your data on our instructions. We may also disclose data where required by law, court order, or a valid government request, or to protect our rights, our users, or the public. If Centora is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction; we will notify you of any such change.

7. International Data Transfers

Your account and immigration data are stored in the EU (Supabase, PostHog). Some of our providers — in particular Google Analytics and the Reddit advertising pixel — process data in the United States. Where data is transferred outside the UK, we rely on appropriate safeguards recognised under UK law, such as the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or the UK Extension to the EU–US Data Privacy Framework, depending on the provider.

8. Data Retention

We keep personal data only for as long as necessary for the purposes set out in this Policy:

  • Account, visa, and travel data: retained while your account is active, and deleted within 30 days of account closure. Residual copies in encrypted backups are overwritten within 90 days.
  • Transaction and tax records: retained for up to 6 years to comply with UK tax and accounting law.
  • Analytics data: retained for up to 14 months; session replays are retained for a shorter period.
  • Support communications: retained for up to 24 months.
  • Consent records: retained as evidence of your cookie and marketing choices.

9. Data Security

We use appropriate technical and organisational measures to protect your data, including encryption in transit and at rest, row-level access controls so users can only access their own records, secure authentication, and industry-standard hosting. No method of transmission or storage is completely secure, and we cannot guarantee absolute security, but we work to protect your data and to notify you and the ICO of any qualifying personal data breach as required by law.

10. Your Rights

If you are in the UK or EU/EEA, you have the right to:

  • Access — request a copy of the personal data we hold about you;
  • Rectification — request correction of inaccurate or incomplete data;
  • Erasure — request deletion of your data (the “right to be forgotten”);
  • Restriction — request that we limit how we process your data;
  • Objection — object to processing based on our legitimate interests;
  • Portability — receive your data in a structured, machine-readable format;
  • Withdraw consent — withdraw consent at any time where processing is based on consent (for example, analytics or marketing cookies); and
  • Complain — lodge a complaint with the Information Commissioner’s Office (see Section 15).

You can exercise most rights directly: access and export your data from your account settings, edit records in the app, and delete your account and data from Settings. For anything else, email hello@centora.uk. We respond to requests within one month, free of charge, and may ask you to verify your identity first.

11. Data Deletion Requests

You can request complete deletion of your data at any time:

  • In-app: delete your account from Settings, which removes your account and associated data.
  • Email: send a request to hello@centora.uk with the subject line “Data Deletion Request”.

On a verified request we will delete or anonymise your personal data within 30 days and confirm by email, except where we are required to retain certain records (for example, transaction records for tax purposes).

12. Children’s Privacy

The Service is intended for adults managing their own UK immigration journey and is not directed at children. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us at hello@centora.uk and we will delete it.

13. Automated Decision-Making

Our calculators and planners produce estimates and guidance based on the information you enter. These are tools to assist you — they do not make decisions about you that produce legal or similarly significant effects, and we do not carry out automated decision-making within the meaning of Article 22 of the UK GDPR. Always verify results with GOV.UK or a qualified immigration adviser.

14. Changes to This Policy

We may update this Policy from time to time. We will post changes on this page and update the “Last updated” date above, and we will notify you of significant changes by email or in-app notice where appropriate.

15. Supervisory Authority (ICO)

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the UK supervisory authority:

  • Information Commissioner’s Office (ICO)
  • Website: ico.org.uk
  • Helpline: 0303 123 1113

We would, however, appreciate the chance to address your concerns before you approach the ICO.

16. Contact Us

For any questions about this Privacy Policy or your data, contact us:

  • Email: hello@centora.uk
  • Post: Centora Ltd, 124 City Road, London, United Kingdom, EC1V 2NX