Privacy Policy

1. Introduction

SiteSeedling Ltd ("we", "our", or "us") is a UK-registered company committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

2. Information We Collect

2.1 Information You Provide

We collect information that you provide directly to us, including:

• Account registration information (name, email address, password, business or practice name)
• Profile information (business details, team member profiles, service descriptions)
• Contact form submissions (name, email, phone, message)
• Payment information (processed securely through Stripe)
• Communications with our support team

2.2 Automatically Collected Information

When you access our services, we automatically collect certain information, including:

• Log data (IP address, browser type, pages visited, time spent)
• Device information (device type, operating system)
• Cookies and similar tracking technologies
• Usage data (features used, actions taken)

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Process your transactions and send related information
• Send you technical notices, updates, and support messages
• Respond to your comments, questions, and customer service requests
• Monitor and analyse trends, usage, and activities
• Detect, prevent, and address technical issues and security vulnerabilities
• Comply with legal obligations and enforce our terms

4. Legal Basis for Processing (UK GDPR)

As a UK-registered company, we process your personal data under the UK General Data Protection Regulation (UK GDPR) based on the following legal grounds:

• Contract Performance: Processing necessary to provide our services
• Legitimate Interests: Improving our services, fraud prevention, security
• Consent: When you've given explicit consent (e.g., marketing emails)
• Legal Obligations: Compliance with UK law

5. Data Sharing and Disclosure

5.1 Service Providers

We share information with third-party service providers who perform services on our behalf. We are transparent about the services we use:

• Stripe: Payment processing. Stripe processes payments under UK/EU data processing agreements. We are actively exploring UK-based payment alternatives.
• UK-based hosting: Our web servers and database are hosted on UK-based servers. Your business data is stored under UK jurisdiction.
• Cloudflare: Website security and performance (CDN/DDoS protection). Cloudflare acts as a proxy layer that routes traffic but does not store your data at rest. Your data at rest remains on our UK servers.
• Postmark: Transactional email delivery (e.g., password resets, notifications). Email content is transient and not stored long-term.
• Sentry: Error tracking and performance monitoring. Contains only technical error logs, not customer personal data.

5.2 Legal Requirements

We may disclose your information if required by UK law or in response to valid requests by UK public authorities. As a UK-registered company, we are not subject to the US CLOUD Act or other foreign data access legislation.

5.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

6. Data Retention

We retain your personal information for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Active accounts: Data retained for the duration of your account
• Closed accounts: Data retained for 30 days, then deleted
• Legal requirements: Financial records retained for 7 years as required by UK law

7. Data Security

We implement appropriate technical and organisational measures to protect your personal information, including:

• Encryption in transit (TLS/SSL) and at rest
• Regular security assessments and updates
• Access controls and authentication
• Daily backups stored securely
• UK-based data storage under UK jurisdiction

8. Your Rights (UK GDPR)

Under the UK GDPR, you have the following rights regarding your personal information:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we use your data
• Portability: Receive your data in a machine-readable format
• Objection: Object to processing based on legitimate interests
• Withdraw consent: Withdraw consent at any time where we rely on consent

To exercise these rights, please contact us at [email protected].

9. Cookies

We use cookies and similar tracking technologies to track activity on our service. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. See our Cookie Policy for more information.

10. Third-Party Links

Our service may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to review their privacy policies.

11. Children's Privacy

Our services are not intended for children under 16. We do not knowingly collect personal information from children under 16.

12. International Data Transfers

Your data is stored on UK-based servers under UK jurisdiction. Some of our service providers (such as Cloudflare for website security and Stripe for payment processing) may process data internationally. Where data is transferred outside the UK, we ensure appropriate safeguards are in place, including UK International Data Transfer Agreements or equivalent protections.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

14. Contact Us

If you have any questions about this Privacy Policy, please contact us:

• Email: [email protected]
• Contact Form: https://heritage-joinery.siteseedling.com/get-in-touch

15. Data Protection Officer

For data protection queries, you can contact our Data Protection Officer at [email protected].

16. Supervisory Authority

If you are in the UK, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): www.ico.org.uk