This Privacy Policy explains how Braidrr Ltd ("Braidrr") collects, uses, and protects your personal data. Braidrr is the data controller for the personal data we process about you. We comply with the UK GDPR and the Data Protection Act 2018.
1. Data we collect
- Account data — name, email, password hash, phone (if verified).
- Profile data — avatar, bio, business name, services, photos (Providers).
- Location data — your approximate location to find providers near you. We never share precise location with other users until a booking is confirmed.
- Booking data — services booked, prices, scheduled times, messages, attachments.
- Payment data — handled by Stripe. Braidrr does not store full card numbers.
- Device data — IP address, browser, device type, cookies (see Cookie Policy).
2. How we use your data
- To operate the marketplace (matching, booking, messaging, payments).
- To verify identity and prevent fraud.
- To send transactional emails (booking confirmations, receipts, security alerts).
- To improve the product and respond to support requests.
3. Legal bases
We process personal data on the basis of contract (to provide the service you have requested), legitimate interests (fraud prevention, product analytics), legal obligation (tax, anti-money-laundering), and consent (marketing, optional cookies).
4. Sharing
We share data with sub-processors required to operate the service: Stripe (payments), Supabase (hosting/database), Mapbox/OpenStreetMap (mapping). We do not sell personal data. When a booking is confirmed, we share the contact details and location needed for the appointment between customer and provider.
5. Retention
We retain personal data for as long as your account is active and for up to 6 years after closure to comply with tax and dispute-resolution obligations.
6. Your rights
Under UK GDPR you have the right to access, correct, delete, or export your personal data, and to object to or restrict processing. Email privacy@braidrr.com to exercise any of these rights. You may also complain to the Information Commissioner's Office (ICO) at ico.org.uk.
7. International transfers
Some of our sub-processors are based outside the UK. Where data is transferred, we rely on UK adequacy regulations or standard contractual clauses to ensure equivalent protection.
8. Security
We use encryption in transit (TLS), at-rest encryption for our database, and role-based access controls. No system is perfectly secure — please use a strong, unique password and enable two-factor authentication when available.