This policy explains how Brandaspot, operated by [your legal/company name], handles personal data, in line with the UK GDPR and the Data Protection Act 2018.
Who is the data controller?
- For merchant accounts (people who sign up to build a store), Brandaspot is the data controller.
- For storefront customers (people who book, enquire or order from a merchant), the merchant is the controller of that data and Brandaspot acts as their processor.
What we collect
- Account data: your name, email and authentication details.
- Store content: business details, images, services and products you add.
- Customer data: names, emails, phone numbers and order or booking details submitted through a storefront.
- Usage data: basic, privacy-respecting analytics such as storefront view counts.
Why we use it (legal bases)
- To provide the Service and your account (contract).
- To take payments for subscriptions (contract / legal obligation).
- To keep the Service secure and improve it (legitimate interests).
Processors we use
- Supabase — database, authentication and file storage (hosting your account and store data).
- Stripe — subscription payments. We do not store your card details; Stripe processes them.
- Vercel — application hosting and delivery.
International transfers
Some processors may store or process data outside the UK. Where they do, appropriate safeguards (such as UK-approved transfer mechanisms) are relied upon.
Retention
We keep personal data for as long as your account is active and as needed to provide the Service and meet legal obligations. You can ask us to delete your account data.
Your rights
You have the right to access, correct, delete, restrict or object to processing of your personal data, and to data portability. To exercise these rights, contact us. You can also complain to the Information Commissioner’s Office (ICO).
Cookies
We use essential cookies for signing in and keeping you logged in. We do not use advertising cookies.
Contact
For any privacy question or request, email [your privacy email].