← Back

Privacy Policy

Last Updated: January 2025

1. Introduction

Welcome to StallSync's Privacy Policy. StallSync (“we”, “us”, or “our”) operates the StallSync platform (the “Service”) which connects event hosts with stallholders and food vendors.

This Privacy Policy informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

2. Data Controller Information

StallSync is the data controller responsible for your personal data.

Contact Information:

Email: hello@stallsync.co.uk

3. Information We Collect

3.1 Information You Provide Directly

Account Information:

  • Name (individual or business name)
  • Email address
  • Phone number
  • Password (encrypted)
  • Account type (Event Host, Stallholder, Food Vendor)

Profile Information:

  • Business description
  • Profile images and logos
  • Location/address information
  • Website and social media links
  • Cuisine types (for food vendors)
  • Product categories (for stallholders)
  • Operating hours and availability

Event Information:

  • Event names and descriptions
  • Event locations and dates
  • Participant lists
  • Event requirements and facilities

Financial Information:

  • Stripe Connect account details (for event hosts)
  • Payment card information (processed by Stripe)
  • Transaction history
  • Stall pricing information
  • Banking details for payouts

Documentation:

  • Insurance certificates
  • Food hygiene certificates
  • Business licenses
  • Health and safety documentation
  • Gas safety certificates
  • Other compliance documents

3.2 Information We Collect Automatically

Usage Data:

  • Pages visited
  • Features used
  • Click patterns
  • Search queries
  • Time spent on pages

Device Information:

  • IP address
  • Browser type and version
  • Operating system
  • Device type (mobile, desktop)
  • Language preferences
  • Time zone

4. How We Use Your Information

To Provide Our Service:

  • Create and manage your account
  • Connect event hosts with suitable stallholders
  • Process bookings and payments
  • Send booking confirmations and reminders
  • Calculate travel times and distances
  • Manage your availability calendar

To Improve Our Service:

  • Analyze usage patterns
  • Develop new features
  • Optimize matching algorithms
  • Fix bugs and technical issues

To Communicate With You:

  • Send transactional emails (bookings, payments)
  • Platform notifications
  • Marketing communications (with consent)
  • Service updates and announcements
  • Customer support

5. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

Contract Performance:Account creation, booking processing, payment handling
Legitimate Interests:Service improvements, fraud prevention, analytics
Legal Compliance:Tax reporting, anti-money laundering checks, court orders
Consent:Marketing communications, non-essential cookies

6. How We Share Your Information

6.1 With Other Users

Event Hosts can see:

  • Stallholder business names and descriptions
  • Contact information (after booking)
  • Insurance and compliance status
  • Availability
  • Reviews and ratings

Stallholders can see:

  • Event details and requirements
  • Event host contact information
  • Other participants (after booking)
  • Venue information

6.2 With Service Providers

Stripe: Payment processing
Supabase: Database and authentication
Vercel: Hosting services
SendGrid: Email delivery
Google Analytics: Usage analytics

7. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations:

Account dataDuration of account plus 30 days
Transaction records7 years (tax compliance)
Messages2 years after last activity
Compliance documents12 months after event or expiry
Analytics data2 years

8. Your Data Rights

Access Rights

Request a copy of the personal data we hold about you

Correction Rights

Update your information through account settings or contact us

Deletion Rights

Request deletion of your account and personal data

Portability Rights

Request your data in a structured, machine-readable format

Objection Rights

Object to marketing communications or certain processing activities

Restriction Rights

Request we limit processing of your data in certain circumstances

9. Data Security

Technical Measures

  • Encryption of data in transit (HTTPS)
  • Encryption of sensitive data at rest
  • Secure password hashing
  • Regular security audits
  • Access controls and authentication

Data Breach Procedures

In case of a data breach, we will:

  • Notify affected users within 72 hours
  • Notify relevant authorities as required
  • Take immediate steps to mitigate damage
  • Document the incident and response

10. Children's Privacy

StallSync is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If we discover we have collected data from a child, we will delete it immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Email notification
  • Platform notification
  • Prominent notice on our website

12. Contact Us

For privacy-related questions or to exercise your rights:

Email: hello@stallsync.co.uk

You also have the right to lodge a complaint with your local data protection authority.