Privacy Policy
Gazeboo
Last updated: 1 May 2026
Effective date: 1 May 2026
Who we are
Gazeboo is operated by Daniel Clarke, trading as Gazeboo ("Gazeboo", "we", "us", "our"). We are the data controller for personal data collected through gazeboo.co.uk and the Gazeboo platform.
Contact us at [email protected].
ICO registration details will be added to this policy once confirmed.
What this policy covers
This policy explains:
- What personal data we collect.
- Why we collect it and how we use it.
- The legal basis for each type of processing.
- Who we share it with.
- How long we keep it.
- Your rights under UK GDPR.
- How to exercise those rights.
This policy applies to visitors to gazeboo.co.uk, people who join the waitlist, and registered Gazeboo users once the platform launches.
The data we collect
Waitlist signups
When you join the Gazeboo waitlist we collect:
| Data | Why |
|---|---|
| Email address | To contact you about Gazeboo launch updates |
| Name, if provided | To address you personally |
| Role | To send relevant information for traders, organisers, or visitors |
Legal basis: consent. You can withdraw consent at any time by emailing [email protected].
Account registration
When you create a Gazeboo account we collect:
| Data | Why |
|---|---|
| Email address | Account identity and communications |
| Name | Account identity |
| Authentication method | Magic link, Google OAuth, or Apple OAuth |
Legal basis: contractual necessity. We never store passwords.
Trader profiles
When you build a trader profile we may collect:
| Data | Why |
|---|---|
| Business name, trading name, and description | Public profile display |
| Product categories | Marketplace discovery and category mix features |
| Location postcode | Distance calculations; not shown publicly |
| Photos and social links | Public profile display |
| Public liability insurance details | Compliance checks for market applications |
| FSA establishment number and food hygiene rating | Food hygiene verification through the public FHRS API |
Legal basis: contractual necessity for core profile fields and legitimate interests for compliance fields. Organisers have a legitimate interest in reviewing insurance and food hygiene information before accepting applications.
Your postcode is used to calculate distance to markets. It is stored privately and is not displayed publicly. Where we geocode a postcode, we use Postcodes.io and send the postcode only.
We aim to strip EXIF metadata from uploaded photos before storage.
Organiser profiles and market listings
When you create an organiser profile or market listing we may collect:
| Data | Why |
|---|---|
| Organisation name and description | Public organiser profile |
| Contact details | Platform communication and, where chosen, public contact display |
| Market name, description, type, venue, dates, and times | Public market listings |
| Pitch types, pricing, requirements, and cancellation policy | Listing, application, and booking functionality |
| Market photos | Public listing display |
Legal basis: contractual necessity.
Applications, bookings, and payments
When you apply for or book a market pitch we may collect:
| Data | Why |
|---|---|
| Pitch requirements and setup details | Application processing and organiser review |
| Product description and notes | Application processing |
| Compliance declarations | Organiser review and platform record keeping |
| Booking history | Platform functionality, support, dispute handling, and financial records |
| Payment information | Processed by Stripe; Gazeboo does not store raw card data |
Legal basis: contractual necessity for applications and bookings. We retain financial records where required by law, including HMRC record-keeping obligations.
All card payments are processed by Stripe. We do not see or store raw card numbers or CVV codes. You can read Stripe's privacy policy at stripe.com/gb/privacy.
Reviews, messaging, and disputes
When you use reviews, messaging, or dispute features we may collect:
| Data | Why |
|---|---|
| Ratings and written reviews | Trust and reputation features |
| Messages between traders and organisers | Platform communication and dispute resolution |
| Dispute descriptions, evidence, and outcomes | Support, moderation, and legal record keeping |
Legal basis: contractual necessity and legitimate interests. We have a legitimate interest in operating a fair and safe marketplace.
Messages may be processed by Stream Chat. You can read Stream's privacy policy at getstream.io/legal/privacy-policy.
Notifications
If you enable push notifications we may collect device tokens and notification preferences.
Legal basis: consent. You control notification permissions through your device/browser and Gazeboo preferences.
Technical and usage data
When you visit gazeboo.co.uk we may collect:
| Data | Why |
|---|---|
| IP address | Security, fraud prevention, and service delivery |
| Browser and device information | Compatibility and debugging |
| Pages visited and referrer information | Product improvement and analytics |
| Error logs | Identifying and fixing technical issues |
Legal basis: legitimate interests. We have a legitimate interest in keeping Gazeboo secure, reliable, and useful.
Cloudflare Web Analytics is cookieless and may be injected by Cloudflare at the CDN edge. See our Cookie Policy for more detail.
How we use your data
We use personal data to:
- Provide the Gazeboo platform.
- Manage waitlist and launch communications.
- Enable traders to find and apply to markets.
- Enable organisers to list markets and manage applications.
- Process bookings, payments, and refunds.
- Operate reviews, messaging, disputes, and safety features.
- Send service communications and notifications.
- Meet legal obligations.
- Understand and improve the platform.
We do not use your data for automated decision-making that has a legal or similarly significant effect on you.
Who we share your data with
We do not sell your personal data and we do not share it with advertisers.
We use the following processors and service providers where needed to operate Gazeboo:
| Processor | Purpose | Location |
|---|---|---|
| Supabase | Database and authentication | EU-hosted project |
| Stripe | Payment processing and payouts | International |
| Resend | Transactional email delivery | International |
| Stream Chat | In-platform messaging | International |
| OneSignal | Push notifications | International |
| Cloudflare | DNS, CDN, HTTPS, security, and analytics | International |
| Postcodes.io | UK postcode geocoding | UK |
| FHRS API | Food hygiene rating lookup | UK |
Where personal data is transferred outside the UK, we rely on appropriate safeguards such as adequacy regulations, Standard Contractual Clauses, or processor terms designed to protect personal data to UK GDPR standards.
We may also share data with law enforcement, regulatory bodies, the ICO, or other authorities where required by law or necessary to protect Gazeboo, our users, or others.
Public and private data
Some information may be publicly visible once the platform launches:
- Market listings, including venue, dates, pitch types, pricing, and accepted categories.
- Organiser profile information chosen for public display.
- Trader public profile information chosen for public display.
- Published reviews and ratings.
Some information is private or only visible in limited contexts:
- Account credentials and authentication data.
- Private contact details unless you choose to display them.
- Location postcode and internal coordinates.
- Booking history and financial records.
- Messages and disputes.
- Application details shown to relevant organisers during review.
Data retention
We keep data for as long as needed for the purpose it was collected, or as required by law.
| Data | Retention period |
|---|---|
| Waitlist signups | Until you withdraw consent or the waitlist is migrated into account communications |
| Account and profile data | Until account deletion is processed, subject to retention rules below |
| Booking and payment records | 6 years from the transaction date where needed for tax and accounting |
| Dispute records | Up to 6 years from resolution |
| Review records | Until account deletion, then anonymised where retained |
| Error logs | Usually up to 90 days |
| Push notification tokens | Until disabled, expired, or account deletion is processed |
When you request account deletion, Gazeboo applies a 7-day grace period before deletion is processed. After that, profile data, photos, payment methods, and account credentials are deleted where possible. Booking and financial records may be anonymised rather than deleted where we have a legal obligation or legitimate reason to retain them.
Your rights under UK GDPR
You have the following rights:
- Right of access: request a copy of your personal data.
- Right to rectification: ask us to correct inaccurate or incomplete data.
- Right to erasure: ask us to delete your personal data, subject to legal retention requirements.
- Right to restriction: ask us to restrict processing in certain circumstances.
- Right to data portability: request data in a portable format where applicable.
- Right to object: object to processing based on legitimate interests.
- Right to withdraw consent: withdraw consent where consent is the legal basis.
- Right to complain: complain to the Information Commissioner's Office.
You can contact the ICO at ico.org.uk/make-a-complaint or by calling 0303 123 1113.
How to exercise your rights
Email [email protected] with the subject line "Data Rights Request" and tell us what you would like to do.
We will verify your identity before processing the request. We will not send personal data to an email address unless we are satisfied it belongs to the person making the request.
We aim to respond to valid data rights requests within one month, as required by UK GDPR.
Data security
We use technical and organisational measures to protect personal data, including:
- TLS encryption for data in transit.
- Database security controls and row-level security where appropriate.
- Restricted access to production systems.
- Stripe-hosted payment handling so Gazeboo does not handle raw card data.
- Error monitoring designed to avoid exposing full personal data.
If a personal data breach creates a risk to your rights and freedoms, we will notify the ICO and affected users where required by law.
Cookies
See our Cookie Policy for details about cookies, browser storage, consent preferences, and analytics.
Children
Gazeboo is not intended for use by anyone under 18. We do not knowingly collect personal data from anyone under 18. If you believe someone under 18 has provided personal data, contact us and we will delete it where appropriate.
Changes to this policy
We may update this policy as Gazeboo develops. When we make significant changes, we will update the "Last updated" date and, where appropriate, notify registered users.
Contact
Data controller: Daniel Clarke, trading as Gazeboo
Email: [email protected]
Website: gazeboo.co.uk