Tarnshire
Legal

Privacy policy.

The formal GDPR-compliant privacy policy is being drafted with our data-protection adviser and will be published before any personal data is collected at scale.

Last updated: May 2026

Placeholder

Tarnshire's formal legal documents are being drafted with a UK solicitor and will be published here in Q3 2026, before the brand begins commercial trading. The plain-English summary below describes the policy that the formal document will codify. If you need the formal terms before Q3 2026, email hello@tarnshire.co.uk and we'll share the draft.

Intended policy

  • 01Data minimisation — Tarnshire collects only the data needed to deliver the service: postcode, contact details, booking history, payment method. No more.
  • 02Purpose limitation — booking data is used to deliver the booking. Payment data is used to take payment. Contact data is used to contact you about your service. Nothing else.
  • 03Storage and security — data held in Supabase London region (eu-west-2), encrypted at rest, accessed only via authenticated requests. Row-Level Security policies ensure customers see only their own data.
  • 04Third-party processors — Stripe for payments, Resend for transactional email, Vercel for hosting. All UK or EU-based or with UK adequacy decisions in place.
  • 05Your rights — access, rectification, erasure, portability, objection. Email hello@tarnshire.co.uk and we respond within 30 days as the UK GDPR requires.
  • 06Cookies and analytics — see the separate cookies policy. Tarnshire does not use behavioural advertising trackers.