Privacy Policy
This Privacy Policy explains how WardenFox, a sole trader in the United Kingdom (“we”, “us”, “our”), collects, uses and protects personal data when you use the WardenFox inventory and point-of-sale software and website (the “Service”). We are committed to handling your data in line with the UK GDPR and the Data Protection Act 2018.
1. Who we are
The data controller for personal data about you (the account holder and your staff) is:
- Business: WardenFox, operated by [your full name] as a sole trader in the UK
- Address for service: [your business address]
- Contact: [email protected]
- ICO registration: [ICO number — register at ico.org.uk]
Important — data about your own customers. When you, as a shop owner, enter information about your customers (names, contact details, purchase history) into WardenFox, you are the data controller of that information and we are your data processor. We only process it on your instructions to provide the Service. You are responsible for having a lawful basis to collect it and for your own privacy notice to your customers. A Data Processing Agreement is available on request.
2. What data we collect
- Account & profile: name, email, password (stored only as a secure hash), shop name, role, and till PINs (hashed).
- Billing: your plan and subscription status. Card payments are handled by Stripe; we do not store your full card details.
- Your shop data: the inventory, sales, stock counts, suppliers, purchase orders, waste and customer records you create in the Service.
- Usage & analytics: with your consent, how you use the Service (pages visited, features used) via PostHog. When enabled, this is linked to your account (your email, role and plan) so we can understand how shops of different sizes use WardenFox. It does not capture your shop data (stock, sales or customer records) and does not record your screen. See “Cookies” below.
- Technical & security: IP address, browser type, log and error data (via Sentry) needed to run, secure and debug the Service.
3. How we use your data and our legal bases
| Purpose | Legal basis (UK GDPR) |
|---|---|
| Provide the Service, your account and support | Performance of our contract with you |
| Take payment and manage subscriptions | Performance of contract; legal obligation (tax/accounting) |
| Keep the Service secure, prevent fraud/abuse, fix bugs | Our legitimate interests |
| Product analytics to understand and improve the Service | Your consent (you can withdraw it any time) |
| Send service emails (password resets, receipts, important notices) | Performance of contract / legitimate interests |
| Comply with the law and respond to lawful requests | Legal obligation |
4. Cookies & analytics
We use a small number of cookies/local storage:
- Essential — needed to log you in, keep you signed in, and remember settings (e.g. theme, your cookie choice). These don’t need consent.
- Analytics (optional) — PostHog, used only if you click “Accept all” on our cookie banner, to see how the Service is used so we can improve it.
You choose when you first visit, and can change your mind any time by clearing your browser’s site data for WardenFox. Choosing “Only essential” means no analytics cookies are set and PostHog is never loaded.
5. Who we share your data with (sub-processors)
We do not sell your data. We share it only with trusted providers who help us run the Service, under contract and only as needed:
| Provider | Purpose |
|---|---|
| Stripe | Payment processing & subscriptions |
| Fasthosts (UK) | Server, database & cache hosting — data stored in the UK |
| Cloudflare | DNS, content delivery & security (DDoS/WAF) |
| PostHog | Product analytics (only with your consent) |
| Sentry | Error monitoring |
| Hostinger | Sending service emails |
6. International transfers
Some of our providers are based outside the UK. Specifically, Stripe (payment processing), Cloudflare (security), PostHog (analytics), and Sentry (error monitoring) are US-based. Where data is transferred internationally we rely on appropriate safeguards such as the UK International Data Transfer Agreement or Standard Contractual Clauses, and we minimise what is transferred. Our servers and database are hosted in the UK by Fasthosts.
7. How long we keep it
We keep your account and shop data for as long as your account is active. After you close your account, we delete or anonymise personal data within 90 days, except where we must keep certain records longer to meet legal obligations (e.g. invoices for tax). Backups are rotated and expire automatically.
8. How we protect your data
We use encryption in transit (HTTPS/TLS), encrypted database connections, strict per-shop data isolation, hashed passwords and PINs, optional two-factor authentication, access controls, and regular backups. No system is perfectly secure, but we work hard to protect your information.
9. Your rights
Under UK data protection law you have the right to: access your data; correct it; erase it; restrict or object to processing; data portability; and withdraw consent (for anything based on consent) at any time. To exercise any of these, email [email protected]. You can also export your shop data yourself at any time from Settings → Export & Data. If you’re unhappy with how we handle your data you can complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk.
10. Children
The Service is for businesses and is not directed at children. We do not knowingly collect data from anyone under 18.
11. Changes to this policy
We may update this policy from time to time. We’ll post the new version here and, for significant changes, let you know by email or in the app.
12. Contact
Questions about your privacy? Email [email protected] or write to us at [your business address].