Privacy Policy

Spinney ("we", "us", "our") operates the Spinney platform (web and mobile).

For the UK deployment, Spinney is the data controller for personal data processed to run the platform, including user accounts, community governance, platform safety, and wallet reporting.

Where a purchase is made, the buyer and the listing owner (seller/provider/organiser) may each act as controllers for their own purposes (e.g., fulfilling an order, customer service, tax records).

Account data

• Email, verification status
• Profile info (name/display name, avatar)
• Date of birth and 18+ eligibility status

Platform activity

• Stores you create, communities you create/join, listings you create
• Orders/reservations/contributions and related status history (timeline events)
• Reviews you leave/receive

Messages

• Enquiry and order-thread messages (no general DMs)

Device and usage data

• IP address, device identifiers, log data, analytics events (see Cookies section)

Identity verification (rentals)

If you use Rent listing types requiring verification, we may facilitate identity checks via a third-party verification provider (e.g., Stripe Identity). Verification outcomes/status may be stored.

We use your personal data to:

• Create and manage accounts, authenticate users
• Provide stores, communities, listings and moderation workflows
• Process transactions, allocate fees, handle refunds and disputes
• Provide notifications and customer support
• Prevent fraud, enforce policies, and maintain platform security
• Meet legal and regulatory obligations

We process personal data under one or more lawful bases, including:

• Contract: to provide the platform features you request (account, orders, wallet reporting)
• Legitimate interests: to prevent fraud, secure the platform, and improve reliability
• Legal obligation: to comply with applicable laws (e.g., accounting, dispute handling where required)
• Consent: where required for cookies/marketing (see Cookies)

We may share data with:

• Payment processors (e.g., Stripe) to process payments and payouts
• Infrastructure providers (hosting, storage, email delivery, monitoring)
• Community moderators (limited visibility inside their community for moderation actions)
• Law enforcement/regulators when legally required

We do not sell personal data.

Spinney is UK-first, but we may use suppliers that process data outside the UK. Where international transfers occur, we use appropriate safeguards (e.g., contractual protections) as required.

We retain personal data only as long as necessary for the purposes above, including dispute resolution, fraud prevention, and legal obligations. UK GDPR requires that retention be limited to what's necessary, and does not mandate fixed durations-retention must be justified and documented.

Depending on your circumstances, you may have rights including:

• Access, rectification, erasure
• Restriction, objection
• Data portability
• Withdraw consent (where applicable)

You can also complain to the UK Information Commissioner's Office (ICO).

We use technical and organisational measures designed to protect your data, including encryption in transit, access controls, logging, and monitoring.

We use cookies and similar technologies to:

• Keep you signed in
• Remember preferences
• Understand platform performance

Where required, we present cookie choices and honour them.

For privacy enquiries, please contact us at: