Privacy Policy

Welcome to BubsNest ("we", "our", or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

We are registered in the United Kingdom and comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. If you have any questions about this policy, please contact us at our contact page.

2.1 Information You Provide

We collect information you voluntarily provide when using our services:

• Account Information: Email address, password, and optional profile details when you create an account
• Registry Information: Baby's name, due date, gender (optional), and welcome messages
• Gift Items: Product details, prices, and images from retailer URLs you add to your registry
• Payment Information: When connecting Stripe for group gifts and cash funds, Stripe collects your banking details directly - we do not store your full payment information
• Gift-Giver Information: Names and optional messages from people who mark items as purchased or contribute to gifts
• Communications: Messages you send through our contact forms or support channels

2.2 Information Collected Automatically

When you access our website, we automatically collect:

• Device Information: Browser type, operating system, device type, and screen resolution
• Usage Data: Pages visited, time spent on pages, clicks, and navigation patterns
• Log Data: IP address, access times, and referring URLs
• Cookies: Essential cookies for site functionality and optional analytics cookies (see Section 7)

We use your personal information for the following purposes:

• Provide Our Services: Create and manage your registry, process contributions, and facilitate gift tracking
• Process Payments: Work with Stripe to process group gift and cash fund contributions
• Send Notifications: Email you about purchases, contributions, and account activity (based on your preferences)
• Improve Our Services: Analyse usage patterns to enhance user experience and fix issues
• Customer Support: Respond to your enquiries and provide assistance
• Legal Compliance: Meet our legal obligations and protect against fraud

Under UK GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide our registry services to you
• Legitimate Interests: Improving our services, preventing fraud, and marketing (where appropriate)
• Consent: Where you have given explicit consent, such as for marketing communications
• Legal Obligation: Where we are required to process data by law

We may share your information with:

• Stripe: Our payment processor for handling group gift and cash fund contributions. Stripe's privacy policy applies to payment data they collect
• Supabase: Our database and authentication provider, who stores your account and registry data securely
• Email Service Providers: To send transactional and notification emails on our behalf
• Analytics Providers: Anonymised usage data to help us understand how our service is used
• Registry Viewers: Your registry information (baby name, due date, gift items) is visible to anyone with your registry link if set to public

We do not sell your personal information to third parties. We do not share your email address or personal details with retailers or advertisers.

We retain your personal information for as long as necessary to:

• Provide our services while your account is active
• Comply with legal obligations (e.g., financial records for 7 years)
• Resolve disputes and enforce our agreements

When you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal purposes.

We use cookies and similar technologies to:

• Essential Cookies: Enable core functionality like authentication and security
• Preference Cookies: Remember your settings and preferences
• Analytics Cookies: Understand how visitors use our site (with your consent)

You can control cookies through your browser settings. Disabling essential cookies may affect site functionality.

Under UK GDPR, you have the following rights:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Restriction: Request we limit how we use your data
• Portability: Request your data in a machine-readable format
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, please contact us through our contact page. We will respond within one month.

We implement appropriate security measures to protect your personal information:

• All data is encrypted in transit using TLS/SSL
• Data at rest is encrypted in our database
• Payment processing is handled by PCI-DSS compliant Stripe
• Access to personal data is restricted to authorised personnel
• Regular security assessments and updates

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

Your data may be processed outside the UK by our service providers (e.g., Stripe, Supabase). Where this occurs, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the UK ICO
• Adequacy decisions where the destination country provides adequate protection

Our services are not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice on our website. Your continued use of our services after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

• Via our contact form
• Email: privacy@babyshowerregistry.co.uk

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated: ico.org.uk