Search Stables
Log inSign up

Privacy Policy

Last updated: February 2025 · [LEGAL REVIEW REQUIRED]

1. Who We Are

StableStop is a UK-based online marketplace for short-term horse stabling. For the purposes of UK GDPR and the Data Protection Act 2018, StableStop is the data controller. If you have questions about this policy, contact us at privacy@stablestop.co.uk.

2. Data We Collect

We collect the following categories of personal data:

  • Account information — name, email address, password (hashed), phone number, role (rider/host).
  • Profile information — profile photo, bio, yard details (for hosts), horse details (for riders).
  • Booking data — dates, stabling details, messages between riders and hosts, reviews and ratings.
  • Payment data — processed by Stripe; we do not store full card details. We retain transaction IDs, amounts, and Stripe Connect account references.
  • Technical data — IP address, browser type, device information, cookies, and usage analytics.

3. How We Use Your Data

  • To provide and operate the Platform (contract performance).
  • To process payments and payouts via Stripe.
  • To send booking confirmations and account notifications.
  • To display your listing or profile to other users of the Platform.
  • To improve the Platform through anonymised analytics (legitimate interest).
  • To send marketing communications (consent-based — you can unsubscribe at any time).
  • To comply with legal obligations (e.g. financial record-keeping).

4. Legal Basis for Processing

We process your personal data under the following legal bases as defined by UK GDPR:

  • Contract — processing necessary to perform our contract with you (e.g. managing bookings, facilitating payments).
  • Legitimate interest — improving our services, preventing fraud, ensuring platform security.
  • Consent — marketing emails. You may withdraw consent at any time.
  • Legal obligation — tax and financial record-keeping requirements.

5. Data Sharing

We share personal data with:

  • Stripe — for payment processing (Stripe's privacy policy applies).
  • SendGrid — for transactional emails.
  • Other users — your public profile information, listing details, and reviews are visible to other Platform users.
  • Law enforcement — where required by law or court order.

We do not sell your personal data to third parties.

6. Data Retention

We retain your account data for as long as your account is active. After account deletion, we retain anonymised booking and financial records for 7 years to comply with HMRC requirements. Technical logs are retained for 90 days.

7. Your Rights

Under UK GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your data (subject to legal retention requirements).
  • Portability — receive your data in a structured, machine-readable format.
  • Object — object to processing based on legitimate interest.
  • Restrict processing — request that we limit how we use your data.

To exercise any of these rights, email privacy@stablestop.co.uk. We will respond within 30 days.

8. Cookies

We use essential cookies to keep you logged in and to remember your preferences. We may use analytics cookies (e.g. Google Analytics) to understand how the Platform is used. You can manage cookie preferences in your browser settings.

[LEGAL REVIEW REQUIRED: Implement cookie consent banner before launch.]

9. International Transfers

Your data is primarily stored on servers within the United Kingdom or European Economic Area. Where data is transferred outside the UK (e.g. to Stripe or SendGrid servers in the US), we ensure adequate safeguards are in place, including Standard Contractual Clauses approved by the ICO.

10. Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), hashed passwords (bcrypt), and access controls. However, no system is completely secure, and we cannot guarantee absolute security.

11. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by email or via a notice on the Platform. Your continued use of the Platform after changes constitutes acceptance.

12. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.