Registered name:
Ourly UK
We are the controller of your personal data. This privacy notice explains how we collect, use, store, and share your personal information, and outlines your rights under UK data protection law.
Contact details
Email:
jack.haith@ourly.uk
What information we collect, use, and why
To provide services and goods
We collect or use:
- Names and contact details
- Account information
- Website user information (including user journeys and cookie tracking)
- Photographs or profile images
- Records of meetings and decisions
- Information relating to compliments or complaints
To operate customer accounts
We collect or use:
- Names and contact details
- Account registration details
- Information used for security purposes
For service updates or marketing purposes
We collect or use:
- Names and contact details
- Marketing preferences
- Records of consent, where appropriate
To comply with legal requirements
We collect or use:
- Name
- Contact information
- Financial transaction information
To deal with queries, complaints, or claims
We collect or use:
- Names and contact details
- Account information
- Purchase or service history
- Customer or client records
- Financial transaction information
- Correspondence
Lawful bases and data protection rights
Under UK data protection law, we must have a lawful basis for collecting and using your personal information. Which basis applies may affect your rights.
Your rights include:
- Right of access – request copies of your personal data
- Right to rectification – correct inaccurate or incomplete data
- Right to erasure – request deletion of your data
- Right to restriction – limit how your data is used
- Right to object – object to certain processing
- Right to data portability – receive or transfer your data
- Right to withdraw consent – where consent is the lawful basis
We must respond to requests within one month.
To exercise your rights, contact us using the details above.
Our lawful bases for processing
Providing services and goods
- Contract – to deliver the service you have agreed to
- Legal obligation – to comply with applicable laws
- Legitimate interests
Our legitimate interests include operating, maintaining, and improving the Ourly platform, preventing fraud, ensuring security, resolving disputes, providing customer support, and ensuring meetings and payments function correctly. We balance these interests against users' rights and apply appropriate safeguards.
Operating customer accounts
- Contract
- Legal obligation
- Legitimate interests
We process account data to maintain security, prevent unauthorised access, monitor suspicious activity, and ensure the platform operates reliably.
Service updates and marketing
- Consent – for marketing communications
- Legitimate interests – for essential service communications only
We send service-related notifications (such as offer updates, meeting details, payments, and security notices) under legitimate interests. Marketing messages are only sent where you have given consent and can be opted out of at any time.
Legal requirements
Queries, complaints, and claims
- Legal obligation
- Legitimate interests
We use personal information to investigate and resolve complaints, manage disputes, protect users, and prevent misuse or fraud.
Where we get personal information from
- Directly from you
- Publicly available sources
- Suppliers and service providers
- Third parties
This includes:
- Stripe (Stripe Connect Express) for payments
- Supabase for authentication and database services
- Resend for transactional email delivery
- Vercel for hosting and performance services
- Google Meet and Google Calendar APIs for meeting links and scheduling
We store only meeting metadata (such as dates, times, and links) and do not store recordings or meeting content.
How long we keep information
We retain personal information only for as long as necessary.
In general:
- Account and profile data – retained while the account is active; deleted or anonymised within 12 months after closure unless required for legal or dispute purposes
- Transaction and payment data – retained for at least 6 years
- Meeting metadata – retained while accounts are active and up to 12 months afterwards
- Support and complaint records – retained for up to 6 years after resolution
- Marketing consent records – retained until consent is withdrawn and for a limited period afterwards
When data is no longer required, it is securely deleted or anonymised.
Who we share information with
Data processors
Stripe, Inc.
Payment processing and payouts via Stripe Connect Express. We do not store full card details.
Supabase, Inc.
Authentication and database hosting for user accounts, profiles, offers, meetings, and ratings.
Resend, Inc.
Transactional and service-related email delivery.
Google LLC
Generation of Google Meet links and scheduling via Google Calendar APIs.
Vercel Inc.
Hosting, deployment, and performance monitoring.
Other recipients
- Professional or legal advisors
- Relevant regulatory authorities
- Organisations we are legally required to share information with
- Publicly on our website or marketing channels where users choose to make information public
Sharing information outside the UK
We may transfer personal information outside the UK where necessary.
Safeguards used
- Addendum to the EU Standard Contractual Clauses (SCCs)
Examples of transfers
Recipients:
Cloud infrastructure providers, payment processors, email delivery services, and collaboration tools (including Stripe, Supabase, Google, Vercel, and Resend)
Countries:
United States of America and other jurisdictions where our providers operate
How to complain
If you have concerns about our use of your personal data, contact us first.
If you remain dissatisfied, you can complain to the ICO:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline: 0303 123 1113
Website: https://www.ico.org.uk/make-a-complaint
Last updated
13 January 2026