← Back to home

Privacy Policy

Last updated: March 2026

HerdCats is a group trip organiser built and operated by David Willingham, based in Somerset, UK. This policy explains what data we collect, why we collect it, and what we do with it — in plain English.

What we collect

If you create an account (organisers)

  • Your email address and password (your password is hashed by Supabase and never stored in plain text)
  • If you sign in with Google: your Google email and display name
  • Event details you create — event name, description, and date ranges
  • Any group photos you upload

If you're a participant (no account needed)

  • Your first name only — no email, no phone number, no address
  • Your date selections (votes)
  • Your commitment status (in, maybe, or out)
  • Your poll votes

What we do NOT collect

  • Payment card details (future payments will be handled entirely by Stripe)
  • Your location
  • Device fingerprints
  • Tracking cookies or analytics data

Why we collect it

We only collect what we need to make HerdCats work. Under UK GDPR, our lawful bases are:

  • Contractual necessity — for organisers, we need your email to create and manage your account and events
  • Legitimate interest — for participants, we collect your first name and votes so the group can coordinate. Participation is entirely voluntary

Who we share it with

We don't sell your data to anyone. We use the following third-party services to run HerdCats:

  • Supabase (supabase.com) — our database and authentication provider, hosted in the EU London region
  • Vercel (vercel.com) — hosts the HerdCats website and serves pages via their edge network
  • Stripe (stripe.com) — planned for future payment features. Not yet active. When enabled, Stripe will handle payment processing directly — we will never see or store your card details

How long we keep it

  • Event data (including participant names, votes, and uploaded photos) is deleted 6 months after the event date
  • Organiser accounts are kept until you delete your account or ask us to remove it

Your rights

Under UK GDPR, you have the right to:

  • Access — request a copy of the data we hold about you
  • Rectification — ask us to correct any inaccurate data
  • Erasure — ask us to delete your data
  • Portability — request your data in a machine-readable format
  • Object — object to our processing of your data
  • Complain — if you're unhappy with how we handle your data, you can complain to the Information Commissioner's Office at ico.org.uk

To exercise any of these rights, email us at the address below.

Cookies

We only use strictly necessary cookies for authentication — these keep you signed in when you have an account. We do not use analytics cookies, advertising cookies, or any form of tracking. Because we only use essential cookies, no consent banner is needed.

Changes to this policy

We may update this policy as we add new features (for example, when payment collection goes live). Any significant changes will be noted on this page with an updated date. We won't reduce your rights without letting you know.

Contact

If you have any questions about this policy or your data, get in touch:

privacy@herdcats.app

David Willingham, Somerset, UK