Privacy Policy
This is a beta version. We will revise this policy after legal review and notify users by email of material changes.
Who we are
OpenYourDiary is a software service operated by Alex Elderfield (sole trader, UK). We provide an online enquiry-form tool for tradespeople and small service businesses. You can reach us at support@openyourdiary.com.
Two kinds of users, two kinds of data
OpenYourDiary involves two groups of people:
- Traders — businesses that subscribe to OpenYourDiary, set up an enquiry form, and receive enquiries on their dashboard.
- Customers — members of the public who fill in a trader's enquiry form to ask about a job.
We collect different data from each, for different reasons, and we are careful never to mix them across traders.
What we collect from traders
- Account details: name, email address, phone number, business name.
- Authentication state via Clerk (our auth provider): so you can sign in.
- Billing details via Stripe (our payments processor): card details are stored by Stripe, not by us. We only see subscription status.
- Activity inside your dashboard: which enquiries you've opened, acknowledged, etc., used to operate the service.
What we collect from customers
When a customer submits an enquiry form to a trader on OpenYourDiary, we collect:
- The customer's name, email address, phone number, and address (postcode level).
- The free-text enquiry the customer typed.
- Optional service-area or job-detail fields if the trader has configured them.
This data is collected on behalf of the trader (the data controller). We process it (as the processor) only to deliver the enquiry to that trader and notify them.
How we use the data
- Operating the service: store enquiries, show them to the trader, send notification emails / SMS, generate AI summaries (if the trader has the AI add-on).
- Billing: charging traders for their subscription via Stripe.
- Support: investigating issues if you contact us.
- Service security and abuse prevention: rate limiting, anti-spam.
We do not sell your data, and we do not use customer enquiry data to train AI models that affect other tenants.
How long we keep it
- Customer enquiry data is auto-purged 24 months after submission. This is enforced by a scheduled background job that deletes the data with no manual step required.
- Trader account data is kept while the subscription is active. If a trader cancels, we keep account-level metadata for up to 90 days for billing reconciliation, then delete it.
- We may keep small amounts of derived data (anonymised metrics, aggregated counts) longer for legitimate-interest performance monitoring.
Who we share the data with
We use a small set of trusted sub-processors to operate the service. Each is a separate company with its own privacy policy. They process data only on our instruction.
| Sub-processor | Purpose | Data they see |
|---|---|---|
| Railway | Application hosting | All data, encrypted at rest in EU region. |
| Clerk | Trader authentication | Trader email, sign-in events, OAuth tokens. |
| Stripe | Subscription billing | Trader name, email, card details (held by Stripe, not us), invoice records. |
| Resend | Transactional email | Trader and customer email addresses, message bodies of notification emails. |
| Twilio | SMS notifications (paid add-on) | Trader phone number, customer phone number when relevant, SMS message body. |
| OpenRouter | AI summaries (paid add-on) | Customer enquiry text only, sent for summarisation. No identifiers. |
| Better Stack | Logs and observability | Diagnostic logs (with PII redacted where possible) for service reliability. |
If we ever change sub-processors materially, we'll update this list and notify subscribed traders by email.
Where the data is held
Primary data (Postgres database) is hosted in the EU on Railway. Some sub-processors (Stripe, Clerk, Twilio, OpenRouter) operate in the US under Standard Contractual Clauses or equivalent UK-recognised transfer mechanisms. Better Stack is in the EU.
Your rights
If you are a UK or EU data subject, you have the right under UK GDPR to:
- Access your personal data (a copy, in machine-readable form).
- Have inaccurate data corrected.
- Have your data deleted.
- Restrict or object to certain kinds of processing.
- Withdraw consent (where processing is based on consent).
- Lodge a complaint with the UK Information Commissioner's Office (ico.org.uk).
How to exercise your rights
- Traders: use the export and delete controls in your dashboard settings, or email us.
- Customers: contact the trader you submitted your enquiry to. They are the data controller. If they cannot help, email us at support@openyourdiary.com and we will assist.
We respond within 30 days.
Cookies and similar technologies
We use a small number of strictly-necessary cookies for authentication and CSRF protection. We do not use advertising cookies or third-party trackers on the trader dashboard or the public enquiry form. If we ever add analytics, we will update this policy.
Children
OpenYourDiary is not intended for use by people under 18.
Changes to this policy
If we change this policy in a material way, we will notify subscribed traders by email at least 14 days before the change takes effect.
This is a beta-stage policy drafted to cover GDPR essentials at launch. We will refine it after formal legal review. If anything in here is unclear, please email support@openyourdiary.com.