Privacy Policy

This is a beta version. We will revise this policy after legal review and notify users by email of material changes.

Who we are

OpenYourDiary is a software service operated by Alex Elderfield (sole trader, UK). We provide an online enquiry-form tool for tradespeople and small service businesses. You can reach us at support@openyourdiary.com.

Two kinds of users, two kinds of data

OpenYourDiary involves two groups of people:

We collect different data from each, for different reasons, and we are careful never to mix them across traders.

What we collect from traders

What we collect from customers

When a customer submits an enquiry form to a trader on OpenYourDiary, we collect:

This data is collected on behalf of the trader (the data controller). We process it (as the processor) only to deliver the enquiry to that trader and notify them.

How we use the data

We do not sell your data, and we do not use customer enquiry data to train AI models that affect other tenants.

How long we keep it

Who we share the data with

We use a small set of trusted sub-processors to operate the service. Each is a separate company with its own privacy policy. They process data only on our instruction.

Sub-processorPurposeData they see
RailwayApplication hostingAll data, encrypted at rest in EU region.
ClerkTrader authenticationTrader email, sign-in events, OAuth tokens.
StripeSubscription billingTrader name, email, card details (held by Stripe, not us), invoice records.
ResendTransactional emailTrader and customer email addresses, message bodies of notification emails.
TwilioSMS notifications (paid add-on)Trader phone number, customer phone number when relevant, SMS message body.
OpenRouterAI summaries (paid add-on)Customer enquiry text only, sent for summarisation. No identifiers.
Better StackLogs and observabilityDiagnostic logs (with PII redacted where possible) for service reliability.

If we ever change sub-processors materially, we'll update this list and notify subscribed traders by email.

Where the data is held

Primary data (Postgres database) is hosted in the EU on Railway. Some sub-processors (Stripe, Clerk, Twilio, OpenRouter) operate in the US under Standard Contractual Clauses or equivalent UK-recognised transfer mechanisms. Better Stack is in the EU.

Your rights

If you are a UK or EU data subject, you have the right under UK GDPR to:

How to exercise your rights

We respond within 30 days.

Cookies and similar technologies

We use a small number of strictly-necessary cookies for authentication and CSRF protection. We do not use advertising cookies or third-party trackers on the trader dashboard or the public enquiry form. If we ever add analytics, we will update this policy.

Children

OpenYourDiary is not intended for use by people under 18.

Changes to this policy

If we change this policy in a material way, we will notify subscribed traders by email at least 14 days before the change takes effect.

This is a beta-stage policy drafted to cover GDPR essentials at launch. We will refine it after formal legal review. If anything in here is unclear, please email support@openyourdiary.com.