Privacy Policy
Last updated: 19 March 2026
1. Who we are
HortiOwl(“we”, “us”, “our”) operates the HortiOwl software platform at hortiowl.co.uk. We are the data controller for personal data processed through this website and platform.
To contact us about your personal data, email us at privacy@hortiowl.co.uk.
2. What data we collect
Account and profile data
- Name and email address (provided when you register)
- Business name, address, and contact details (entered during onboarding)
- User role (admin or staff) and team membership records
Business operational data
- Customer records (names, addresses, contact details) that your business enters into the platform
- Quotes, sales orders, invoices, purchase orders, and related documents
- Inventory and stock records including batch and supplier traceability data
- Product catalogue information including images
Technical and usage data
- Log data including IP address, browser type, and pages visited
- Timestamps and user identifiers recorded against actions in the platform (audit trail)
- Error and diagnostic information to help us improve the service
3. How we use your data
| Purpose | Lawful basis |
|---|---|
| Providing and operating the HortiOwl platform | Contract performance |
| Authenticating users and managing access control | Contract performance |
| Sending service notifications (low stock alerts, order updates) | Contract performance |
| Maintaining audit trails and transaction records | Legal obligation (tax and accounting records) |
| Improving the platform and diagnosing technical issues | Legitimate interests |
| Responding to support enquiries | Legitimate interests |
| Complying with legal obligations (e.g. HMRC record-keeping) | Legal obligation |
We do not sell your personal data to third parties. We do not use your data for automated decision-making that has legal or similarly significant effects on you.
4. Where your data is stored
All data processed by HortiOwl is stored exclusively in AWS eu-west-2 (London). No personal data is transferred outside the United Kingdom or European Economic Area.
HortiOwl operates on AWS infrastructure covered by the AWS Data Processing Addendum, which incorporates the International Data Transfer Agreement (IDTA) where applicable.
5. How long we keep your data
- Invoices and financial records — 7 years from the date of the transaction (HMRC requirement)
- Quotes, orders, and operational records — 7 years
- Customer records — retained for the duration of your subscription and deleted within 90 days of account closure, unless a longer retention period is required by law
- Application logs — 30 days (development), 90 days (production)
- Account data — deleted within 90 days of your account being closed
6. Third parties we share data with
We share data only with the sub-processors necessary to deliver the service:
| Sub-processor | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure, database, and file storage | UK (eu-west-2) |
7. Your rights under UK GDPR
You have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — ask us to correct inaccurate or incomplete data
- Right to erasure — request deletion of your personal data where there is no legal basis to retain it
- Right to restriction — ask us to pause processing your data while a dispute is resolved
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interests
To exercise any of these rights, email us at privacy@hortiowl.co.uk. We will respond within 30 days.
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk.
8. Cookies
HortiOwl uses only essential cookies required to operate the platform (authentication session tokens). We do not use advertising or tracking cookies. No cookie consent banner is shown because we do not use non-essential cookies.
9. Security
We protect your data using industry-standard measures including encryption in transit (TLS 1.2+), encryption at rest for all stored data, role-based access control, and audit logging of all data access. Our infrastructure is hosted exclusively on AWS and managed through Infrastructure as Code with automated security scanning.
10. Changes to this policy
We may update this Privacy Policy from time to time. We will notify registered users by email of any material changes at least 14 days before they take effect. The “last updated” date at the top of this page will always reflect the current version.
11. Contact us
For any questions about this Privacy Policy or your personal data, contact us at:
HortiOwlEmail: privacy@hortiowl.co.uk