Privacy Policy

Last updated: April 2026

Who we are

Scottish Wedding Vendors ("we", "us") operates scottishweddingvendors.co.uk. We are based in Edinburgh, Scotland. For data protection purposes, we are the data controller.

What we collect

Vendors (registered users)

When you register, we collect:

  • Your name and email address (for account authentication)
  • Business name, description, contact details, location, and pricing (for your public listing)
  • Photos you upload (stored on our servers or cloud storage)
  • Payment information (processed directly by Stripe — we do not store card details)

Couples (visitors)

When you send an enquiry, we collect:

  • Your name, email, phone number (optional), wedding date, venue, and message
  • This information is forwarded to the vendor and stored to prevent abuse

All visitors

  • Server logs (IP address, browser type, pages visited) — retained for 30 days for security
  • Cookies (see Cookies section below)

How we use your data

  • Display your listing — your business information appears on the directory
  • Forward enquiries — we email enquiries to the vendor's registered email
  • Process payments — subscription billing via Stripe
  • Account communications — password resets, subscription notices, essential service emails
  • Improve the site — anonymous analytics to understand how the site is used

We do not sell, rent, or share your personal data with third parties for marketing purposes.

Cookies

We use the following types of cookies:

Essential cookies (always active)

  • Authentication cookies — keep you signed in to your account
  • Anti-forgery tokens — protect forms against cross-site request forgery
  • Cookie consent — remember your cookie preferences

Analytics cookies (optional)

  • We may use privacy-friendly analytics to understand page views and usage patterns
  • These cookies are only set if you accept them via the cookie banner
  • No personal data is collected through analytics

You can manage your cookie preferences at any time using the cookie banner or your browser settings.

Third-party services

  • Stripe — payment processing (Stripe Privacy Policy)
  • Resend — transactional email delivery
  • Bootstrap CDN / jsDelivr — CSS and JavaScript framework delivery

Data retention

  • Vendor accounts — retained while your account is active, deleted within 30 days of account closure
  • Enquiries — retained for 24 months, then deleted
  • Server logs — retained for 30 days
  • Payment records — retained as required by law (typically 6 years)

Your rights

Under UK GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Portability — request your data in a machine-readable format
  • Object — object to processing of your data
  • Withdraw consent — where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, contact us. We will respond within 30 days.

Security

We use HTTPS encryption, secure password hashing, two-factor authentication, and regular security reviews. However, no system is 100% secure — please keep your login credentials safe.

Changes to this policy

We may update this policy from time to time. We will notify registered users of significant changes by email. The "last updated" date at the top will always reflect the current version.

Contact

For privacy-related queries, email [email protected] or use our contact page.