Legal

Privacy Policy

Last updated 28 May 2026

This Privacy Notice for Tattie (‘we’, ‘us’, or ‘our’) describes how and why we might access, collect, store, use, and/or share (‘process’) your personal information when you use our services (‘Services’), including when you:

Visit our website at www.tattie.uk or use Tattie — a business management platform for self-employed and independent dog groomers. The service enables groomers to manage customers, schedule appointments, create quotes, issue invoices, and track jobs.

Tattie is provided on a subscription basis to grooming business owners. It is not a consumer-facing marketplace; dog owners interact with the service only when a groomer shares a quote or invoice link with them directly.

Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services.

Summary of Key Points

This summary provides key points from our Privacy Notice. Click a link in the table of contents to find more details.

  • What personal information do we process? Information you voluntarily provide and some data collected automatically when you use our Services.
  • Do we process any sensitive personal information? No.
  • Do we collect any information from third parties? No.
  • How do we process your information? To provide, improve, and administer our Services, communicate with you, and comply with law.
  • How do we keep your information safe? We have appropriate organisational and technical processes in place, though no online transmission can be guaranteed 100% secure.
  • What are your rights? Depending on your location, you may have rights to access, correct, or delete your personal information.

1. What Information Do We Collect?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

The personal information we collect may include:

  • Email addresses
  • Passwords
  • Business name
  • Business address
  • Business phone number

Sensitive Information. We do not process sensitive information.

Payment Data. We may collect data necessary to process your payment if you choose to make purchases, such as your payment instrument number and the security code associated with your payment instrument. All payment data is handled and stored by Stripe. You may find their privacy notice at stripe.com/gb/privacy.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Information automatically collected

In Short: Some information — such as your IP address and browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity but may include device and usage information such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, and information about how and when you use our Services.

Like many businesses, we also collect information through cookies and similar technologies. Specifically:

  • Log and Usage Data. Service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services. This may include your IP address, device information, browser type, and settings and information about your activity in the Services (date/time stamps, pages and files viewed, searches, and other actions you take).

2. How Do We Process Your Information?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

  • To facilitate account creation and authentication and otherwise manage user accounts.
  • To deliver and facilitate delivery of services to the user.
  • To send administrative information to you — details about our products and services, changes to our terms and policies, and other similar information.
  • To fulfil and manage your orders — payments, returns, and exchanges made through the Services.
  • To enable user-to-user communications if you choose to use any of our offerings that allow for communication with another user.
  • To save or protect an individual’s vital interest when necessary to prevent harm.

3. What Legal Bases Do We Rely On To Process Your Information?

In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason to do so under applicable law.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on. We may rely on the following:

  • Consent. We may process your information if you have given us permission for a specific purpose. You can withdraw your consent at any time.
  • Performance of a Contract. We may process your personal information when we believe it is necessary to fulfil our contractual obligations to you.
  • Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations.
  • Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party.

4. When and With Whom Do We Share Your Personal Information?

In Short: We may share information in specific situations described in this section and/or with the following third parties.

We may share your data with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf. We have contracts in place with our third parties designed to help safeguard your personal information.

The third parties we may share personal information with are as follows:

  • Invoice and Billing: Stripe
  • Website Performance Monitoring: Sentry
  • Database services: Supabase
  • Email services: Resend
  • Hosting provider: Vercel

We also may need to share your personal information in the following situations:

  • Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

5. Do We Use Cookies and Other Tracking Technologies?

In Short: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies (like web beacons and pixels) to gather information when you interact with our Services. Some online tracking technologies help us maintain the security of our Services and your account, prevent crashes, fix bugs, save your preferences, and assist with basic site functions.

We also permit third parties and service providers to use online tracking technologies on our Services for analytics and advertising. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice.

6. How Long Do We Keep Your Information?

In Short: We keep your information for as long as your account is active. When you delete your account, all personal data is deleted immediately and permanently.

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice. When you close your account, all personal data held by Tattie — including your business profile, customer records, appointments, jobs, quotes, invoices, and authentication credentials — is deleted immediately and permanently in a single operation. We do not hold data in a deactivated state or retain it for any grace period after account closure.

Payment transaction records are processed and stored by Stripe on their own infrastructure under their own data retention obligations. Tattie retains only a reference to your Stripe customer and subscription identifiers, which are also deleted on account closure. See our Data Retention Policy for a full breakdown by data category.

Please note: as a grooming business owner you may have your own obligations under HMRC rules to retain financial records (such as invoices) for up to six years. We recommend exporting any records you need before closing your account, as we are unable to recover data after deletion.

7. How Do We Keep Your Information Safe?

In Short: We aim to protect your personal information through a system of organisational and technical security measures.

We have implemented appropriate and reasonable technical and organisational security measures designed to protect the security of any personal information we process. However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

8. Do We Collect Information From Minors?

In Short: We do not knowingly collect data from or market to children under 18 years of age.

We do not knowingly collect, solicit data from, or market to children under 18 years of age, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us.

9. What Are Your Privacy Rights?

In Short: In some regions, such as the EEA, UK, and Switzerland, you have rights that allow you greater access to and control over your personal information.

In some regions (like the EEA, UK, and Switzerland), you have certain rights under applicable data protection laws. These may include the right to:

  1. Request access and obtain a copy of your personal information
  2. Request rectification or erasure
  3. Restrict the processing of your personal information
  4. Data portability (if applicable)
  5. Not be subject to automated decision-making

You may also have the right to object to the processing of your personal information. If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you have the right to complain to your Member State data protection authority or UK data protection authority.

If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.

Withdrawing your consent: If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time by contacting us. This will not affect the lawfulness of the processing before its withdrawal.

Account Information: If you would like to review or change the information in your account or terminate your account, you can log in to your account settings and update your user account. Upon your request to terminate your account, all of your personal data is deleted immediately and permanently. We do not retain your data after account closure.

Cookies and similar technologies: Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject cookies, though this could affect certain features or services.

10. Controls for Do-Not-Track Features

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (‘DNT’) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognising and implementing DNT signals has been finalised. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Notice.

11. Do We Make Updates to This Notice?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated ‘Revised’ date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.

12. How Can You Contact Us About This Notice?

If you have questions or comments about this notice, you may contact us by post at:

Tattie
80 Meteor Row
St Andrews, Fife KY16 0JD
Scotland

13. How Can You Review, Update, or Delete the Data We Collect From You?

Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. To request to review, update, or delete your personal information, please email: privacy@tattie.uk.