← Back to Omnisio

Privacy Policy

Last updated: 30 March 2026  ·  itsstartupsLTD is the data controller

In plain English

We collect only what we need to run the platform — your name, email, booking info, and payment data (processed by Stripe). We don't sell your data. You have full rights to access, correct, or delete it under UK GDPR.

1. Who We Are

itsstartupsLTD (Company Number: 16974754), registered at 135 Trundleys Road, London, SE8 5JQ, is the data controller for personal data collected through the Omnisio platform.

If you have any questions about how we handle your data, contact our team at info@omnisio.co.uk.

2. Data We Collect

We collect the following categories of personal data:

Account data

Name, email address, hashed password, profile photo, and phone number (optional).

Booking data

Services booked, scheduled dates and times, booking notes, and booking history.

Payment data

Billing details are processed and held by Stripe. We do not store full card numbers. For Providers, Stripe Connect also processes bank account details for payouts.

Provider data

Business name, service descriptions, cover images, and event listings.

Usage data

Pages visited, search queries, device type, IP address, and browser type. Used only for analytics and security.

Media uploads

Images uploaded to listings or profiles, stored and served via Cloudinary.

3. How We Use Your Data

  • To create and manage your account
  • To process bookings and payments
  • To send booking confirmations, reminders, and operational communications
  • To detect fraud and ensure platform security
  • To comply with our legal obligations
  • To send marketing communications (only where you have given explicit consent)
  • To analyse platform usage and improve user experience

4. Legal Basis for Processing (UK GDPR)

ContractProcessing necessary to fulfil your booking or account agreement.
Legal obligationCompliance with applicable laws (e.g. financial record-keeping for 7 years).
Legitimate interestsFraud prevention, platform security, and service improvement.
ConsentMarketing communications and non-essential analytics cookies. Withdrawable at any time.

5. Who We Share Your Data With

Service Providers (the businesses on Omnisio)

When you make a booking, your name, contact details, and booking information are shared with the relevant Provider so they can fulfil your booking.

Stripe (payments)

Payment processing and, for Providers, Stripe Connect for payouts. Stripe is a PCI-DSS Level 1 certified processor. Data may be processed in the US under Standard Contractual Clauses.

Supabase (database)

Our database provider stores account, booking, and transaction data. Data is stored in the EU (AWS eu-west-2 region). Access is restricted to authorised team members only.

Cloudinary (media)

Profile photos and service images are stored and served via Cloudinary (US-based). Transfer is covered by Standard Contractual Clauses.

Resend (transactional email)

Booking confirmations, ticket receipts, and operational notifications are sent via Resend. Only your email address and necessary booking details are shared.

Brevo (marketing email) — consent-only

If you opt in to marketing communications, your name and email address are added to our mailing list managed by Brevo (Sendinblue SAS, 7 rue de Madrid, 75008 Paris, France). Brevo processes data within the EU. You can unsubscribe at any time via the link in any marketing email or by emailing info@omnisio.co.uk. We will only add you to Brevo where you have given explicit, freely given consent — your data is never transferred to Brevo without it.

We do not sell your personal data to any third party. We may disclose your data to law enforcement or regulators where required by law.

6. International Transfers

Some processors transfer data outside the UK/EU. We ensure appropriate safeguards are in place for each:

  • Cloudinary — US-based; transfer covered by Standard Contractual Clauses.
  • Stripe — US-based; transfer covered by Standard Contractual Clauses.
  • Supabase — data stored in the EU (AWS eu-west-2); no international transfer.
  • Brevo — EU-based (France); data remains within the EU. Only processes data where marketing consent has been given.
  • Resend — US-based; transfer covered by Standard Contractual Clauses; only transactional email data.

7. Data Retention

We retain your data for as long as your account is active and for a period thereafter as required by law. Payment records are retained for 7 years for tax purposes. You may request account deletion at any time.

8. Cookies

We use cookies and similar technologies. For full details on what we use, why, and how to manage your preferences, see our Cookie Policy.

9. Your Rights (UK GDPR)

You have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — ask us to correct inaccurate data
  • Erasure — request deletion of your data (subject to legal obligations)
  • Restriction — ask us to limit how we process your data
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests or for direct marketing
  • Withdraw consent — for any processing based on consent, at any time, without affecting prior processing

To exercise any right, contact us at info@omnisio.co.uk. We will respond within 30 days. You also have the right to complain to the Information Commissioner's Office (ICO).

10. Security

We implement appropriate technical and organisational measures to protect your data, including encrypted data transmission (HTTPS), secure database access controls, and restricted admin access. However, no system is completely immune to risk and we cannot guarantee absolute security.

11. Children

Omnisio is not intended for users under 18. We do not knowingly collect personal data from children. If you believe we have, please contact us immediately.

12. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by email or on the Platform. The date at the top of this policy reflects the most recent update.

13. Contact

For privacy-related questions or to exercise your rights:

Email: info@omnisio.co.uk

Post: itsstartupsLTD, 135 Trundleys Road, London, England, SE8 5JQ