SneakyWeasel
Sign In

Privacy Policy

Our privacy policy and how we use your data

Introduction

SneakyWeasel ("we", "us", or "our") operates the website www.sneakyweasel.co.uk. This Privacy Policy explains how we collect, use, and protect your personal information when you use our service.

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. By using our service, you agree to the collection and use of information in accordance with this policy.

If you have privacy or data protection questions, please contact us at [email protected].

Information We Collect

We collect the following personal information:

  • Email address — provided during account registration or newsletter signup
  • Notification filter preferences — the exclude filters you configure for your curated private topics
  • In-store stock checker preferences — your selected stores, search radius, and product codes
  • Notification delivery credentials — system-generated credentials used to deliver push notifications to your device

Payment information (such as card details) is collected and processed directly by Stripe. We do not store your payment card details on our servers.

How We Collect Information

We collect your personal information through:

  • Account registration — when you create an account on our platform
  • Newsletter signup — when you subscribe to our newsletter (no account required)
  • Stripe integration — when you subscribe or make a payment
  • Using the service — when you configure notification filters, in-store stock checker preferences, or other service settings
  • Automated system processes — notification delivery credentials are generated automatically when your subscription is activated

How We Use Your Information

We use your personal information to:

  • Provide, operate, and maintain our service
  • Manage your account and authentication
  • Process payments via Stripe
  • Deliver curated content based on your notification filter preferences
  • Send transactional emails (e.g., account confirmations, payment receipts)
  • Respond to your enquiries or support requests

Legal Basis for Processing

Under the UK GDPR, we process your personal data on the following legal bases:

  • Performance of a contract — processing is necessary to provide you with the service you have signed up for
  • Legitimate interests — to operate and improve our service, provided this does not override your rights
  • Legal obligation — where we are required to process data to comply with the law
  • Consent — where you have given us specific consent to process your data for a particular purpose (e.g., subscribing to our newsletter). You may withdraw your consent at any time.

Third-Party Services

We use the following third-party services to operate our platform. These services may process your personal data as described below:

ServicePurposeData Processed
SupabaseDatabase, authentication, and storageEmail, account data, notification filters
StripePayment processingPayment details, billing information
ResendTransactional email deliveryEmail address, name
ntfyPush notification delivery (self-hosted)Notification credentials, topic subscriptions
HetznerWebsite hosting and infrastructure (EU)Server logs, IP addresses (standard web hosting)

We do not sell, trade, or share your personal data with any third parties for marketing or advertising purposes.

Payment records held by Stripe are retained according to Stripe's own data retention policy and legal obligations. Email delivery logs held by Resend are retained according to Resend's retention policy. We cannot delete data held by these providers on your behalf, but you may contact them directly.

Cookies

We only use strictly necessary cookies required for authentication and the operation of our service. We do not use analytics, advertising, or tracking cookies. For full details, please see our Cookie Policy.

Data Retention

We retain your personal data for as long as your account is active. When you delete your account, all associated personal data — including your email address, notification filters, in-store stock checker preferences, notification credentials, and topic preferences — will be permanently deleted from our systems.

Specific retention periods for different categories of data:

  • Account data — retained until you delete your account
  • Newsletter subscriptions — retained until you unsubscribe or delete your account
  • Operational logs — retained for up to 90 days for debugging and service reliability purposes
  • Payment and billing records — local records are deleted with your account; records held by Stripe are retained per Stripe's own policies and legal obligations

International Data Transfers

Your personal data is stored and processed using infrastructure located in the European Union. Our database and authentication services are hosted by Supabase in the EU region (Ireland). Our website and services are hosted by Hetzner in the EU.

Where your data is transferred outside the UK, we ensure appropriate safeguards are in place through our processors' standard contractual clauses and data processing agreements, in accordance with UK GDPR Chapter V requirements.

Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

  • Right of access — request a copy of your personal data
  • Right to rectification — request correction of inaccurate data
  • Right to erasure — request deletion of your personal data
  • Right to restrict processing — request we limit how we use your data
  • Right to data portability — receive your data in a portable format
  • Right to object — object to the processing of your personal data

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection.

Data Security

We take the security of your personal data seriously. Your data is stored securely using industry-standard encryption and access controls provided by our infrastructure partners. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Age Requirements

Our service is intended for users who are aged 18 or over, in line with UK requirements for entering into payment agreements. We do not knowingly collect personal data from anyone under the age of 18. If we become aware that we have collected data from a person under 18, we will take steps to delete that information promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically.

Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at:

Email: [email protected]

This policy is effective as of 16 March 2026.

Previous versions: 5 March 2026 (v1.0), 15 March 2026 (v1.1). Changes in v1.2: corrected third-party services data categories, added consent as a legal basis for newsletter processing.

Stay in the loop

Get notified when new slots open or products launch.

By subscribing you agree to receive occasional emails about SneakyWeasel updates and the products we may offer. You can unsubscribe at any time. See our Privacy Policy.

Join our free Telegram community!

Join