Privacy Policy
This policy explains how Pure Pleasure Ltd(“we”, “us”) collects, uses and protects personal data when you use TylerHQ. We are committed to the UK GDPR and Data Protection Act 2018.
1. Who we are
For data you provide about your account and use of the Service, we are the data controller. You can reach our data contact at privacy@tylerhq.net.
2. The data we collect
- Account data — your name, email, venue/lodge name, password (stored only as a secure hash).
- Payment data — handled by Stripe; we receive only limited billing details and a payment reference, never your full card number.
- Usage & technical data — log data, IP address, device/browser info, and actions taken in the app, used for security and to run the Service.
- Support data — messages you send us and their content.
- Cookies — see our Cookie Policy.
3. How and why we use it (lawful bases)
- To provide the Service — performance of our contract with you.
- To take payment and prevent fraud — contract and legitimate interests.
- To keep the Service secure (rate-limiting, bot protection, abuse prevention) — legitimate interests.
- To send service emails (receipts, security, billing, support) — contract / legitimate interests.
- To meet legal obligations (e.g. accounting) — legal obligation.
We do not sell your personal data, and we do not use it for third-party advertising.
4. Who we share it with
We share data only with trusted providers who process it on our behalf under contract:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication & file storage | EU (Ireland) |
| Vercel | Website & application hosting | EU / global edge |
| Stripe | Subscription & card payment processing | EU / US (SCCs) |
| Resend | Transactional email delivery | EU / US (SCCs) |
| Cloudflare | Bot protection (Turnstile) & network security | EU / global edge |
Where data is transferred outside the UK/EEA, it is protected by appropriate safeguards such as Standard Contractual Clauses. We may also disclose data where required by law.
5. How long we keep it
We keep your data for as long as your account is active. If a subscription lapses and is not reactivated, the account and its data may be deleted after the grace and suspension periods described in our Terms (up to ~3 months after suspension). We keep limited records longer where the law requires (e.g. financial records).
6. How we keep it secure
- Encryption in transit (HTTPS) and tenant secrets encrypted at rest.
- Strict database access controls (row-level security) isolating each venue and lodge.
- Passwords stored only as salted hashes; we can never read them.
- Card payments handled entirely by Stripe (PCI-DSS Level 1) — we never store card numbers.
- Rate-limiting and bot protection on public forms and logins.
7. Your rights
Under UK GDPR you can ask to access, correct, delete, restrict or port your data, and object to certain processing. To exercise any right, email privacy@tylerhq.net. You also have the right to complain to the Information Commissioner’s Office (ico.org.uk).
8. Your members’ data
When you use the Service to manage your own members, guests and enquirers, you are the data controller and we act as your processor. We process that data only on your instructions to provide the Service, keep it secure and isolated, and do not use it for our own purposes. You are responsible for your lawful basis and your own privacy notices to those individuals.
9. Children
The Service is intended for adults administering venues and lodges and is not directed at children.
10. Changes
We may update this policy; material changes will be notified by email or in-app. The “last updated” date below reflects the current version.
11. Contact
Email privacy@tylerhq.net with any privacy question or request.
