Privacy policy
Last updated: 24 June 2026
This is Saddl's (“Saddl”, “we”) Privacy Policy. It sets out how we use your personal data, and the ways we protect your personal data.
This website is not intended for use by children.
1. Who we are
Equine Discovery Ltd (trading as Saddl), registered in England and Wales (company number: 17109375, registered address: 5 Churchfield, Harpenden, United Kingdom, AL5 1LJ).
We operate saddl.co.uk (the “Site”), an equestrian venue directory for riders in the United Kingdom. We are the data controller and responsible for personal data collected through this website.
ICO registration number: ZC133677
If you have any questions about this privacy policy, you can submit any queries or requests to exercise your legal rights by contacting us at: hello@saddl.co.uk
No Data Protection Officer is required at our current scale. If this changes, we will update this policy accordingly.
2. Personal data we collect
Personal data means information related to an individual. These individuals are known as data subjects. This does not include anonymous data or data from which the identity of any individuals have been removed without the ability to retrieve this information. We collect personal data only where necessary to operate the Site.
| Category | Data collected | Purpose | Legal basis |
|---|---|---|---|
| Identity data | Name, email address, role at the yard, optional social media URLs, choice of free or paid tier | Verify identity of venue owner and process the listing claim | Consent (this can be withdrawn at any time) |
| Transactional data | Your name, email, optional phone, optional postcode, optional message, optional child name, age and riding experience if enquiring on a child's behalf | Send yard information and listing notifications | Consent (this can be withdrawn at any time) |
| Marketing data | Email address, optional postcode | Send you our newsletters and notifications of waitlist updates and other updates to our services | Explicit consent (this can be withdrawn at any time) |
| Page usage data | Page views, referrers, device type, pages visited | Understand how the Site is used so we can improve it (privacy-preserving analytics, no cross-site tracking) | Legitimate interests (to track usefulness of the Site and collect statistics for the purposes of improving the Site and marketing) |
| Technical data | IP address, browser type, pages visited, timestamps | Security monitoring and debugging | Legitimate interests (to enable us to better understand if any bugs are landing on our pages, where they are) |
| Map interactions | Approximate location or IP address passed to Mapbox when venue maps load | Display venue location maps | Legitimate interests (to understand the geographical focal areas of our user base and ensure that we maximise the yards available to users in these areas) |
We do not collect special category personal data. This is data of a sensitive nature requiring extra protection such as health data, racial or ethnic origin, through the Site.
3. How we use your data
We use personal data to:
- process and verify venue listing claims;
- send transactional emails relating to your claim or listing;
- open your account with us to use our services to list your venue;
- maintain the security and integrity of the Site;
- improve the Site based on usage patterns;
- comply with any applicable legal obligations.
We do not use your personal data for marketing without your explicit consent. We do not sell personal data to third parties. We do not use automated decision-making or profiling that produces significant effects on individuals.
4. Third-party services
We use the following third-party services to operate the Site. Each processes personal data only as described and under a data processing agreement with us.
| Provider | Purpose | Location | Transfer mechanism |
|---|---|---|---|
| Supabase | Database and authentication | EU (Ireland) | EU adequacy / UK GDPR Article 46 SCC |
| Vercel | Website hosting and deployment | United States | UK International Data Transfer Agreement / Standard Contractual Clauses |
| Mapbox | Interactive venue maps | United States | Standard Contractual Clauses |
The Site may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Site, we encourage you to read the privacy policy of every website you visit.
5. How long we keep your data
Details of retention periods for different aspects of your personal data are:
| Data type | Retention period | Reason |
|---|---|---|
| Name, email address, postcode | Duration of account and/or listing + 2 years after account closure | Allowing users to use our services, dispute resolution and record-keeping |
| Page views, referrers, device type, pages visited | 90 days | Security monitoring |
| IP address, browser type, pages visited, timestamps | 26 months | Usage trend analysis |
When data is no longer needed, we delete or anonymise it.
6. Your rights under UK GDPR
Under UK GDPR and the Data Protection Act 2018, you have the right to:
- when you want us to check your data is accurate;
- where we have unlawfully processed your data but you do not want us to delete your data;
- where you want us to hold onto data for longer than we are required to exercise, establish or defend legal claims;
- when you have objected to the use of your data but we need to verify if there are overriding legitimate grounds to use it.
To exercise any of these rights, email hello@saddl.co.uk. We will respond as quickly as possible and no later than one calendar month. We may ask you to verify your identity before acting on a request and particularly complex requests may require us to have a longer response time.
If you are not satisfied with our response, you may complain to the ICO:
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
ico.org.uk
Fees
We will not ask you for a fee to access your personal data. However, we may need to charge a reasonable fee for any requests that are clearly unfounded, repetitive or excessive.
7. Cookies
What cookies we use
| Cookie | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
| __session or equivalent | Supabase | Maintains authentication session for venue admin users | Essential | Session |
| _vercel_analytics_id | Vercel Analytics | Privacy-preserving analytics (no cross-site tracking, no fingerprinting) | Analytics | 1 year |
| mapbox_session | Mapbox | Map rendering session | Essential | Session |
| cookie_consent | Saddl | Stores your cookie preferences | Essential | 1 year |
Essential cookies
Essential cookies are necessary for the Site to function. You cannot opt out of these without disabling core Site features.
Analytics cookies
We use Vercel Analytics in privacy-preserving mode. It does not use cross-site tracking or fingerprinting and does not build profiles of individual users. It records page views and referrers at an aggregate level.
Managing cookies
You can manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Note that disabling essential cookies may prevent venue claim and admin features from working.
8. Children's data
The Site is not directed at children under 13. We do not knowingly collect personal data from children under 13. Many equestrian activities listed on the Site are appropriate for children, but those arrangements are made directly with venues and any personal data involved is handled by the venue, not Saddl.
If you believe a child under 13 has submitted personal data to us, contact us at hello@saddl.co.uk and we will delete it promptly.
9. Security
We implement appropriate technical and organisational security measures including:
- encrypted data transmission (HTTPS/TLS across all pages);
- access controls on systems holding personal data;
- reliance on Supabase's security infrastructure for database access.
We limit access of your personal data to employees, agents, contractors and third parties who have a business need to know and are subject to a duty of confidentiality.
No online transmission is completely secure. We will notify you and the ICO of any data breach where required by law.
10. Business transfers
If Equine Discovery Ltd is sold, merged or its assets are transferred, personal data held by us may be transferred to the new owner as part of that transaction. We will ensure personal data continues to be used in accordance with this policy.
11. Changes to this policy and your data
We may update this policy from time to time to reflect changes in our practices or legal obligations. The date at the top of this page shows when it was last updated. Material changes will be notified on the Site.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example a new address or email address.
12. Contact
If you have any questions about this privacy policy or about the use of your personal data or you want to exercise your privacy rights, please contact us in the following ways: