Privacy policy

Last updated: 24 June 2026

This is Saddl's (“Saddl”, “we”) Privacy Policy. It sets out how we use your personal data, and the ways we protect your personal data.

This website is not intended for use by children.

1. Who we are

Equine Discovery Ltd (trading as Saddl), registered in England and Wales (company number: 17109375, registered address: 5 Churchfield, Harpenden, United Kingdom, AL5 1LJ).

We operate saddl.co.uk (the “Site”), an equestrian venue directory for riders in the United Kingdom. We are the data controller and responsible for personal data collected through this website.

ICO registration number: ZC133677

If you have any questions about this privacy policy, you can submit any queries or requests to exercise your legal rights by contacting us at: hello@saddl.co.uk

No Data Protection Officer is required at our current scale. If this changes, we will update this policy accordingly.

2. Personal data we collect

Personal data means information related to an individual. These individuals are known as data subjects. This does not include anonymous data or data from which the identity of any individuals have been removed without the ability to retrieve this information. We collect personal data only where necessary to operate the Site.

CategoryData collectedPurposeLegal basis
Identity dataName, email address, role at the yard, optional social media URLs, choice of free or paid tierVerify identity of venue owner and process the listing claimConsent (this can be withdrawn at any time)
Transactional dataYour name, email, optional phone, optional postcode, optional message, optional child name, age and riding experience if enquiring on a child's behalfSend yard information and listing notificationsConsent (this can be withdrawn at any time)
Marketing dataEmail address, optional postcodeSend you our newsletters and notifications of waitlist updates and other updates to our servicesExplicit consent (this can be withdrawn at any time)
Page usage dataPage views, referrers, device type, pages visitedUnderstand how the Site is used so we can improve it (privacy-preserving analytics, no cross-site tracking)Legitimate interests (to track usefulness of the Site and collect statistics for the purposes of improving the Site and marketing)
Technical dataIP address, browser type, pages visited, timestampsSecurity monitoring and debuggingLegitimate interests (to enable us to better understand if any bugs are landing on our pages, where they are)
Map interactionsApproximate location or IP address passed to Mapbox when venue maps loadDisplay venue location mapsLegitimate interests (to understand the geographical focal areas of our user base and ensure that we maximise the yards available to users in these areas)

We do not collect special category personal data. This is data of a sensitive nature requiring extra protection such as health data, racial or ethnic origin, through the Site.

3. How we use your data

We use personal data to:

  • process and verify venue listing claims;
  • send transactional emails relating to your claim or listing;
  • open your account with us to use our services to list your venue;
  • maintain the security and integrity of the Site;
  • improve the Site based on usage patterns;
  • comply with any applicable legal obligations.

We do not use your personal data for marketing without your explicit consent. We do not sell personal data to third parties. We do not use automated decision-making or profiling that produces significant effects on individuals.

4. Third-party services

We use the following third-party services to operate the Site. Each processes personal data only as described and under a data processing agreement with us.

ProviderPurposeLocationTransfer mechanism
SupabaseDatabase and authenticationEU (Ireland)EU adequacy / UK GDPR Article 46 SCC
VercelWebsite hosting and deploymentUnited StatesUK International Data Transfer Agreement / Standard Contractual Clauses
MapboxInteractive venue mapsUnited StatesStandard Contractual Clauses

The Site may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Site, we encourage you to read the privacy policy of every website you visit.

5. How long we keep your data

Details of retention periods for different aspects of your personal data are:

Data typeRetention periodReason
Name, email address, postcodeDuration of account and/or listing + 2 years after account closureAllowing users to use our services, dispute resolution and record-keeping
Page views, referrers, device type, pages visited90 daysSecurity monitoring
IP address, browser type, pages visited, timestamps26 monthsUsage trend analysis

When data is no longer needed, we delete or anonymise it.

6. Your rights under UK GDPR

Under UK GDPR and the Data Protection Act 2018, you have the right to:

AccessRequest a copy of the personal data we hold about you.
RectificationAsk us to correct inaccurate or incomplete data. We may need to verify the accuracy of the new data you provide to us.
ErasureAsk us to delete your personal data where we no longer have a lawful basis to hold it.
RestrictionAsk us to limit how we use your data in certain circumstances. These circumstances include:
  • when you want us to check your data is accurate;
  • where we have unlawfully processed your data but you do not want us to delete your data;
  • where you want us to hold onto data for longer than we are required to exercise, establish or defend legal claims;
  • when you have objected to the use of your data but we need to verify if there are overriding legitimate grounds to use it.
PortabilityRequest your data in a structured, machine-readable format where processing is based on consent or a contract with you and for this data to be transferred to you or a third party.
ObjectObject to processing based on legitimate interests or for the purposes of direct marketing. We will stop unless we have compelling legitimate grounds that override your interests.
Withdraw consentYou can withdraw your consent for the processing of your personal data. We will stop processing your personal data unless there are other lawful bases which require us to retain your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

To exercise any of these rights, email hello@saddl.co.uk. We will respond as quickly as possible and no later than one calendar month. We may ask you to verify your identity before acting on a request and particularly complex requests may require us to have a longer response time.

If you are not satisfied with our response, you may complain to the ICO:

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
ico.org.uk

Fees

We will not ask you for a fee to access your personal data. However, we may need to charge a reasonable fee for any requests that are clearly unfounded, repetitive or excessive.

7. Cookies

What cookies we use

CookieProviderPurposeTypeDuration
__session or equivalentSupabaseMaintains authentication session for venue admin usersEssentialSession
_vercel_analytics_idVercel AnalyticsPrivacy-preserving analytics (no cross-site tracking, no fingerprinting)Analytics1 year
mapbox_sessionMapboxMap rendering sessionEssentialSession
cookie_consentSaddlStores your cookie preferencesEssential1 year

Essential cookies

Essential cookies are necessary for the Site to function. You cannot opt out of these without disabling core Site features.

Analytics cookies

We use Vercel Analytics in privacy-preserving mode. It does not use cross-site tracking or fingerprinting and does not build profiles of individual users. It records page views and referrers at an aggregate level.

Managing cookies

You can manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Note that disabling essential cookies may prevent venue claim and admin features from working.

8. Children's data

The Site is not directed at children under 13. We do not knowingly collect personal data from children under 13. Many equestrian activities listed on the Site are appropriate for children, but those arrangements are made directly with venues and any personal data involved is handled by the venue, not Saddl.

If you believe a child under 13 has submitted personal data to us, contact us at hello@saddl.co.uk and we will delete it promptly.

9. Security

We implement appropriate technical and organisational security measures including:

  • encrypted data transmission (HTTPS/TLS across all pages);
  • access controls on systems holding personal data;
  • reliance on Supabase's security infrastructure for database access.

We limit access of your personal data to employees, agents, contractors and third parties who have a business need to know and are subject to a duty of confidentiality.

No online transmission is completely secure. We will notify you and the ICO of any data breach where required by law.

10. Business transfers

If Equine Discovery Ltd is sold, merged or its assets are transferred, personal data held by us may be transferred to the new owner as part of that transaction. We will ensure personal data continues to be used in accordance with this policy.

11. Changes to this policy and your data

We may update this policy from time to time to reflect changes in our practices or legal obligations. The date at the top of this page shows when it was last updated. Material changes will be notified on the Site.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example a new address or email address.

12. Contact

If you have any questions about this privacy policy or about the use of your personal data or you want to exercise your privacy rights, please contact us in the following ways:

Equine Discovery Ltd
hello@saddl.co.uk
5 Churchfield, Harpenden, United Kingdom, AL5 1LJ