← Back to search

Privacy Policy

Last updated: 2026-03-06

1. Introduction and acceptance

Flowerrie ("we", "us", "our") operates the Flowerrie website, mobile applications (iOS and Android), and related services (together, the "Platform"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Platform. By accessing or using the Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, you must not use the Platform.

We are the data controller in respect of personal data we process in connection with the Platform. Our contact details for data protection and general enquiries are set out at the end of this policy.

2. Scope

This policy applies to: (a) visitors and users of our website at Flowerrie.com (and related domains); (b) users of our mobile applications (Flowerrie app on iOS and Android); (c) anyone who contacts us, creates an account, makes a booking, or otherwise interacts with our services. It does not apply to third-party websites, apps, or services linked from our Platform, which have their own privacy policies.

3. Definitions

In this policy: "personal data" means any information relating to an identified or identifiable natural person; "processing" means any operation performed on personal data (e.g. collection, storage, use, disclosure); "data controller" means the entity that determines the purposes and means of processing; "data processor" means an entity that processes personal data on behalf of the controller; "UK GDPR" means the UK General Data Protection Regulation and the Data Protection Act 2018.

4. What data we collect

We may collect and process the following categories of personal data:

  • Account and identity data: name, email address, phone number, profile photo, password (stored in hashed form), date of birth (if provided), and account preferences. When you sign in with Google or Apple, we receive identifiers and basic profile information (e.g. name, email) from those providers in accordance with their policies and your permissions.
  • Booking and transaction data: event type, dates, guest counts, venue or vendor selections, messages exchanged with venues or vendors, booking status, and payment-related information. We do not store full payment card numbers; card payments are processed by our payment provider (Stripe), which may collect and process card details in accordance with its own privacy policy and applicable payment card industry standards.
  • Usage and technical data: how you use the Platform (e.g. pages or screens viewed, searches, features used), device type, operating system, unique device identifiers, IP address, approximate location (where permitted and necessary for the service), browser type, and log data (e.g. access times, errors). On the mobile app, we may collect information about app version and session duration.
  • Analytics and improvement data: where you have given consent (e.g. via in-app settings or our cookie banner on the website), we may collect analytics data to improve our services. You can withdraw consent for non-essential analytics at any time via app settings or cookie preferences.
  • Communications data: when you contact support, report an issue, or otherwise communicate with us, we keep a record of that correspondence and any information you provide.
  • Vendor and venue data: if you register as a venue or vendor, we collect business details, listings, availability, and other information necessary to provide the service and comply with legal obligations.

5. How we collect your data

We collect data: (a) directly from you when you register, book, message, or contact us; (b) automatically when you use the Platform (e.g. logs, device information); (c) from third parties where you choose to sign in with Google or Apple (they provide us with limited profile data you have authorised); (d) from venues and vendors in connection with your bookings and messages. We only collect data that is necessary for the purposes described in this policy or that you have consented to.

6. Why we use your data (purposes and legal basis)

We use your data for the following purposes and, where required under UK GDPR, on the following lawful bases:

  • Providing the Platform and your account: contract performance.
  • Processing bookings, payments, and messages: contract performance; we may also rely on legitimate interests to prevent fraud and enforce our terms.
  • Authentication (including Sign in with Google and Sign in with Apple): contract performance and, where applicable, consent as required by the identity provider.
  • Improving our service, security, and debugging: legitimate interests (e.g. analytics where you have consented, security monitoring, fixing errors).
  • Marketing (only where you have opted in): consent; you may withdraw at any time.
  • Legal and regulatory compliance: legal obligation (e.g. tax, anti-money laundering, responding to lawful requests from authorities).
  • Establishing, defending, or enforcing legal claims: legitimate interests or legal obligation.

7. Who we share your data with

We may share your personal data with:

  • Venues and vendors you interact with (e.g. to fulfil enquiries, bookings, and messages). They are independent data controllers in respect of their own use of that data and should have their own privacy practices.
  • Payment processors: Stripe (and any other payment provider we use) to process payments. They process card and payment data in accordance with their own privacy policy and applicable law; we do not store full card details.
  • Identity providers: when you use Sign in with Google or Sign in with Apple, Google and Apple process your sign-in and may provide us with limited profile data. Their processing is governed by their respective privacy policies.
  • Infrastructure and service providers: cloud hosting, content delivery, email delivery, and other technical services that process data on our instructions (as processors) or for their own purposes where disclosed (e.g. Expo for mobile app builds and updates). We use contracts and safeguards to ensure they protect your data.
  • Analytics and support tools: only where we have put in place appropriate safeguards and, where required, your consent (e.g. for non-essential analytics).
  • Authorities: when required by law, court order, or to protect our or others' rights, safety, or property.

We do not sell your personal data. We do not share your data with third parties for their own marketing purposes unless you have consented.

8. How long we keep your data

We retain your data only for as long as necessary for the purposes set out in this policy. In general: (a) account and profile data for the duration of your account and for a reasonable period after closure for dispute resolution and legal compliance; (b) booking and transaction data for the period required for contract performance, tax, and legal obligations (typically at least several years where required by law); (c) communications and support records for as long as needed to resolve enquiries and for legitimate business and legal purposes; (d) usage and analytics data in accordance with our retention schedules and your consent. After retention periods expire, we delete or anonymise data so it no longer identifies you, except where we must retain it for legal obligations. You may request erasure subject to applicable exceptions (see section 11).

9. International transfers

Your data may be processed in the United Kingdom and in other countries where we or our service providers operate. Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as: UK adequacy regulations, standard contractual clauses approved by the UK authorities, or other mechanisms permitted by applicable law. You may request details of the safeguards we use for specific transfers by contacting us.

10. Cookies and similar technologies

Website: We use essential cookies and similar technologies necessary for the operation of the site (e.g. session, security, load balancing). We may use optional cookies for analytics or other purposes only where you have consented via our cookie banner. You can change your preferences at any time via the cookie banner or your browser settings.

Mobile app: The app may use local storage (e.g. on your device) for account and preferences, and may use device identifiers where necessary for the service or where you have consented (e.g. for push notifications or analytics). Non-essential analytics in the app are only collected where you have accepted in the in-app settings. You can withdraw analytics consent in the app at any time.

11. Your rights (UK GDPR and applicable law)

Depending on your location and applicable law, you may have the right to:

  • Access: request a copy of your personal data we hold.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure: request deletion of your data in certain circumstances (subject to legal exceptions, e.g. where we must retain it for legal obligations).
  • Restriction: request that we restrict processing in certain circumstances.
  • Data portability: receive your data in a structured, commonly used, machine-readable format (where applicable). You may also use "Download my data" or similar features in your profile where we offer them.
  • Object: object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent: where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

To exercise these rights, contact us at the email below. We will respond within the time required by applicable law (e.g. one month under UK GDPR). You also have the right to lodge a complaint with a supervisory authority. In the UK, that is the Information Commissioner's Office (ICO): ico.org.uk.

12. Children

The Platform is not directed at children under the age at which consent is required in their country (e.g. under 13 in the UK/US in certain contexts, or under 16 in some jurisdictions). We do not knowingly collect personal data from such children. If you believe we have collected data from a child in that age group, please contact us and we will take steps to delete it.

13. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure, in line with the risks presented by the processing. However, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security. You are responsible for keeping your account credentials confidential and for any activity under your account. Please notify us promptly of any unauthorised use.

14. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Platform, or legal requirements. We will post the updated policy on this page and update the "Last updated" date. Where changes are material, we may notify you by email or through the Platform. Your continued use of the Platform after the effective date of changes constitutes your acceptance of the updated policy. If you do not agree, you must stop using the Platform.

15. Disclaimer and limitation of liability

This Privacy Policy is provided for information purposes and does not constitute legal advice. You should seek independent legal advice if you have questions about your rights or our processing. To the fullest extent permitted by applicable law: (a) we provide the Platform and our services "as is" and disclaim all warranties (express or implied) regarding the accuracy, completeness, or uninterrupted availability of the Platform; (b) we shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from or in connection with your use of the Platform or this policy, including but not limited to loss of data, profits, or business opportunity; (c) our total liability for any claims arising under or in connection with this policy or the Platform shall not exceed the amount you paid to us in the twelve (12) months preceding the claim (or, if no payment, one hundred pounds sterling or equivalent). Nothing in this section excludes or limits our liability for death or personal injury caused by negligence, fraud, or any other liability that cannot be excluded or limited under applicable law.

16. Governing law

This Privacy Policy and any disputes arising out of or in connection with it (including non-contractual disputes) shall be governed by the laws of England and Wales. The courts of England and Wales shall have exclusive jurisdiction, save that we may bring proceedings in any jurisdiction where you are resident or where a breach has occurred.

17. Contact

For data protection enquiries, to exercise your rights, or for any questions about this Privacy Policy, contact us at: support@flowerrie.com. We will respond as required by applicable law.

Terms of Service · Back to search