Privacy Policy

MassageHub ("we", "us", "our") operates the website massagehub.uk — an online directory for massage therapy services in the United Kingdom. We are the data controller responsible for your personal information collected through this website. Contact: hello@massagehub.uk

We collect the following categories of personal data: Account data: email address, password (stored as a secure hash — never in plain text), display name, and registration date. Listing data (providers only): name/pseudonym, age, city, postcode, phone number, photos, description, services offered and pricing — as entered by you when creating a listing. This data is displayed publicly on your profile. Usage data: IP address and browser type — collected when a visitor reveals a provider's contact number. This data is used solely for fraud prevention and deduplication. IP addresses are automatically anonymised after 90 days. Session data: authentication cookies (prefixed "sb-") set by our authentication provider to keep you logged in. These are strictly necessary and cannot be disabled without breaking login functionality. Communications: messages you send us via the contact form or email. We do not collect payment card details directly — payments (if applicable) are processed by third-party providers who are PCI-DSS compliant.

We use your personal data to: • Operate and improve the MassageHub platform • Display your listing to other users (only data you have explicitly provided and chosen to make public) • Send transactional emails (registration confirmation, listing approval/rejection, password reset) • Prevent fraud, abuse and illegal activity • Comply with our legal obligations under UK law • Respond to your enquiries and support requests We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

Under UK GDPR we process your data on the following legal bases: Contract performance: processing your account and listing information to provide the service you requested. Legitimate interests: improving our platform, preventing fraud, and ensuring platform safety — where this does not override your rights. Legal obligation: retaining certain records as required by UK law. Consent: sending marketing communications (you can withdraw consent at any time).

We do not sell your personal data. We may share data with: Supabase Inc. — our database and authentication provider (data stored in EU data centres). Vercel Inc. — our hosting provider (servers in the EU/UK region). Resend Inc. — our transactional email provider, used solely to send account and listing notifications. Law enforcement or regulatory authorities — if required by law or to protect the safety of users. All third-party processors are bound by data processing agreements consistent with UK GDPR.

We retain your personal data for as long as your account is active. If you delete your account: • Your public listing and profile data is removed immediately. • Account logs and moderation records are retained for up to 12 months for legal and safety purposes. • IP addresses collected for fraud prevention are anonymised after 90 days. • Anonymised analytics data may be retained indefinitely. You can delete your account at any time from your Dashboard → Account Settings.

Under UK GDPR you have the right to: • Access — request a copy of the personal data we hold about you. • Rectification — request correction of inaccurate data. • Erasure ("right to be forgotten") — request deletion of your data in certain circumstances. • Restriction — request that we limit how we use your data. • Portability — receive your data in a machine-readable format. • Object — object to processing based on legitimate interests. • Withdraw consent — at any time for consent-based processing. To exercise any of these rights, email us at hello@massagehub.uk. We will respond within 30 days. If you are unhappy with how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

We use essential cookies required for the site to function (session management, security tokens). We do not use third-party advertising cookies. You can control cookies in your browser settings. Disabling essential cookies may prevent you from logging in or using certain features.

We implement industry-standard security measures including: • HTTPS encryption for all data in transit • Row-level security (RLS) in our database — users can only access their own data • Hashed passwords (never stored in plain text) • Regular security reviews No system is 100% secure. If you discover a security vulnerability, please report it to hello@massagehub.uk.

MassageHub is strictly for adults aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a minor has submitted data to us, please contact us immediately and we will delete it.

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of MassageHub after changes are posted constitutes your acceptance of the revised policy.

For any privacy-related questions, requests or complaints: Email: hello@massagehub.uk Website: massagehub.uk/contacts