Skip to main content
loacally

Privacy Policy

Last updated: 3 April 2026

1. Introduction

Loacally Ltd (“we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our website at loacally.com (the “Platform”).

We are the data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Information You Provide

  • Account information: name, email address, phone number, and password when you create an account.
  • Provider profile information: business name, contact details, trade category, service descriptions, pricing, qualifications, certifications, insurance details, profile photos, and postcode.
  • Booking information: property address, service requirements, preferred dates and times, and any notes provided when booking a visit.
  • Reviews and communications: content of reviews you leave, responses to reviews, and messages sent through the Platform.

2.2 Information Collected Automatically

  • Usage data: pages visited, features used, search queries, and interaction patterns.
  • Device data: browser type, operating system, device type, screen resolution, and language preference.
  • Log data: IP address, access times, referring URLs, and error logs.
  • Location data: approximate location derived from your IP address or postcode provided during search or booking.

2.3 Cookies and Tracking Technologies

We use essential cookies to ensure the Platform functions correctly and analytical cookies to understand how you use our service. For details on the cookies we use and how to manage your preferences, please see our Cookie Policy.

3. How We Use Your Information

We process your personal data for the following purposes:

  • Service delivery: to operate the Platform, process visit bookings, and connect Customers with Providers.
  • Account management: to create and manage your account, verify your identity, and provide customer support.
  • Communications: to send booking confirmations, visit reminders, and service-related notifications.
  • Improvement: to analyse usage patterns, improve the Platform, and develop new features.
  • Safety and security: to detect and prevent fraud, abuse, and other harmful activities.
  • Legal compliance: to comply with applicable laws, regulations, and legal processes.

4. Legal Basis for Processing

Under the UK GDPR, we rely on the following legal bases for processing your personal data:

  • Contract performance: processing necessary to fulfil our obligations under our Terms of Service, such as facilitating bookings and managing accounts.
  • Legitimate interests: processing necessary for our legitimate interests, including improving the Platform, preventing fraud, and marketing (where you have not opted out).
  • Consent: where you have given clear consent for us to process your personal data for a specific purpose, such as marketing communications.
  • Legal obligation: processing necessary to comply with a legal obligation to which we are subject.

5. How We Share Your Information

We do not sell your personal data. We may share your information with:

  • Other users: Customer names and booking details are shared with the relevant Provider (and vice versa) to facilitate visits. Provider profiles, including business name, services, and reviews, are publicly visible.
  • Service providers: trusted third-party companies that help us operate the Platform, such as hosting providers, email services, and analytics tools. These providers are contractually obligated to protect your data.
  • Legal and regulatory bodies: where required by law, regulation, legal process, or governmental request.
  • Business transfers: in connection with a merger, acquisition, or sale of all or a portion of our assets, your data may be transferred to the acquiring entity.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specifically:

  • Account data: retained for the duration of your account and for up to 12 months after account deletion, unless a longer retention period is required by law.
  • Booking data: retained for 6 years after the visit date for tax and legal compliance purposes.
  • Reviews: retained for as long as the associated Provider profile exists, or until you request deletion.
  • Log and analytics data: retained for up to 24 months.

7. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

  • Right of access: you can request a copy of the personal data we hold about you.
  • Right to rectification: you can ask us to correct inaccurate or incomplete personal data.
  • Right to erasure: you can request that we delete your personal data, subject to certain legal exceptions.
  • Right to restrict processing: you can ask us to limit how we use your data in certain circumstances.
  • Right to data portability: you can request your data in a structured, commonly used, machine-readable format.
  • Right to object: you can object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: where processing is based on consent, you can withdraw that consent at any time.

To exercise any of these rights, please contact us at privacy@loacally.com. We will respond to your request within one month, as required by law.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS/SSL.
  • Encryption of sensitive data at rest.
  • Regular security assessments and penetration testing.
  • Access controls and authentication requirements for staff.
  • Secure hosting within UK or EEA data centres.

While we take all reasonable steps to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

9. International Transfers

We primarily store and process your data within the United Kingdom and the European Economic Area (EEA). If we need to transfer your data outside the UK or EEA, we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the Information Commissioner's Office (ICO) or an adequacy decision.

10. Children's Privacy

The Platform is not intended for use by children under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make material changes, we will notify you by posting the updated policy on the Platform with a revised “Last updated” date. We encourage you to review this page periodically.

12. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

13. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us: