Privacy Policy

OpenStable is an online marketplace connecting horse owners with livery yards and activity providers across the UK. We are operated by Alex Crowley, a sole trader trading as OpenStable, whose principal place of business is at Silver Birches, Ox Drove, Newbury, RG20 9JS, England.

For the purposes of the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018, we are the data controller of your personal data.

We are registered with the Information Commissioner’s Office (ICO).

If you have any questions about how we use your personal data, please contact us at privacy@openstable.co.uk.

We collect the following categories of personal data:

Account data

• Email address (required to create an account)
• Your role on the platform (horse owner or yard owner)
• OAuth profile information if you sign in with Google (name, email, profile picture)

Horse owner profile data

• Your first name
• Your horse’s name and type
• Livery preferences, timeline, and riding level
• A brief situation note you choose to share with yards
• Your search postcode and preferred search radius
• Horse photo (if uploaded)

Yard owner profile and listing data

• Yard name, postcode, county, and geographic coordinates (derived from your postcode)
• Contact name, phone number, email address, and website
• Yard description, facilities, services, and photos
• Availability information and activity slot details

To protect user privacy, exact addresses are not publicly displayed unless explicitly provided by the yard owner.

Communication data

• Enquiry messages sent between horse owners and yard owners
• Reviews and ratings you submit
• Yard owner responses to reviews

Payment and subscription data

• Your subscription tier (Free or Pro)
• Stripe customer ID and subscription ID
• We do not store your payment card details. All payment processing is handled directly by Stripe. Please review Stripe’s Privacy Policy for details of how they handle your payment data.

Technical and usage data

• Session tokens and authentication data (managed by Supabase)
• IP address and browser information (collected automatically by our infrastructure)
• Pages visited and features used on the platform (collected via PostHog analytics)
• Error and diagnostic information (collected via Sentry error monitoring)
• Saved yards and shortlists

We collect personal data in the following ways:

• Directly from you — when you register, complete your profile, post a listing, send an enquiry, write a review, or contact us.
• Automatically — when you use the platform, we collect technical data such as session tokens, IP addresses, usage information, and error reports through cookies and our infrastructure and analytics providers (Supabase, PostHog, and Sentry).
• From third parties — if you choose to sign in using Google, we receive basic profile information (name and email) from that provider.

Under UK GDPR, we must have a lawful basis for processing your personal data. The bases we rely on are:

• Performance of a contract (Article 6(1)(b)) — to provide you with our platform services, including creating and managing your account, enabling enquiries and messaging between horse owners and yard owners, and processing subscription payments.
• Legitimate interests (Article 6(1)(f)) — to operate and improve the platform, prevent fraud and abuse, ensure platform security, and send transactional notifications (such as new enquiry alerts and message notifications). Our legitimate interests do not override your rights and freedoms.
• Consent (Article 6(1)(a)) — for optional marketing communications and email notifications that you can control in your account settings. You may withdraw your consent at any time.
• Legal obligation (Article 6(1)(c)) — to retain payment records as required by UK tax law (currently 7 years).

We use your personal data to:

• Create and manage your account
• Display your yard listing or horse owner profile to relevant users
• Make certain information you choose to include in your profile or yard listing (such as your first name, horse details, yard description, facilities, and photos) visible to other users of the platform in order to facilitate connections between horse owners and yards
• Enable enquiries and messaging between horse owners and yard owners
• Show search results and availability based on your preferences and location
• Process subscription payments and manage your billing
• Send transactional emails (such as new enquiry notifications, message alerts, and availability expiry reminders)
• Send review prompt emails following a secured livery placement (where you have not opted out)
• Display and facilitate user reviews
• Improve platform functionality, fix bugs, and develop new features
• Detect and prevent fraud, abuse, or violations of our Terms & Conditions. We may review messages and communications sent through the platform for this purpose.
• Comply with our legal obligations

Reviews represent the personal opinions of the users who submit them and are published in good faith as part of the platform service. OpenStable does not verify the accuracy of reviews. Reviews must comply with our Terms & Conditions, and we reserve the right to remove content that breaches those terms.

We share your personal data only with trusted third-party service providers who process data on our behalf. All processors are bound by data processing agreements and must handle your data securely.

• Supabase — our database and authentication infrastructure provider. Your data is stored on servers located in the EU. Supabase acts as a data processor on our behalf.
• Google — we use the Google Geocoding API to convert postcodes to geographic coordinates for search functionality. We also support Google as an OAuth sign-in provider. Google may process your data in accordance with their privacy policy.
• Stripe — our payment processor for subscription billing. Stripe processes payment card data directly and is PCI-DSS compliant.
• Resend — our transactional email delivery provider. Resend receives your email address and the content of emails sent on your behalf.
• PostHog — our product analytics provider. PostHog collects information about pages you visit and features you use in order to help us understand how the platform is used and improve it. PostHog may set cookies or use local storage to identify your session. PostHog is based in the United States; data transfers are covered by Standard Contractual Clauses. You can learn more at posthog.com/privacy.
• Sentry — our error monitoring provider. Sentry captures technical error and diagnostic information (including stack traces and browser context) to help us identify and fix bugs. Sentry does not receive your payment card details or passwords. Sentry is based in the United States; data transfers are covered by Standard Contractual Clauses. You can learn more at sentry.io/privacy.

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. We will disclose your data to the ICO or other law enforcement authorities if required by law.

Your data is primarily stored in the EU via Supabase. Where we use third-party processors based outside the UK or EEA (including Google, Stripe, Resend, PostHog, and Sentry), we ensure that appropriate safeguards are in place, including reliance on Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner, or the equivalent international transfer mechanism.

We retain your personal data for the following periods:

• Active accounts — for as long as your account remains active, plus 90 days following account deletion to allow for any disputes or recovery requests.
• Deleted accounts — personal data is anonymised or deleted within 30 days of account deletion. Some aggregated, anonymised data (such as review scores without personal identifiers) may be retained for platform quality purposes.
• Payment and billing records — retained for 7 years as required by UK financial regulations.
• Messages and enquiries — retained for the duration of your account and deleted or anonymised upon account deletion.

You have the following rights regarding your personal data:

• Right of access — you can request a copy of the personal data we hold about you (a Subject Access Request).
• Right to rectification — you can ask us to correct inaccurate or incomplete data. Most profile data can be updated directly in your account settings.
• Right to erasure — you can request deletion of your personal data. You can delete your account directly from the settings page. Certain data may be retained where we have a legal obligation to do so.
• Right to data portability — you can request a copy of your data in a structured, machine-readable format.
• Right to restrict processing — you can ask us to pause processing of your data in certain circumstances.
• Right to object — you can object to processing based on legitimate interests, including for direct marketing.
• Right to withdraw consent — where processing is based on your consent (e.g. marketing emails), you can withdraw it at any time via your account settings or by contacting us.

You may delete your account from your account settings at any time.

To exercise any of these rights, please contact us at privacy@openstable.co.uk. We will respond within one calendar month.

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the ICO at ico.org.uk or by calling 0303 123 1113.

We implement appropriate technical and organisational security measures to protect your personal data, including encrypted data transmission (HTTPS), access controls, and secure infrastructure providers. However, no method of transmission over the internet is completely secure, and we cannot guarantee the absolute security of your data.

We use cookies and similar technologies to operate the platform. The cookies we use are:

• Essential / session cookies — used by Supabase to manage your authenticated session. These are strictly necessary for the platform to function and cannot be disabled.
• Analytics cookies / local storage — used by PostHog to track page views and feature usage so we can understand how the platform is used and improve it. PostHog uses cookies and/or local storage to maintain an anonymous session identifier. These are analytics cookies, not advertising cookies.

We do not use third-party advertising or behavioural targeting cookies. If this changes, we will update this policy and request your consent where required.

OpenStable is intended for users aged 18 and over. We do not knowingly collect personal data from children under 18. If you believe a child has provided us with personal data, please contact us at privacy@openstable.co.uk and we will delete it promptly.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email before the changes take effect. The date at the top of this page reflects when the policy was last updated. Continued use of the platform after changes take effect constitutes your acceptance of the updated policy.

For any questions or concerns about this Privacy Policy or how we handle your data, please contact our privacy team at:

Email: privacy@openstable.co.uk
Post: Alex Crowley t/a OpenStable, Silver Birches, Ox Drove, Newbury, RG20 9JS, England