Privacy Policy
Last updated: 26 May 2026
Sowo is the trading name of SOWO LIMITED, a company registered in Scotland (company number SC890878) with its registered office at Stirling FK8. We run the website usesowo.com and its subdomains. We are the data controller for the personal data described below.
This page is written in plain English. If something is unclear, email join@usesowo.com and we will answer in plain English too.
1. What we collect and why
Provider applications
When someone applies to list their service through /join, we collect their full name, email, phone number, service category, area, years of experience, a short bio, and their Instagram, TikTok or Facebook handles if they share them. We use this to decide whether to invite them onto Sowo and to contact them about the outcome. Legal basis: legitimate interest (running a marketplace).
Accounts
When you sign up, Supabase records your email and a hashed password, or your Google account identifier if you choose to sign in with Google. We store your display name, an optional avatar and your general location (e.g. “London”) on your profile. Legal basis: contract (we need an account to give you the service).
Provider listings
For data-protection enquiries, contact us at join@usesowo.com. We are the data controller for the personal data covered by this policy. Approved providers add a bio, skills, languages, services, prices, social links and portfolio images to their listing. These appear publicly on /browse and on the provider's profile page. Legal basis: contract.
Verification documents
If a provider asks to be verified, we ask for documents like a photo ID, proof of address and any relevant qualifications. These are uploaded to a private storage bucket that only Sowo moderators can read; they never appear on the public profile. Providers can remove documents from /account/verification at any time. Legal basis: legitimate interest (verifying providers protects users who book them).
Requests, messages and quotes
When you post a request (for example “Need a hair stylist in N16 for a wedding”) we store the title, description, area and category. When you message a provider we store the conversation, message bodies, and any quote (service, price, note). Messages are visible to the two participants and, if a moderator needs to investigate a report, to Sowo. Legal basis: contract.
Bookings and payments
Sowo does not store card details. When you pay for a service we redirect you to Stripe Checkout; Stripe processes the card, holds funds in escrow, and sends us a booking record (amount, currency, status, references). Provider payouts go through Stripe Connect. Legal basis: contract.
Reviews and vouches
After a booking you can leave a star rating and a short review. Other Sowo users can also vouch for a provider they trust. Your name shown on a review or vouch is the display name from your profile. Legal basis: legitimate interest (trust signals are the point of the marketplace).
Reports and moderation
If you report a listing, message or user, we store the report, the target, your reason and the resolution. Sowo moderators can also hide listings, suspend accounts or revoke a verified badge, and we keep an audit log of who took what action. Legal basis: legitimate interest (keeping the marketplace safe).
2. Who else sees your data
We do not sell your data. We share it only with the small set of processors below, all under data-protection agreements:
- Supabase (database, auth, storage). EU servers (Frankfurt). Holds your profile, listings, messages, requests, bookings and verification documents.
- Stripe (payments and payouts). Processes your card and the provider's payout. Subject to Stripe's own privacy notice.
- Resend (transactional email). Sends emails like “new message”, “payment held” or “verification approved”. US-based; transfers are covered by the UK–US Data Bridge.
- Vercel (hosting). Serves the site and our API routes. US and EU edge locations.
If we add another processor, we will list it here before it starts handling your data.
3. How long we keep it
- Provider applications: up to 12 months from submission if not approved; for the duration of the listing if approved.
- Accounts, listings, messages, reviews, requests: while your account is active. When you deactivate, we keep the profile in a soft-deleted state for 30 days so you can sign back in to restore it; after that the account is deleted.
- Verification documents: while you hold the verified badge. If you remove them or your verified status ends, the documents are deleted.
- Booking and payment records: 6 years from the booking date, in line with HMRC retention rules for financial records.
- Moderation audit log: 6 years from the action, so we can answer questions about decisions taken.
4. Cookies
We use one kind of cookie: the strictly-necessary session cookie Supabase sets to keep you signed in. It expires when you sign out. We do not use analytics, advertising or third-party tracking cookies, so you will not see a cookie banner. If we ever add analytics, we will switch to an opt-in banner first.
5. Your rights
Under UK GDPR you have the right to:
- Ask what data we hold about you.
- Have inaccurate data corrected.
- Have your data deleted (subject to the retention rules above).
- Object to processing based on legitimate interest.
- Withdraw consent where consent is the basis.
- Export your data in a portable form.
- Complain to the Information Commissioner's Office (ICO) if you think we have got it wrong.
For any of the above, email join@usesowo.com. We aim to respond within 14 days and have 30 days by law.
6. Security
Data is encrypted in transit (TLS) and at rest. Access to the production database is restricted to the founder and named admins, and every admin action is logged. Verification documents are kept in a separate storage bucket that is only readable by moderators. Passwords are hashed by Supabase, not stored in plain text.
7. Children
Sowo is not for under-18s. If you believe an account belongs to someone under 18, email us and we will close it.
8. International transfers
Most data stays in the EU (Supabase Frankfurt). Stripe, Resend and Vercel move some data to the US; those transfers rely on the UK–US Data Bridge and Standard Contractual Clauses.
9. Changes to this policy
If we change what we collect or who sees it, we update this page and bump the “last updated” date at the top. For significant changes we will also email registered users.
10. No surprise data uses
We will not use your data for something this policy does not describe. If a future feature needs new data, we will update this page before it ships.
11. Contact
SOWO LIMITED
Stirling FK8
join@usesowo.com