Privacy Policy
Last updated: February 2026
1. Who We Are
Wedding Nanny Hub is operated by Tech Events Ltd, a company registered in England and Wales (company number 15911892), with its registered office at Suite 2, St Matthews House, Haugh Lane Industrial Estate, Hexham, NE46 3PU.
We are the data controller for the personal data processed through this platform. For data protection inquiries, contact us at privacy@weddingnannyhub.com.
2. Information We Collect
We collect the following categories of personal data:
Account Information
Name, email address, phone number, and account role (Family or Childcare Provider).
Profile Information (Providers)
Display name, qualifications, experience, hourly/day rates, location (postcode), travel radius, headline, and biography.
Children's Data (Families)
When creating a childcare booking, families provide children's first names, ages, and optionally: allergies, medical needs, and additional care notes. This data is encrypted at rest using AES-256-GCM encryption and is automatically redacted 30 days after the job is completed.
Verification Documents (Providers)
Identity verification documents, DBS (Disclosure and Barring Service) certificates, first aid certificates, and insurance documents. DBS certificate files are deleted immediately after verification; we retain only the verification outcome, date, and certificate type. Our full DBS handling procedures are set out in our Appropriate Policy Document, available on request.
Communications
Messages sent between users through the platform.
Payment Information
Subscription payments are processed by Stripe. We do not store card details. Stripe acts as an independent data controller for payment data — see Stripe's privacy policy.
3. Lawful Basis for Processing
We process your personal data on the following legal bases under UK GDPR:
| Processing Activity | Lawful Basis |
|---|---|
| Account creation and management | Performance of contract (Article 6(1)(b)) |
| Provider verification (ID, DBS) | Legitimate interest in safeguarding children (Article 6(1)(f)); Substantial public interest for DBS data (Schedule 1, Part 2, para 18 DPA 2018) |
| Children's health data (allergies, medical needs) | Explicit consent (Article 9(2)(a)) and vital interests of the child (Article 9(2)(c)) |
| Messaging between users | Performance of contract (Article 6(1)(b)) |
| Subscription payments | Performance of contract (Article 6(1)(b)) |
| Transactional emails | Performance of contract (Article 6(1)(b)) |
| Security logging and audit trail | Legitimate interest in platform security (Article 6(1)(f)) |
| Safeguarding incident records | Legal obligation (Article 6(1)(c)) |
4. Data Recipients and Processors
We share your data with the following third parties:
- Stripe (payments) — processes subscription payments as an independent controller
- Resend (email delivery) — delivers transactional emails as a data processor
- Hosting provider — our platform infrastructure provider, acting as a data processor
Provider profiles are visible to other platform users in accordance with profile visibility settings. We do not sell personal data to third parties.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Duration of account + 2 years after closure (dispute resolution) |
| Children's health data (allergies, medical needs) | Redacted 30 days after job completion |
| DBS certificate files | Deleted immediately after verification decision |
| DBS verification records (outcome, date, type) | Duration of provider account + 6 years |
| Messages | Duration of account + 1 year |
| Payment records | 6 years (HMRC requirement) |
| Audit logs | 12 months |
| Password reset tokens | 24 hours |
| Profile views | 90 days |
Automated cleanup processes run regularly to enforce these retention periods.
6. Data Security
We protect your data with the following measures:
- All connections encrypted in transit (TLS/SSL) and database connections enforced over SSL
- Sensitive data (children's health information) encrypted at rest using AES-256-GCM field-level encryption
- Passwords hashed using bcrypt with 12 rounds
- Rate limiting and account lockout to prevent brute-force attacks
- Two-factor authentication available for all accounts
- Document uploads scanned for malware before acceptance
- Role-based access controls and comprehensive audit logging
- Content Security Policy (CSP), HSTS, and other security headers
7. Your Rights
Under UK GDPR, you have the following rights in relation to your personal data:
- Right of access (Article 15) — request a copy of all data we hold about you. You can download your data instantly from your Account Settings page.
- Right to rectification (Article 16) — correct inaccurate personal data via your profile or by contacting us.
- Right to erasure (Article 17) — delete your account and all associated data from your Account Settings page.
- Right to restriction of processing (Article 18) — request that we limit how we use your data.
- Right to data portability (Article 20) — receive your data in a structured, machine-readable format (JSON export available from Account Settings).
- Right to object (Article 21) — object to processing based on legitimate interests.
- Rights related to automated decision-making (Article 22) — we do not make solely automated decisions that significantly affect you.
To exercise any of these rights, use the tools in your Account Settings or contact us at privacy@weddingnannyhub.com. We will respond within 30 days.
8. Children's Data
We collect limited data about children solely to enable childcare providers to deliver safe and appropriate care. This includes first names, ages, and optionally health information (allergies, medical needs). In accordance with the ICO Children's Code:
- Children's health data is encrypted at rest and automatically redacted after the event
- Only the booking family and their selected provider can see children's health details
- We collect the minimum data necessary for safe childcare delivery
- Children's data is not used for marketing or profiling
9. Criminal Records Data (DBS)
We process DBS certificate data under our Appropriate Policy Document, as required by the Data Protection Act 2018 Schedule 1. Certificate files are deleted immediately after the verification decision. We retain only the verification outcome, date, and certificate type. Our full DBS Handling Policy is available on request.
10. Cookies
We use only essential cookies required for the platform to function:
- Authentication cookie — maintains your logged-in session (expires after 24 hours)
- Stripe cookies — set during the payment checkout process
We do not use analytics, advertising, or third-party tracking cookies.
11. Complaints
If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk/make-a-complaint
- Telephone: 0303 123 1113
We would appreciate the opportunity to address your concerns before you contact the ICO — please email us at privacy@weddingnannyhub.com first.
12. Contact
Tech Events Ltd
Suite 2, St Matthews House, Haugh Lane Industrial Estate
Hexham, NE46 3PU
Email: privacy@weddingnannyhub.com