Privacy Policy

Last updated: March 2026

This Privacy Policy explains how Huskai ("we", "us", "our") collects, uses, and protects personal data when you visit huskai.co.uk, use our Haul e-commerce platform, or interact with us in any way. We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Huskai is a UK-based business that builds AI-powered tools for small businesses. Our first product is Haul, a multi-tenant e-commerce platform for independent sellers.

• Trading name: Huskai
• Website: huskai.co.uk
• Contact email: hello@huskai.co.uk

For the purposes of data protection law, Huskai is the data controller for personal data collected through huskai.co.uk and for merchant account data on the Haul platform. For customer data processed on behalf of Haul merchants, Huskai acts as a data processor — see our Data Processing Agreement for details.

2. What Data We Collect

2.1 Visitors to huskai.co.uk

When you visit our website, we may collect:

• Technical data: IP address, browser type, operating system, referring URL, pages visited, and timestamps. This data is collected automatically by our hosting provider (Cloudflare).
• Contact data: If you fill in a contact form or email us, we collect your name, email address, and the content of your message.
• Newsletter data: If you subscribe to our newsletter or join our Discord community, we collect your email address.

2.2 Haul Merchants (Our Customers)

When you sign up for a Haul account, we collect:

• Account data: Name, email address, business name, and password (stored securely using one-way hashing).
• Billing data: Payment card details are collected and processed by Stripe — we never see or store your full card number. We store your Stripe customer ID and subscription status.
• Store data: Product listings, images, categories, orders, and other content you create within Haul.
• Usage data: How you use the platform, feature usage, and support interactions.

2.3 Customers of Haul Merchants

When someone places an order through a Haul-powered store, the merchant is the data controller for that customer's data. We process this data on the merchant's behalf as a data processor. This data may include:

• Name, email address, and shipping address
• Order history and basket contents
• Payment information (processed by Stripe)

If you are a customer of a Haul-powered store, please refer to that merchant's own privacy policy for details on how they handle your data.

3. How We Use Your Data

We use personal data for the following purposes:

• To provide our services: Operating the Haul platform, processing subscriptions, and providing customer support. (Legal basis: contract performance)
• To communicate with you: Responding to enquiries, sending service updates, and important notices about your account. (Legal basis: contract performance / legitimate interest)
• To improve our services: Understanding how our website and platform are used, fixing bugs, and developing new features. (Legal basis: legitimate interest)
• To comply with legal obligations: Tax reporting, fraud prevention, and responding to lawful requests. (Legal basis: legal obligation)
• Marketing: If you opt in, we may send you newsletters or product updates. You can unsubscribe at any time. (Legal basis: consent)

4. Who We Share Data With

We do not sell your personal data. We share data only with the following categories of service providers, all of whom are bound by contractual obligations to protect your data:

• Cloudflare: Website and platform hosting, CDN, security, and edge computing (Pages, Workers, KV, R2). Cloudflare Privacy Policy
• Stripe: Payment processing for subscriptions and merchant transactions. Stripe Privacy Policy
• Resend: Transactional email delivery (order confirmations, password resets, etc.). Resend Privacy Policy

We may also share data if required by law, regulation, or legal process.

5. International Data Transfers

Our hosting provider Cloudflare operates a global network, which means your data may be processed in countries outside the UK. Cloudflare participates in appropriate data transfer mechanisms, including Standard Contractual Clauses (SCCs) and the UK International Data Transfer Agreement (IDTA), to ensure your data is protected to UK GDPR standards regardless of where it is processed.

Stripe and Resend are US-based companies that also rely on SCCs and other approved transfer mechanisms for international data transfers.

6. How Long We Keep Your Data

• Website visitor data: Server logs are retained for up to 90 days.
• Contact enquiries: Retained for up to 2 years after the conversation ends, unless a longer period is needed for legal reasons.
• Merchant accounts: Retained for the duration of your subscription and for up to 6 years after account closure (to meet UK tax and accounting requirements).
• Merchant customer data: Retained for as long as the merchant's account is active. When a merchant closes their account, their customer data is deleted within 30 days unless legal retention requirements apply.
• Basket data: Session-based basket data expires automatically after 7 days.

7. Cookies

We currently use only essential cookies required for the website and platform to function (such as session cookies). We do not use tracking or advertising cookies at this time. See our Cookie Policy for full details.

8. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Ask us to correct inaccurate or incomplete data.
• Right to erasure: Ask us to delete your data (subject to legal retention requirements).
• Right to restrict processing: Ask us to limit how we use your data.
• Right to data portability: Receive your data in a structured, commonly used format.
• Right to object: Object to processing based on legitimate interest or direct marketing.
• Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, email us at hello@huskai.co.uk. We will respond within 30 days.

9. Security

We take appropriate technical and organisational measures to protect your data, including:

• Encryption in transit (HTTPS/TLS) and at rest
• Secure password hashing
• Database-per-tenant isolation on the Haul platform
• Regular security reviews
• Access controls and principle of least privilege

10. Children's Privacy

Our services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our website or emailing you directly. The "last updated" date at the top of this page indicates when the policy was last revised.

12. Complaints

If you have concerns about how we handle your data, please contact us first at hello@huskai.co.uk. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

13. Contact Us

For any questions about this Privacy Policy or your personal data, contact us at:

• Email: hello@huskai.co.uk
• Website: huskai.co.uk