Gluten-Free Tribe

Privacy Policy

Effective date: 1 November 2025

This Privacy Policy explains how Glutenfree Tribe (“we”, “us”, “our”) collects, uses, and protects your personal data when you use our website and services (the “Service”). We operate under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are and contact

Data controller: Glutenfree Tribe
Email: hello@theglutenfreetribe.com

2. Personal data we collect

  • Account data: username, email, password (hashed), role (user/creator).
  • Creator profile data: display name, bio, avatar, social links, theme settings.
  • Content data: places, recipes, blogs, images, comments, ratings, saves, follows.
  • Usage data: pages viewed, interactions, approximate location if you allow, device info, IP address.
  • Support data: messages you send us (e.g., emails, forms).
  • Geolocation (optional): when you click “Use my location” we request browser geolocation for nearby search. We do not continuously track your location.

Some personal data (for example, your email address and a password) is necessary to create and maintain an account. If you choose not to provide this information, you may not be able to use certain features of the Service.

3. How we use your data - purposes and lawful bases

  • Provide the Service (account creation and login, profiles, saved places/recipes, search and content surfacing). Lawful basis: contract necessity (when you create an account and use core features); legitimate interests (running and improving an online gluten-free community and directory).
  • Safety and moderation (detect and prevent abuse, spam, fraud, infringement, security incidents). Lawful basis: legitimate interests (keeping the Service safe for users); legal obligation where applicable.
  • Communications (account notices, service and security updates). Lawful basis: contract necessity; legitimate interests (keeping you informed about important changes to the Service).
  • Marketing (optional) (updates about new features, creator tips, and relevant content). Lawful basis: consent (you can withdraw marketing consent at any time via unsubscribe links or by contacting us).
  • Analytics (understand how the Service is used, improve performance and features). Lawful basis: consent where required (for non-essential analytics cookies, such as Google Analytics).
  • Location-based features (e.g. “Use my location” to find nearby places). Lawful basis: consent (you choose whether to share your location in your browser).
  • Legal and compliance (respond to lawful requests, enforce our Terms, handle disputes). Lawful basis: legal obligation; legitimate interests (protecting our platform and users).

4. Sharing and international transfers

Our core infrastructure (including user accounts, content, and databases) is hosted in the UK, and emails are sent from our UK-based servers. Some third-party services we use — such as Google (for maps and analytics) — may process data outside the UK or European Economic Area. Where this occurs, we rely on the safeguards those providers have in place, such as standard contractual clauses or other recognised transfer mechanisms used by those providers to ensure an adequate level of protection.

5. Retention

  • Account data: kept while your account is active and for up to 24 months after closure for security, fraud prevention, dispute handling, and legal compliance.
  • Creator content (places, recipes, blogs): kept while published on the Service. You can delete or unpublish content in your dashboard; backups and logs may retain residual copies for a limited time.
  • Logs and security data: typically retained 12–24 months, unless we need to keep them longer to investigate or respond to incidents.
  • Marketing preferences: kept until you unsubscribe or withdraw consent, or we stop sending marketing for that purpose.
  • Support communications: kept for as long as necessary to handle your request and for a reasonable period afterwards (for example, to follow up or resolve disputes).
  • Backups: rotate on schedules; residual copies of personal data may persist temporarily in backup archives before being overwritten.

6. Your rights

Under data protection law you have rights over your personal data, including the right to access, rectify, erase, restrict or object to processing, the right to data portability, and the right to withdraw consent where we rely on consent. You can exercise most rights via your account settings or by contacting us at hello@theglutenfreetribe.com. We may need to verify your identity before responding.

You also have the right to complain to the UK Information Commissioner’s Office (ICO) if you are unhappy with how we use your data: ico.org.uk. We would appreciate the chance to deal with your concerns before you approach the ICO.

7. Children

The Service is not intended for children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has created an account, please contact us and we will remove the account and associated data.

8. Security

We use appropriate technical and organisational measures to protect personal data (e.g., encryption in transit, access controls). No system is 100% secure; please protect your login and report any suspicious activity.

9. Cookies and similar technologies

See our Cookie Policy for details on cookies and your choices (including consent).

10. Changes

We may update this policy. We’ll post the updated date at the top. Significant changes may be notified in-product or by email.

11. Contact

Email: hello@theglutenfreetribe.com

← Home Terms Cookies