NovaBid
/

Privacy Policy

Last updated: 1 June 2026

NovaBid Ltd ("we", "us") respects your privacy. This policy explains what personal data we collect when you use NovaBid, why we collect it, how we use it, who we share it with, and the rights you have under UK GDPR and the Data Protection Act 2018.

1. Who we are

NovaBid Ltd is a company registered in Scotland (company number SC886622), based in Edinburgh, Scotland. Our registered email is hello@novabid.co.uk. We are the data controller for the personal data described in this policy, registered with the UK Information Commissioner's Office (ICO) under registration number C1920821.

2. What we collect

Account data — name, email, phone, company name, role (SMB or hotel). Booking data — trip details (city, dates, budget, guest names and emails), confirmation codes, payment status. Hotel partner data — hotel name, address, contact details, photos, amenities, Stripe payout account identifier. Technical data — IP address, browser, device type, login timestamps. We do not store payment card numbers; payment is handled by Stripe.

3. Why we collect it (lawful bases)

To perform the service contract you have with us — creating accounts, processing bookings, paying hotels, sending receipts (Article 6(1)(b) UK GDPR). To meet legal obligations such as tax records and fraud prevention (Article 6(1)(c)). For legitimate interests such as platform security and customer support (Article 6(1)(f)).

4. Who we share it with

Stripe (payment processing & hotel payouts), Supabase (database & authentication, EU region), Resend (transactional email), Google Workspace (our internal email), Vercel (web hosting), Cloudflare (DNS & CDN). Each is contractually bound to handle your data only as we direct. None sell or use it for advertising.

5. International transfers

Most of our processing happens in the UK and EU. Where data is transferred outside the UK/EU, it is to providers covered by the EU–US Data Privacy Framework or under Standard Contractual Clauses approved by the ICO.

6. How long we keep it

Account data: while your account is open, plus 7 years after closure for tax records. Booking data: 7 years (HMRC requirement). Marketing logs: 2 years.

7. Your rights

Under UK GDPR you can request access to your data, correction of inaccurate data, deletion (subject to legal hold periods above), restriction or objection to processing, and portability of your data. To exercise any right, email hello@novabid.co.uk. We respond within 30 days.

8. Cookies

We use a small set of strictly necessary cookies for authentication and session security. We do not use advertising or third-party tracking cookies on the marketing site.

9. Complaints

If you are unhappy with how we handle your data, contact us first at hello@novabid.co.uk. You also have the right to complain to the UK Information Commissioner (ico.org.uk) or, if you are in the EU, your local supervisory authority.

10. Changes

We may update this policy as the service evolves. Material changes will be communicated by email at least 14 days before they take effect.