Privacy policy
Last updated: April 2026
1. Introduction
Sustainfind (sustainfind.co.uk) is a web-based platform that connects consumers with independent food and drink producers across the United Kingdom. We help you discover local producers, understand food miles, and buy directly from the people who make your food.
This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website, use our services, or interact with us. It applies to all visitors, registered users, and producers who use the platform.
Sustainfind is operated by Sustainfind Ltd. For the purposes of UK data protection law (the UK General Data Protection Regulation and the Data Protection Act 2018), we are the data controller.
2. Information We Collect
2.1 Information from consumers (website visitors)
Postcode: When you enter your postcode to personalise your experience, it is stored locally on your device (in your browser’s localStorage). We do not transmit or store your postcode on our servers. You can clear it at any time by clearing your browser data.
Approximate location: On your first visit, we may use your IP address to determine your approximate location (city-level) via a geolocation service. This is used solely to show you relevant local producers before you enter a postcode. We do not store your IP address for this purpose.
Email address: If you subscribe to our newsletter, we collect your email address. We use this only to send you updates about Sustainfind. You can unsubscribe at any time.
Usage data: We collect anonymised, aggregate data about how visitors interact with the platform, including pages viewed, features used, and general navigation patterns. This data cannot identify individual visitors and is used to improve the platform.
Cookies and similar technologies: We use essential cookies and localStorage to provide core functionality (such as remembering your postcode). We may also use analytics cookies to understand how the platform is used. See section 7 for details.
2.2 Information from producers
Account information: When a producer signs up or claims a listing, we collect their business name, contact email address, business location (address, town, county, postcode, coordinates), primary category, and a description of their business.
Profile information: Producers on paid plans may additionally provide their business story, website and shop URLs, social media links, sustainability credentials, opening hours, phone number, logo, and images. All profile information is voluntarily provided and publicly displayed on the platform.
Authentication data: We use email-based one-time passcodes (OTP) to verify producer identity. OTPs are temporary, expire after 15 minutes, and are not stored permanently.
Session data: When a producer logs into their dashboard, we create a session token stored in their browser’s localStorage and on our servers (via Netlify Blobs). Sessions expire after 7 days.
Subscription and billing: If a producer subscribes to a paid plan, payment processing is handled entirely by Stripe. We do not collect, store, or have access to payment card details. We store a reference to the Stripe customer ID on the producer’s profile to manage their subscription status. Stripe’s privacy policy applies to all payment data.
2.3 Analytics data (producer dashboard)
We collect aggregate analytics data about how consumers interact with producer listings on the platform. This includes impression counts (how many times a listing appeared on the map, category pages, or county pages), click counts, profile page views, and outbound link clicks. This data is shown to producers in their dashboard to help them understand their listing’s performance.
Analytics data is aggregate and does not identify individual consumers. We store visitor location data at the postcode outcode level only (e.g. “NG1” or “NG12”), never full postcodes. We do not store IP addresses, user agents, or any other personally identifiable information in analytics data.
3. How We Use Your Information
We use the information we collect for the following purposes:
To provide and personalise the platform: showing you producers near your location, calculating food miles distances, and displaying relevant content.
To manage producer accounts: verifying identity, maintaining profiles, processing subscription changes, and providing analytics.
To communicate with you: sending newsletter updates (if subscribed), transactional emails to producers (OTP codes, subscription confirmations), and responding to enquiries.
To improve the platform: understanding how the platform is used, identifying issues, and developing new features.
To comply with legal obligations: including UK data protection law, tax requirements, and responding to lawful requests from authorities.
We do not use your personal information for targeted advertising. We do not sell your personal information to third parties. We do not build individual consumer profiles or track individual browsing behaviour across sessions.
4. How We Share Your Information
We share personal information only in the following limited circumstances:
Shopify: Our platform is hosted on Shopify, which processes data related to website hosting, content delivery, and platform operation. Shopify’s Consumer Privacy Policy applies to data they process.
Stripe: Producer subscription payments are processed by Stripe. We share the producer’s email address and subscription details with Stripe to manage billing. Stripe’s privacy policy governs all payment data.
Resend: We use Resend to send transactional emails (OTP codes, notifications). The recipient’s email address is shared with Resend for this purpose.
Netlify: Our serverless functions (handling signup, authentication, and analytics logging) are hosted on Netlify. Data processed by these functions passes through Netlify’s infrastructure.
Mapbox: Our interactive map is powered by Mapbox. Mapbox may collect usage data related to map interactions. No personal information is shared with Mapbox by us.
Postcodes.io: We use the Postcodes.io API to convert postcodes to geographic coordinates. Postcodes entered by users are sent to this service. Postcodes.io is a free, open-source service maintained by Ideal Postcodes.
We may also disclose information where required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Sustainfind, our users, or the public.
Producer profile information (business name, location, story, images, sustainability credentials, and contact details) is publicly displayed on the platform by design. Producers control what information appears on their profile through their dashboard.
5. External Links to Producer Websites
Sustainfind is a discovery platform. When you click through to a producer’s own website to view their products or make a purchase, you leave Sustainfind. Any information you provide to the producer’s website is governed by their privacy policy, not ours. We are not responsible for the privacy practices or content of external websites.
6. Data Storage and Security
Consumer data stored on your device (postcode in localStorage) remains on your device and is not transmitted to us. You can clear this at any time through your browser settings.
Producer account data is stored on Shopify (metaobject data), Netlify (session tokens and analytics), and Stripe (billing data). All services use encryption in transit (HTTPS/TLS) and at rest.
We take reasonable measures to protect personal information from unauthorised access, alteration, disclosure, or destruction. However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.
7. Cookies and Local Storage
Sustainfind uses cookies and browser localStorage for the following purposes:
Essential (localStorage): Storing your postcode preference to personalise your experience across page visits. Storing producer session tokens for dashboard access. These are necessary for the platform to function and cannot be disabled.
Analytics: We may use cookies or similar technologies to collect anonymised usage data to help us understand how the platform is used and to improve it. You can manage analytics cookies through your browser settings.
Affiliate tracking: We use GoAffPro to track referrals from Sustainfind to producer websites. GoAffPro may set cookies to attribute sales to Sustainfind. This data is used for commission tracking purposes only.
We do not use advertising cookies or tracking pixels for targeted advertising purposes.
8. Your Rights
Under UK data protection law, you have the following rights:
Right of access: You can request a copy of the personal information we hold about you.
Right to rectification: You can request that we correct inaccurate or incomplete personal information.
Right to erasure: You can request that we delete your personal information, subject to certain legal exceptions.
Right to restrict processing: You can request that we limit how we use your personal information.
Right to data portability: You can request a copy of your personal information in a structured, commonly used, machine-readable format.
Right to object: You can object to our processing of your personal information in certain circumstances.
Right to withdraw consent: Where we rely on your consent to process personal information, you can withdraw that consent at any time.
Producers can manage, update, or delete their profile information at any time through their producer dashboard. To delete a producer account entirely, contact us at the details below.
To exercise any of these rights, please contact us using the details in section 11. We will respond to your request within one month, as required by law. We may need to verify your identity before processing your request.
9. Data Retention
Consumer data: Postcode data is stored on your device and persists until you clear your browser data. Newsletter email addresses are retained until you unsubscribe. Anonymised analytics data is retained indefinitely.
Producer data: Producer account and profile data is retained for as long as the account is active. If a producer deletes their account or requests erasure, we will delete their personal information within 30 days, except where we are required to retain it for legal or regulatory purposes. Subscription and billing records may be retained for up to 7 years for tax and accounting compliance.
10. Children’s Privacy
Sustainfind is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
11. Contact Us
If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about how we handle your personal information, please contact us:
Email: hello@sustainfind.co.uk
Address: Sustainfind, Suite 94, Sneinton Market Unit 6, Gedling Street, Nottingham. NG1 1DS
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s data protection supervisory authority, at ico.org.uk.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes to our practices, services, or legal requirements. We will post the updated policy on this page and update the “Last updated” date. We encourage you to review this policy periodically.