Privacy Policy

Owo360 operates the Owo360 website, mobile apps, booking marketplace, vendor tools, and related support services (together, the Platform).

For most of the personal information described in this notice, Owo360 is the data controller for the purposes of the UK GDPR and the Data Protection Act 2018 because we decide how and why that information is used.

• Privacy contact: support@owo360.com
• General support: support@owo360.com

If you are dealing directly with a vendor through the Platform, that vendor may also act as a separate controller for the customer and booking information they use to fulfil, manage, or account for their services.

We collect different categories of personal information depending on how you use Owo360.

• Account and identity data: name, email address, phone number, hashed password, verification records, login history, and account role.
• Profile and business data: profile photos, service listings, availability, business descriptions, pricing, cover images, portfolio files, policy settings, and onboarding information supplied by vendors.
• Booking and appointment data: requests, approvals, declines, schedule details, customer notes, service selections, status history, and related support records.
• Subscription and billing metadata: subscription plan, invoice and payment status, Stripe customer and subscription identifiers, and limited payment method metadata such as card brand or last four digits where available.
• Location data: approximate or precise location if you allow it, so we can show nearby vendors and distance context.
• Support and communications data: messages sent to customer support, AI assistant conversations, tickets, and feedback submissions.
• Technical and security data: IP address, device identifiers, app/browser information, push token, diagnostic logs, and abuse-prevention telemetry.

We also generate internal records about bookings, subscriptions, entitlement changes, fraud checks, support escalations, and audit trails needed to run the Platform safely.

Under the UK GDPR, we need a lawful basis for each use of personal information. Depending on the context, we rely on contract, legitimate interests, consent, and legal obligation.

• To provide the Platform and perform our contract with you: create accounts, show vendor listings, process booking requests, display appointments, manage subscriptions, and send essential service communications.
• For our legitimate interests: improve product performance, maintain platform security, prevent fraud and abuse, investigate misuse, support users, audit entitlement changes, and keep records needed to defend legal claims.
• Where consent is required: send optional marketing emails, use optional cookies or analytics technologies, or use precise location features where your device permission settings require consent.
• To comply with legal obligations: maintain accounting records, respond to lawful requests, honour data rights requests, and meet legal or regulatory duties.

We do not rely on subscription creation alone as proof of payment. Paid Owo360 entitlements are activated only after payment has actually succeeded and our systems reconcile that result.

Owo360 is a marketplace platform. We use personal information to let customers discover vendors, request bookings, receive updates, and manage confirmed appointments.

• Customer-to-vendor sharing: when a customer creates a request or an appointment is confirmed, the relevant booking details are shared with the vendor so they can evaluate, fulfil, or manage the service.
• Vendor responsibilities: once a vendor receives customer information through the Platform, they may use it for their own service delivery, record-keeping, and legal compliance. Their handling of that information is governed by their own practices as well as our platform rules.
• Stripe billing: subscription payments are handled through Stripe. We generally receive limited billing metadata and status information rather than full card numbers. Stripe processes payment data under its own privacy terms.
• AI and support tools: if you use AI support features, we process your prompts, related account context, and support history to answer questions and escalate to human support where needed.

Please avoid sending unnecessary special category or highly sensitive personal data through free-text fields unless it is strictly necessary for the booking or support issue.

We share personal information only where there is a valid business, contractual, or legal reason.

• Vendors and customers: to facilitate requests, appointments, updates, and dispute handling.
• Service providers: hosting, infrastructure, communications, analytics, fraud prevention, customer support, and payment providers who help us operate the Platform.
• Professional advisers and authorities: where required for legal compliance, investigations, enforcement of our terms, safety, or defence of claims.

Some providers may process personal data outside the UK. Where that happens, we use appropriate safeguards required by UK data protection law, such as the UK International Data Transfer Agreement, the UK Addendum, or other approved transfer mechanisms.

We use cookies and similar technologies to operate the website and understand how it is used. Some technologies are strictly necessary for the site to function. Others, such as optional analytics or marketing tools, will only be used where the law requires consent and that consent has been collected.

• Service messages: account, booking, security, and subscription notices are necessary operational communications and are not treated as optional marketing.
• Marketing emails and messages: we only send optional marketing where permitted by law. You can unsubscribe at any time using the link in the message or by contacting us.
• Push notifications: you can manage push permissions in your device settings. Some push messages are used for essential booking and account events.

We keep personal information for only as long as we need it for the purposes described in this notice, including to provide the Platform, maintain audit trails, handle disputes, keep accounting records, and comply with legal obligations.

Retention periods differ depending on the data type. For example, active account and booking data may be kept while your account is in use, while support logs, audit trails, payment records, and legal compliance records may be retained for longer.

We use technical and organisational security measures appropriate to the risk, including access controls, environment separation, logging, entitlement checks, and monitoring. No internet-based service can be guaranteed to be completely secure.

You may have the following rights under UK data protection law, subject to legal limits and exceptions:

• to be informed about how your personal information is used;
• to access a copy of your personal information;
• to ask us to correct inaccurate or incomplete information;
• to ask us to erase information in some circumstances;
• to ask us to restrict certain processing;
• to object to certain processing, including some direct marketing;
• to receive certain data in a portable format where the law applies;
• to withdraw consent where we rely on consent.

To exercise a right, contact support@owo360.com. We may need to verify your identity before completing the request.

You also have the right to complain to the UK Information Commissioner’s Office if you are unhappy with how we handle personal information. Details are available at ico.org.uk.

We may update this Privacy Policy from time to time to reflect product changes, legal requirements, or how we process data. If we make material changes, we will take reasonable steps to bring them to your attention through the website, app, or direct contact where appropriate.