Privacy Policy

Who's responsible

Velra (Edinburgh, UK), trading as Owed, is the data controller for govowed.uk. Contact: hello@govowed.uk.

What we collect, and why

• Company information — pulled from the public Companies House register when you scan, plus any business details you enter (sector, size, activities). Used to match you against funding schemes. Lawful basis: performing our contract with you.
• Account data — your email address, sign-in events, and (if you use Google or Microsoft sign-in) your name from that provider. Lawful basis: contract.
• Purchase records — what you bought and when, kept for 6 years as required for tax. Card details go to Stripe — we never see or store them. Lawful basis: contract + legal obligation.
• Usage analytics & error logs — privacy-respecting product analytics (PostHog) and error tracking (Sentry) so we can fix what breaks. Lawful basis: legitimate interests.

Who processes it for us

Supabase (database & authentication), Stripe (payments), Vercel (hosting), PostHog (analytics), Sentry (error tracking). Some processors run infrastructure outside the UK; transfers are covered by standard contractual clauses or UK adequacy.

Email

Emails tied to your purchase (receipts, sign-in links, report updates you've asked for) are service messages. We'll only send marketing where the law allows — with an unsubscribe link in every message, always.

How long we keep things

Account + report data: while your account is active, deleted on request. Purchase records: 6 years (tax law). Analytics: aggregated or expired within 12 months.

Your rights

Under UK GDPR you can ask for access, correction, deletion, restriction, portability, or object to processing. Email hello@govowed.uk and we'll respond within a month. Unhappy with how we handled it? You can complain to the ICO at ico.org.uk.

Cookies

Essential cookies keep you signed in. Analytics respects Do Not Track. No advertising cookies, no cross-site tracking.