HoursNestHoursNest

Privacy Notice

Last updated: May 24, 2026

This Privacy Notice explains how Byway Souvenirs ("we", "us") collects, uses, and shares personal data when you use HoursNest (the "Service"). We act as the data controller for the personal data described below.

1. Data we collect

  • Account data: name, email address, password (hashed), and authentication identifiers (e.g. Google sign-in).
  • Profile data: display name, program, discipline, and other details you choose to provide.
  • Service data: supervised practice hour entries, supervisors, settings, and reports you create.
  • Support data: messages you send us and related metadata.
  • Technical data: IP address, device identifiers, browser and OS information, and usage telemetry.

2. Why we use it (purposes and legal bases)

  • To provide the Service (account creation, hour tracking, reports) — performance of a contract.
  • To secure the Service and prevent fraud or abuse — legitimate interests.
  • To support you — performance of a contract / legitimate interests.
  • To improve the Service through aggregated analytics — legitimate interests.
  • To send service-related emails — performance of a contract.
  • To send marketing emails, where applicable — consent (you can withdraw at any time).
  • To comply with legal obligations — legal obligation.

3. Sharing

We share personal data only with:

  • Service providers / subprocessors (hosting, database, email delivery, analytics, error reporting) acting on our instructions.
  • Paddle.com Market Ltd. ("Paddle"), our Merchant of Record, for the sale of subscriptions, payment processing, tax compliance, invoicing, and subscription management. Paddle processes payment data as an independent controller under its own privacy notice.
  • Professional advisers (legal, accounting) where reasonably necessary.
  • Authorities where required by law.

We do not sell your personal data.

4. International transfers

Some recipients may be located outside your country. Where we transfer personal data from the UK/EEA, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or an adequacy decision.

5. Retention

We keep personal data only as long as needed for the purposes above, to provide the Service to you, and to meet legal and accounting obligations. When data is no longer needed, we delete or anonymize it. You can request deletion of your account at any time.

6. Your rights

Depending on your jurisdiction, you may have the right to access, rectify, erase, restrict, port, or object to the processing of your personal data, and to withdraw consent. UK/EEA users additionally have the right to lodge a complaint with their local supervisory authority. We will respond to verified requests within one month.

7. Security

We use appropriate technical and organizational measures to protect personal data, including encryption in transit, access controls, and regular reviews. No system is completely secure; please use a strong, unique password.

8. Cookies

We use essential cookies needed to run the Service (authentication, session, security). Where we use analytics cookies, you can manage your preferences from your browser settings.

9. Changes

We may update this Notice from time to time. Material changes will be communicated by email or in-app notice.

10. Contact

For privacy questions or to exercise your rights, contact us through the support channel available in-app.