Privacy Policy
Last updated: 5 March 2026
1. Who We Are
Aehalo (“we”, “us”, “our”) operates aehalo.com, a Gujarati business directory. We are the data controller for the personal data we collect through this website.
2. What Data We Collect
We collect the following types of personal data:
a) Business Account Holders
- Email address and password (for account authentication)
- Business name, address, postcode, city, phone number
- Business email and website (optional)
- Business photos you upload
- Social media links (optional)
- Payment information (processed by Stripe — we do not store card details)
b) Customers Browsing the Directory
- No account or personal data is required to browse
- Anonymous page view data (listing views, referrer URL, browser user agent)
- Cookie consent preference
- Country/region selection (stored in a cookie and localStorage to personalise your experience)
c) Review & Enquiry Submissions
- Name and email address (for reviews)
- Name, email, phone (optional), and message (for enquiries)
3. How We Use Your Data
- To display your business listing in our public directory
- To manage your account and subscription
- To process payments via Stripe
- To send transactional emails (enquiry notifications, review alerts, welcome emails)
- To moderate reviews and maintain listing quality
- To provide anonymous analytics to business owners (view counts)
- To improve our service and fix issues
4. Legal Basis for Processing (GDPR)
We process personal data under the following lawful bases:
- Contract: Processing necessary to provide the directory service and manage subscriptions (Article 6(1)(b))
- Legitimate interest: Anonymous analytics, service improvement, fraud prevention (Article 6(1)(f))
- Consent: Non-essential cookies, marketing communications if applicable (Article 6(1)(a))
5. Third-Party Services
We use the following third-party services that may process your data:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Database, authentication, file storage | Account data, listing data, uploaded photos |
| Stripe | Payment processing | Email, payment details (card data handled by Stripe directly) |
| Resend | Transactional emails | Email address, email content |
| Vercel | Website hosting | IP addresses, page requests (server logs) |
| Google Analytics | Anonymous website usage analytics (only with consent) | Anonymous page views, session data, device/browser type |
All third-party providers are selected for their compliance with data protection regulations. Supabase and Vercel may process data outside the UK/EEA under appropriate safeguards (Standard Contractual Clauses).
6. Cookies
We use essential cookies to maintain your authentication session and store your cookie consent preference. We also use a country selection cookie (aehalo_country) to remember which region you are browsing from.
If you accept all cookies, we use Google Analytics to collect anonymous usage data (page views, session duration, device type) to help us improve the site. Google Analytics cookies are only loaded after you provide consent. You can change your cookie preferences at any time via the “Cookie Settings” link in the footer.
When you view a business listing, we record anonymous view data including the page referrer URL and your browser's user agent string. This data is used solely to provide view statistics to business owners and is not linked to any personal identity.
For full details, see our Cookie Policy.
7. Data Retention
- Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
- Listing data: Retained while subscription is active. Suspended listings retained for 90 days after cancellation before deletion.
- Reviews & enquiries: Retained while the associated listing exists.
- View analytics: Anonymous view data retained for 12 months.
- Payment records: Retained as required by UK tax law (6 years).
8. Your Rights Under UK GDPR
You have the right to:
- Access — Request a copy of the personal data we hold about you
- Rectification — Ask us to correct inaccurate data
- Erasure — Ask us to delete your data (“right to be forgotten”)
- Restriction — Ask us to limit how we use your data
- Portability — Request your data in a machine-readable format
- Object — Object to processing based on legitimate interest
- Withdraw consent — Where processing is based on consent, you can withdraw at any time
To exercise any of these rights, contact us at privacy@aehalo.com. We will respond within 30 days.
9. Data Security
We implement appropriate technical and organisational measures to protect your data, including encrypted connections (HTTPS/TLS), secure authentication, row-level database security policies, and restricted access to administrative systems.
10. Children's Privacy
Our service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email. The “Last updated” date at the top of this page indicates when the policy was last revised.
12. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data protection rights, contact us at:
- Email: privacy@aehalo.com
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.