Home/Privacy Policy
● Legal

Privacy Policy.

How we collect, use and safeguard the personal data you trust us with — written plainly, structured for GDPR.

Last updated: 2 June 2026 · Effective for all Huup services at www.huup.com

1. Introduction

This Privacy Policy explains how Huup Ltd (“Huup”, “we”, “us”), a company registered in England and Wales (Companies House number 08708494) with its registered address at 22 Old Montague Street, London, United Kingdom, collects, uses and protects personal data when you use the Huup platform, our website at www.huup.com, and any related services (together, the “Services”).

Huup is the data controller for personal data we collect about our customers, prospects and website visitors. Where we process personal data on behalf of our business customers (for example, end-customer messages routed through Huup), we act as a data processor and our customer is the controller — separate Data Processing Terms apply in that case.

This policy applies to all users globally. If you are in the UK or EEA, you have specific rights under the UK GDPR and EU GDPR which are described in section 8.

2. Information we collect

We collect personal data in three ways: data you provide to us directly, data we collect automatically as you use the Services, and data we receive from third parties.

2.1 Account data

  • Identity data — name, job title, employer.
  • Contact data — email address, phone number, billing address.
  • Authentication data — hashed password, multi-factor authentication secrets, session tokens.
  • Billing data — VAT/tax IDs, billing email, payment method tokens (we do not store full card numbers; see Stripe below).

2.2 Usage data

  • Product telemetry — pages visited, features used, click events, error logs.
  • Device data — IP address, browser type, operating system, device identifiers, time zone.
  • Performance data — request latency, API usage volumes.

2.3 Cookies and similar technologies

We use cookies for authentication, security and (with your consent) analytics. See our Cookie Policy for the full list and how to manage preferences.

2.4 Third-party data

  • Marketplace integrations — when you connect eBay, Amazon, Shopify, Etsy or other channels, we receive listing data, order data, buyer messages and limited buyer contact data on your behalf.
  • Payments (Stripe) — we receive payment status and the last 4 digits of cards for receipts; full card details are held by Stripe.
  • Identity verification — where required for fraud prevention, we may receive verification results from KYC providers.

3. How we use your information

We use personal data for the following purposes:

  • Service operation — to provide, maintain and secure the Huup platform, including authentication, billing, customer support and ensuring the Services run reliably.
  • Improvement — to understand how customers use the Services so we can debug issues, prioritise improvements and develop new features. Where possible we use aggregated or pseudonymised data.
  • Legal compliance — to comply with our obligations under tax, accounting, anti-money-laundering and other applicable laws.
  • Communications — to send service notices, security alerts, invoices and operational updates you cannot opt out of while you have an active account.
  • Marketing — with your prior opt-in, to send newsletters, product updates and event invitations. You can withdraw consent at any time using the unsubscribe link in any email.

4. Lawful basis (GDPR)

Under the UK GDPR and EU GDPR we rely on one of the following lawful bases for each processing activity:

  • Performance of a contract — to deliver the Services you have signed up for and to handle billing.
  • Legitimate interest — to keep our Services secure, prevent abuse, improve our products and run our business (we balance these interests against your rights and document this in our internal records).
  • Consent — for marketing emails, non-essential cookies and any optional integrations you choose to enable. You can withdraw consent at any time.
  • Legal obligation — to retain financial records, respond to lawful requests and comply with regulatory requirements.

5. Sharing & third parties

We share personal data only with carefully selected sub-processors who help us run the Services. We never sell your data. Our key sub-processors include:

  • Amazon Web Services (AWS) — hosting, storage, managed databases. Data is stored in EU/UK regions.
  • Stripe — payment processing and subscription billing.
  • Cloudflare — DNS, CDN, edge security and DDoS protection.
  • Marketplace APIs — eBay, Amazon Selling Partner, Shopify, Etsy and other channels you connect, used to synchronise listings, orders and messages on your instructions.
  • Analytics & monitoring — privacy-respecting product analytics and error monitoring used to keep the Services reliable.
  • Email delivery — transactional email providers for receipts, security alerts and password resets.

We may also disclose personal data where required by law, in response to lawful requests by public authorities, or to protect the rights, property or safety of Huup, our customers or others.

The current list of sub-processors is available on request from privacy@huup.com.

6. International transfers

Huup operates primarily in the UK and EEA. Customer data is stored in AWS EU/UK regions by default. Where a sub-processor or marketplace integration necessarily processes data outside the UK/EEA (for example, Amazon or eBay endpoints), we rely on appropriate safeguards including the UK International Data Transfer Agreement, EU Standard Contractual Clauses, and supplementary technical measures such as encryption in transit.

7. Data retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting or reporting requirements. Typical retention periods:

  • Account data — for the lifetime of your account plus up to 90 days after closure (for recovery and dispute handling).
  • Billing & tax records — minimum 6 years to comply with HMRC requirements.
  • Product telemetry & logs — typically 30 to 90 days.
  • Security logs & access audits — up to 12 months.
  • Marketing contact lists — until you unsubscribe or 24 months of inactivity.

8. Your rights (GDPR)

If you are in the UK or EEA, you have the following rights in respect of your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure — ask us to delete your personal data where there is no compelling reason to keep it.
  • Portability — receive your data in a structured, machine-readable format.
  • Restriction — ask us to limit how we use your data while a query is resolved.
  • Objection — object to processing based on legitimate interest, including profiling.
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any right, email privacy@huup.com. We respond within one month. You also have the right to complain to the UK Information Commissioner’s Office at ico.org.uk/make-a-complaint.

9. Security

We protect your data with a layered set of technical and organisational measures including TLS 1.3 in transit, AES-256 encryption at rest, tenant-isolated databases (database-per-tenant architecture), enforced multi-factor authentication for staff, role-based access controls, audit logging and regular vulnerability scanning. See our Security & Compliance page for full details.

10. Children

The Huup Services are designed for businesses and are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, please contact privacy@huup.com and we will delete it.

11. Updates to this policy

We may update this Privacy Policy from time to time. We will post the new version at this URL and update the “Last updated” date. For material changes, we will notify you in-product or by email at least 30 days before they take effect.

12. Contact

Questions, requests or complaints about this policy or our handling of personal data should be sent to:

Huup Ltd — Data Protection Office

22 Old Montague Street, London, United Kingdom

Email (privacy & DPO): privacy@huup.com

Companies House: 08708494

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ico.org.uk) or your local EU supervisory authority.