Legal

Privacy Policy

Last updated: April 2026

1. Introduction

Hawk Eye ("we", "us", "our") is an operations intelligence platform for retail and hospitality businesses. This privacy policy explains how we collect, use and protect personal information when you use the Hawk Eye service, website and related products.

This policy applies to all visitors, users, and customers of Hawk Eye. It is written in line with the UK Data Protection Act 2018 and the UK GDPR. By using Hawk Eye, you agree to the practices described here.

2. Information we collect

We collect information in three categories:

Account information. When you or your organisation create an account, we collect your name, work email, role, phone number (optional), and the organisation and country you belong to.

Usage data. We collect information about how you interact with Hawk Eye, including the reports you submit, the pages you visit, and the actions you take. This data is used to operate and improve the service.

Cookies and technical data. We use essential cookies to keep you signed in and to keep the service secure. We also collect technical information such as your browser type, device type, and IP address for security and diagnostics.

3. How we use your information

We use personal information for the following purposes:

  • To provide the Hawk Eye service to you and your organisation.
  • To authenticate and authorise users.
  • To send service-related communications, such as password resets, report reminders, and billing notices.
  • To respond to support requests and enquiries.
  • To improve the product, fix bugs, and develop new features.
  • To comply with our legal obligations.

4. How we share your information

We do not sell your personal data. We share data only with trusted third parties required to run the service:

  • Supabase — our database and authentication provider, for storing account and application data.
  • Vercel — our hosting and deployment provider, for serving the Hawk Eye application and website.
  • Resend — our transactional email provider, for sending notifications, reminders and account emails.

We may also disclose data if required by law, court order or other legal process, or to protect the rights, property or safety of Hawk Eye, our customers or others.

5. Data retention

For active accounts, we retain your data for as long as your organisation maintains a subscription to Hawk Eye.

After an account is cancelled, we retain your data for 90 days to allow for reactivation and final data export, after which it is permanently deleted from our production systems. Backups are rotated on a rolling basis and purged within a further 30 days.

6. Your rights

Under UK GDPR, you have the following rights:

  • Access — request a copy of the personal data we hold about you.
  • Correction — ask us to correct inaccurate or incomplete data.
  • Deletion — ask us to delete your personal data, subject to legal exceptions.
  • Portability — request your data in a structured, machine-readable format.
  • Objection and restriction — object to certain processing or ask us to restrict it.

To exercise any of these rights, email privacy@hawkeye.app. You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.

7. Security

We take data security seriously. All data is encrypted in transit using TLS, and encrypted at rest on our providers' infrastructure. Access to production systems is restricted to authorised personnel and protected by multi-factor authentication.

Role-based access control is enforced within Hawk Eye itself, so team members only see the data they are permitted to see. We regularly review our security practices and respond promptly to any incident.

8. Cookies

We use only essential cookies required for authentication and security. We do not use third-party advertising or tracking cookies, and we do not build advertising profiles. No consent banner is required because we do not set non-essential cookies.

9. Children's privacy

Hawk Eye is a business product and is not directed at or intended for children. We do not knowingly collect personal data from anyone under the age of 16. If we become aware that we have collected such data, we will delete it promptly.

10. Changes to this policy

We may update this privacy policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify customers by email. Continued use of Hawk Eye after a change constitutes acceptance of the updated policy.

11. Contact us

If you have any questions about this privacy policy or how we handle your personal data, please contact us at privacy@hawkeye.app.