Back to Home

Privacy Policy

Your privacy matters to us. This policy explains how Uflorecer, operated by Merchants Hoard Limited, collects, uses, and protects your personal data.

Last updated: February 2026

Contents

1. Information We Collect

Information you provide directly

When you create an account, subscribe to our services, or contact us, we collect information such as your name, email address, business name, phone number, billing address, and payment details. If you apply as a specialist or service provider, we may also collect professional qualifications, portfolio information, and references.

Information collected automatically

When you use our platform, we automatically collect technical data including your IP address, browser type and version, operating system, device identifiers, pages visited, time spent on pages, referring URLs, and interaction data (clicks, scrolls, feature usage). We also collect performance data to improve our AI services, including anonymised usage patterns of the Lotus AI engine and Petal copilot.

Information from third parties

We may receive information from integrated third-party services you connect to your Uflorecer account (such as Google Workspace, social media platforms, or payment processors), as well as from business data providers to enhance lead and marketplace services.

2. How We Use Your Information

Service delivery

We use your information to provide, maintain, and improve the Uflorecer platform, including AI-powered automations, content creation tools, lead marketplace features, scheduling, analytics, and customer management. Your data powers personalised recommendations and the Petal AI copilot experience.

Communication

We use your contact details to send transactional emails (account confirmations, billing receipts, security alerts), service updates, and, with your consent, marketing communications about new features, educational content, and promotional offers. You may opt out of marketing emails at any time.

Analytics and improvement

We analyse anonymised and aggregated usage data to understand how our platform is used, identify areas for improvement, develop new features, and train our AI models. Individual user data is never used to train AI models without explicit consent.

Legal and security

We process data as necessary to comply with legal obligations, enforce our Terms of Service, prevent fraud, and protect the security and integrity of our platform and users.

3. Data Storage and Security

Storage location

Your data is primarily stored on secure servers within the United Kingdom and European Economic Area (EEA). We use industry-leading cloud infrastructure providers who maintain ISO 27001 and SOC 2 Type II certifications.

Security measures

We employ AES-256 encryption for data at rest, TLS 1.3 for data in transit, and implement role-based access controls, multi-factor authentication, regular security audits, automated vulnerability scanning, and comprehensive logging. Our security practices are aligned with SOC 2 frameworks.

Retention periods

We retain your personal data for as long as your account is active or as needed to provide services. After account deletion, we retain anonymised data for analytics purposes and retain specific records as required by law (e.g., financial records for 7 years under UK tax legislation). You may request deletion of your data at any time, subject to legal retention requirements.

4. Third-Party Data Sharing

Service providers

We share data with carefully vetted third-party processors who assist in operating our platform, including cloud hosting providers, payment processors (Stripe), email delivery services, analytics providers, and customer support tools. All processors are bound by data processing agreements compliant with UK GDPR.

Lead Marketplace

If you use our Lead Marketplace, certain business information (not personal data) may be shared with other marketplace participants as part of the matching and bidding process. You control what information is visible through your marketplace privacy settings.

Legal requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you of any such change and any choices you may have regarding your data.

5. Cookies and Tracking

Our cookie usage

We use cookies and similar technologies to authenticate users, remember preferences, analyse platform usage, and deliver relevant content. Essential cookies are required for the platform to function. Analytics and marketing cookies are only set with your consent.

Managing cookies

You can manage your cookie preferences through our cookie consent banner or your browser settings. Please note that disabling essential cookies may affect platform functionality. For full details, please see our Cookie Policy.

6. Your Rights

Under UK GDPR and Data Protection Act 2018

You have the right to: access your personal data and obtain a copy; rectify inaccurate or incomplete data; erase your data ('right to be forgotten'); restrict processing in certain circumstances; data portability (receive your data in a structured, machine-readable format); object to processing based on legitimate interests or for direct marketing; withdraw consent at any time where processing is based on consent; and lodge a complaint with the Information Commissioner's Office (ICO).

Exercising your rights

To exercise any of these rights, please contact our Data Protection Officer at dpo@uflorecer.com or use the data management tools available in your account settings under Privacy & Data. We will respond to your request within 30 days, as required by law.

7. International Data Transfers

Transfer mechanisms

Where we transfer personal data outside the UK or EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner, adequacy decisions, or binding corporate rules. We conduct transfer impact assessments for all international data flows.

8. Contact Us

Data Controller

Merchants Hoard Limited, a company registered in England and Wales. For all privacy-related enquiries, please contact our Data Protection Officer at dpo@uflorecer.com or write to: Data Protection Officer, Merchants Hoard Limited, London, United Kingdom.

Supervisory authority

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been violated.

Related Policies

Terms of ServiceCookie PolicyGDPR ComplianceContact Us