Privacy Policy
Market Cross — operated by Brindleford Technologies Ltd
Last updated: February 2026
1. Who we are
Market Cross is a hyperlocal community forum platform operated by Brindleford Technologies Ltd, a company registered in England and Wales.
- Company number: 16871436
- Registered address: 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ
- Data protection contact: privacy@marketcross.online
For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Brindleford Technologies Ltd is the data controller.
2. What data we collect
2.1 Account information
When you register for an account, we collect:
- Username (chosen by you)
- Email address
- Password (stored securely using bcrypt hashing — we cannot see your password)
- IP address at registration
2.2 Profile information (optional)
You may choose to provide:
- Display name
- Profile picture/avatar
- Biography/about text
- Location
- Website URL
- Date of birth
2.3 Content you create
- Forum posts, topics, and replies
- Private messages sent to other users
- Uploaded images and attachments
- Tags applied to topics
2.4 Technical data collected automatically
When you use Market Cross, we automatically collect:
- IP address
- Browser type and version
- Operating system
- Pages visited and time spent
- Referring website
- Device type (desktop, mobile, tablet)
2.5 Cookies
We use essential cookies to keep you logged in and maintain your session. See our Cookie Policy for full details.
3. How we use your data
We process your personal data on the following legal bases:
| Purpose | Legal basis |
|---|---|
| Providing your account and the forum service | Contract (Article 6(1)(b)) |
| Sending service emails (password resets, account notifications) | Contract (Article 6(1)(b)) |
| Moderation and enforcing community rules | Legitimate interest (Article 6(1)(f)) |
| Preventing spam, fraud, and abuse | Legitimate interest (Article 6(1)(f)) |
| Improving the platform and fixing bugs | Legitimate interest (Article 6(1)(f)) |
| Sending optional community newsletters | Consent (Article 6(1)(a)) |
| Complying with legal obligations | Legal obligation (Article 6(1)(c)) |
We never use your data for:
- Targeted advertising
- Selling to third parties
- Profiling or automated decision-making
- Training AI models
4. Who we share your data with
4.1 Public content
Posts, topics, and profile information you make public are visible to all visitors, including search engines. If ActivityPub federation is enabled, your public posts may be shared with other platforms in the Fediverse.
4.2 Service providers
We use the following third-party services to operate Market Cross:
| Provider | Purpose | Data shared | Location |
|---|---|---|---|
| OVH / Contabo | Server hosting | All data (stored on servers) | EU/EEA |
| Brevo (Sendinblue) | Transactional emails | Email address | EU (France) |
We do not use any analytics services, advertising networks, or social media tracking pixels.
4.3 Legal requirements
We may disclose your data if required by law, court order, or to protect the safety of our users.
4.4 Moderators
Volunteer moderators can see your public posts and, where necessary for moderation, your registration IP address and email address. Moderators are bound by our moderator agreement and must not disclose this information.
5. How long we keep your data
| Data type | Retention period |
|---|---|
| Account information | Until you delete your account |
| Forum posts and topics | Until you or a moderator deletes them, or indefinitely as part of the community record |
| Private messages | Until you delete them |
| IP address logs | 90 days |
| Server access logs | 30 days |
| Deleted account data | Purged within 30 days of account deletion |
When you delete your account, your personal data is removed. Your public posts may be retained in anonymised form (attributed to "Deleted User") to preserve the integrity of community discussions, unless you specifically request full deletion.
6. Your rights
Under UK GDPR, you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — ask us to correct inaccurate data
- Erasure — ask us to delete your data ("right to be forgotten")
- Restriction — ask us to limit how we process your data
- Portability — receive your data in a machine-readable format
- Object — object to processing based on legitimate interest
- Withdraw consent — where processing is based on consent, withdraw it at any time
To exercise any of these rights, email privacy@marketcross.online. We will respond within one month.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Telephone: 0303 123 1113
7. Data security
We take appropriate technical and organisational measures to protect your data, including:
- Encrypted connections (HTTPS/TLS) for all data in transit
- Passwords hashed using bcrypt
- Regular software updates and security patches
- Access to servers restricted to authorised personnel
- Regular backups stored securely
8. International transfers
Your data is stored on servers located within the European Economic Area (EEA). We do not routinely transfer data outside the UK or EEA. If this changes, we will update this policy and ensure appropriate safeguards are in place.
9. Children
Market Cross is not intended for children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has registered an account, please contact us at privacy@marketcross.online and we will delete the account promptly.
10. Changes to this policy
We may update this Privacy Policy from time to time. We will notify registered users of significant changes by email or by a notice on the site. The "Last updated" date at the top of this page indicates when it was last revised.
11. Contact us
If you have any questions about this Privacy Policy or how we handle your data:
- Email: privacy@marketcross.online
- Post: Brindleford Technologies Ltd, 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ