Privacy Policy

Last updated: 2 May 2026

HonestyBox.uk is a project of Colletta & Co., a doing-business-as (DBA) name of One Eye Open LLC ("we", "us", "our"). All legal obligations, data processing responsibilities, and commercial activity related to this website flow through the parent entity, One Eye Open LLC. One Eye Open LLC maintains its own canonical privacy policy at oneeyeopen.com/privacy.html; this page adapts that policy to HonestyBox.uk. In the event of any conflict, the One Eye Open LLC policy at oneeyeopen.com governs.

Two front doors, one service. HonestyBox.scot and HonestyBox.uk are two domains for the same service operated by Colletta & Co. Listings, accounts, photos and data are shared across both — there is one user record and one data set regardless of which front door you came in through. Correspondence to either reaches the same team: [email protected] or [email protected].

Colletta & Co. (a DBA of One Eye Open LLC)

UK office: Third Floor, 3 Hill Street, New Town, Edinburgh EH2 3JP, United Kingdom

US office: 299 S Main St, Suite 1300, PMB 95750, Salt Lake City, UT 84111

Email: [email protected] · [email protected]

ICO Registration: ZC109950 (One Eye Open LLC)

This policy explains what personal data we process when you use honestybox.uk, why we process it, how long we keep it, and the rights you have under UK GDPR. For any data-related question or request, email [email protected] or [email protected] with the subject line Data request.

1. What data we collect

If you visit without an account

You can browse the map, view listings, and read comments without giving us anything. Your browser sends standard request metadata (IP address, user-agent, referrer) which our infrastructure providers process to deliver the page and protect the service from abuse.

If you create an account

We collect:

  • Email address - used to verify the account, send transactional emails (verify-email, password reset, welcome), and contact you about your account.
  • Password - stored as an Argon2id hash. We never see or store the plaintext.
  • Username and display name (optional) - shown publicly when you contribute. You choose these.
  • Avatar image (optional) - re-encoded server-side to strip EXIF metadata before storage.
  • Bio and social links (optional) - shown on your public profile if you set them.
  • IP address and user-agent at sign-in - used for security (rate-limiting, abuse detection); not retained beyond what's needed for that purpose.

If you contribute to the directory

Each of the following is associated with your account:

  • Listings you submit - title, description, location, photos, categories, payment methods, and similar content.
  • Photos you upload - re-encoded server-side to strip EXIF metadata (including any location tagged by your camera) before they are stored or shown to anyone else.
  • Comments and edits you post on listings.
  • Ownership claims you submit - including any proof text or contact phone number you provide.
  • Reports you file on listings or comments - including the reason and your reporter identity (visible only to admins).
  • Saved listings (stars) - visible only to you.
  • Map view confirmations ("I saw it today") - recorded against the listing for freshness.

Cookies we set

We set three first-party cookies, all strictly necessary or functional:

  • hb_access - short-lived JSON Web Token holding your signed-in session. Without it, you'd have to log in on every request.
  • hb_refresh - long-lived rotating refresh token, scoped to /api/v1/auth/refresh, used to re-issue hb_access when it expires.
  • hb_map_rail - remembers whether you collapsed or expanded the controls panel on the map. Pure UI preference.

None of these are used for cross-site tracking, advertising, or analytics. Under PECR they fall in the strictly-necessary or functional categories that are exempt from consent. We do not show a cookie banner.

2. Why we collect it and our lawful basis

For each category of processing we rely on the most appropriate UK GDPR Article 6 lawful basis:

  • Account creation, authentication, and transactional emails (verify, reset, welcome) - contract (Art. 6(1)(b)). We can't operate the account without these.
  • Public contributions (listings, photos, comments, edits, claims) - consent when you choose to publish, plus our legitimate interests in operating an accurate community directory.
  • Reports, anti-abuse blocks, rate-limiting - legitimate interests in keeping the directory accurate and the service available.
  • Server and access logs - legitimate interests in operating, debugging, and securing the service.
  • Error monitoring (Sentry) - legitimate interests in finding and fixing software faults. Passwords, tokens, and cookies are scrubbed before transmission.
  • Aggregate traffic analytics (Cloudflare Web Analytics, Umami) - legitimate interests. Both products are cookieless and fingerprinting-free, and do not identify individual users. Umami is self-hosted on infrastructure we operate.

3. How we use your data

Account data is used to authenticate you and contact you about your account. Public contributions are shown publicly on the directory and attributed to your username unless you make your profile private. Private signals - reports, claims, stars, your IP at sign-in - are visible only to you and to admins where moderation requires it. We do not sell your data, share it with advertisers, profile you, or use it to target ads.

4. Who we share your data with

We use the following processors. Each is bound by their own privacy policy and, where required, a Data Processing Agreement.

  • IONOS - hosts our virtual private server in Germany, where the application, database, Redis cache, and MinIO object store all run. IONOS privacy policy.
  • n8n (self-hosted) - workflow orchestrator we operate ourselves at api.oneeyeopen.com (run by One Eye Open LLC, the same legal entity that operates this site). Receives transactional-email payloads, contact-form submissions, and admin Telegram alerts from our API and forwards them to the downstream delivery processor.
  • Resend - SMTP egress for the transactional emails (verification, password-reset, owner-notification, edit-resolved). Your email address and the rendered email body are sent to Resend for delivery. Resend privacy policy.
  • Cloudflare - provides DNS, edge proxy, Turnstile bot protection (login, signup, password-reset, waitlist), and Cloudflare Web Analytics. Cloudflare privacy policy.
  • GitHub Container Registry (ghcr.io) - distributes our application container images. Does not receive personal data of visitors. GitHub privacy statement.
  • Umami (self-hosted) - privacy-focused analytics we operate ourselves at analytics.oneeyeopen.com (run by One Eye Open LLC, the same legal entity that operates this site). Cookieless and fingerprinting-free; collects pageviews, referrers, country-level geography, and device class. No personal data leaves infrastructure we control. Umami documentation.
  • OpenStreetMap Foundation - your browser loads map tiles directly from OSM tile servers when you view the map. Your IP address is sent to OSM. OSM privacy policy.
  • postcodes.io - when you search a postcode, town, or place name on the map, your query and IP address are sent to postcodes.io to look up coordinates. We do not store the search. postcodes.io about / privacy.
  • what3words - if you use a what3words address while adding or editing a listing, the three-word string is converted via the what3words API. what3words privacy policy.
  • Google Fonts - your browser loads the Material Symbols icon font from Google Fonts servers. Your IP address is sent to Google. Google privacy policy.
  • Sentry - application error monitoring. When something goes wrong, technical details (the error, the page, your browser type, an anonymised user identifier) are sent to Sentry. We strip passwords, tokens, and cookies before transmission. Sentry privacy policy.

We do not sell your data or share it with advertisers, data brokers, or analytics platforms.

5. How long we keep your data

  • Account data - until you delete your account or ask us to delete it. Deletion is immediate; we do not maintain a recovery window.
  • Public contributions after account deletion - listings, photos, comments, edits, and listing-revision history are retained but reattributed to "The HonestyBox Community" so the directory keeps the content while losing your personal identifier. Private signals (reports you filed, claims you made, stars) are deleted permanently. See "Account deletion" below for the full picture.
  • Server logs - application access logs are kept for 30 days for debugging and abuse investigation.
  • Sentry events - Sentry's default retention applies (90 days at time of writing).
  • Refresh tokens - revoked on logout, password change, or account deletion; otherwise rotated automatically.

6. Account deletion and the Community persona

When you delete your account on the /account page (or by emailing us), we hard-delete your user record, password hash, email address, and avatar. We then deal with your contributions in two distinct ways:

  • Public contributions - listings you submitted, photos you uploaded, comments you posted, edits you proposed, and listing-revision history you authored - are kept on the directory but reattributed to a singleton system account called The HonestyBox Community. The content stays useful to other visitors; your name and avatar come off it. Admins can prune individual entries from this account if they no longer reflect a real box.
  • Private signals - reports you filed, ownership claims you submitted, listings you saved (stars), authentication tokens - are permanently deleted. Where you owned a listing through an approved claim, the claim is deleted and the listing reverts to "unclaimed".

This split honours the Article 17 right to erasure (your personal data is gone) while preserving the public good the directory was built to provide. If you want everything you've ever contributed removed as well, email us at [email protected] with the subject Full erasure request and we will manually purge the public contributions in addition to the standard deletion.

7. Your rights under UK GDPR

You have the following rights over your personal data:

  • Access - request a copy of the data we hold about you. The /account page has a one-click "Download my data" button that returns a JSON export.
  • Erasure - ask us to delete your data. The /account page has a "Delete my account" button. Confirm with your password and the deletion is immediate.
  • Rectification - correct inaccurate data via the /account page or by editing the listings, comments, etc. you've created.
  • Portability - receive your data in a machine-readable format. The "Download my data" button returns JSON.
  • Restriction - ask us to pause processing your data in certain circumstances.
  • Object - object to processing based on legitimate interests.
  • Withdraw consent - at any time, without affecting the lawfulness of prior processing.

If you can't get what you need from the /account page, email [email protected] with the subject Data rights request. We will respond within one calendar month.

8. Complaints

If you are unhappy with how we handle your data, you have the right to complain to the UK Information Commissioner's Office (ICO):

We would prefer the chance to address your concern first - please contact us at [email protected] before raising a complaint with the ICO.

9. ICO registration and UK establishment

One Eye Open LLC has a UK establishment at the Edinburgh address above and processes personal data of UK residents. We are subject to the UK Data Protection Act 2018 and pay the annual ICO data protection fee. Our ICO registration reference is ZC109950; you can verify it at ico.org.uk. Because we have a UK establishment, an Article 27 representative is not required.

10. International transfers

Most of the personal data we process is stored on servers in the EU/EEA (IONOS, Germany). Some processors operate from the United States (Cloudflare, GitHub, Sentry, Google Fonts) under standard contractual clauses or the UK Extension to the EU-US Data Privacy Framework as appropriate.

11. Children

HonestyBox.uk is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has created an account, contact us and we will delete it.

12. Changes to this policy

If we make changes, we will update the "Last updated" date at the top of this page. For significant changes that materially affect how we use your data, we will email account holders to flag the change.