Draft — not yet reviewed by a solicitor. Do not rely on this language for any legal decision.

Privacy

Privacy policy

Last updated 10 June 2026

Blue Lemons (“we”, “us”) operates the Blue Lemons marketplace at bluelemons.co.uk. This policy explains what personal data we collect, why, who we share it with, and the rights you have over it under the UK GDPR and the Data Protection Act 2018.

Who’s the controller?

Blue Lemons is the data controller for personal data collected through the platform. We are completing our company incorporation and our registration with the Information Commissioner’s Office (ICO); we’ll add the registration numbers here as soon as they’re issued. In the meantime, contact us about anything in this policy at hello@bluelemons.co.uk.

What we collect

  • Account data — name, email, and password hash when you create an account.
  • Expert application data— if you apply to join as an expert: your role, years of experience, location, LinkedIn URL, profile photo, bio, expertise tags, rate, and how you’d like to work (advisory calls, consulting, fractional). We may also contact the referees you give us as part of reference checks.
  • Booking request data — the conversations you request, the time you pick, and the short brief you write before each call.
  • Enquiry data — if you send us a consulting or fractional brief: your name, email, company, what you need, timeline, and budget band.
  • Payment data— we don’t take card payments on the site today. When a call is confirmed we send a secure payment link or invoice; card details are handled by the payment provider, never by us. We keep a record of what was paid so we can show your history.
  • Technical data — IP address, browser type, and basic request logs, kept for 30 days for security and abuse prevention.

Why we collect it

To run the platform: match clients to experts, arrange and confirm bookings and engagements, take payments, send the emails that make all of that work, prevent fraud, and comply with our legal obligations (tax, accounting, court orders). We do not sell your data, ever, and we don’t use it for advertising.

Who we share it with

  • Supabase (EU region) — stores the database, accounts, and profile photos.
  • Netlify — hosts the website and processes request logs.
  • Resend — sends transactional email (booking requests, confirmations, enquiry receipts).
  • Payment providers (such as Stripe) — process payments when you pay by secure link. We never see your card number.
  • Google Meet — hosts the video call itself. We never see the recording or transcript.
  • Sentry — receives error reports if something breaks, so we can fix it.

Each of these companies acts as our processor. We have no other partners. The expert you book sees your name and your brief — that’s the point of the brief — but never your payment details.

How long we keep it

Account data while your account is open, then 12 months after closure. Booking and payment records for 7 years to satisfy HMRC. Enquiries that don’t lead to an engagement are deleted after 12 months. Technical logs for 30 days.

Your rights

Under UK GDPR you have the right to access, correct, delete, port, and restrict our use of your data, and to object to processing. Email hello@bluelemons.co.uk and we’ll respond within 30 days. If you’re unhappy with our response you can complain to the ICO at ico.org.uk.

Changes to this policy

We’ll update this page if anything material changes and email everyone with an account when we do.