Last updated: 4th February 2026
1. Introduction
This privacy policy explains how Oarsman Software Ltd ("we", "us", "our") collects, uses, and protects your personal data when you use our High Pathogenicity Avian Influenza (HPAI) notification service.
Oarsman Software Ltd is registered in England and Wales (Company Number: 16652196) with registered office at Unit 82a James Carter Road, Mildenhall, Bury St. Edmunds, England, IP28 7DE.
We are seriously committed to protecting your privacy and handling your data in an open and transparent manner. We are registered with the Information Commissioner's Office (ICO) as a data controller (Registration Reference: ZC089111).
2. Contact Information
If you have any questions about this privacy policy or how we handle your data, please contact us:
Data Protection Contact:
- Email: simonhazzard@oarsmansoftware.co.uk
- Telephone: 07486 385244
- Address: 64 Watton Road, Swaffham, Norfolk, PE37 8HF
3. What Data We Collect
We collect and process the following personal data:
- Email address - to send you HPAI outbreak notifications and essential service updates
- Phone number - to send you SMS notifications about HPAI outbreaks
- Flock location(s) - the geographic coordinates of your bird flock(s) to determine which outbreak notifications are relevant to you
We also collect:
- Flock size per location - to send you correct guidance we ask if you have 50 or more birds (the rules change if you have)
We are not interested in and do not collect: your name, home address, date of birth, or any other personal identification information beyond what is necessary to operate the notification service.
4. How We Use Your Data
We use your personal data for the following purposes:
- To send you notifications when HPAI cases are detected near your registered flock location(s)
- To send essential service updates via email (such as changes to the service, maintenance notices, or changes to these terms)
- To process your subscription payments
- To maintain and improve the notification service
5. Lawful Basis for Processing
We process your personal data on the basis of consent. By subscribing to our service, you consent to us processing your email address, phone number, and flock location(s) for the purposes described above.
You have the right to withdraw your consent at any time by unsubscribing from the service.
6. Where We Get HPAI Data From
The HPAI outbreak data we use to send you notifications is publicly available information. We collect this data by monitoring and processing information published on UK government websites every 15 minutes, including outbreak notifications and related documents published by the Animal and Plant Health Agency (APHA) and similar authorities.
You provide us with your contact and flock details directly when you register for the service.
7. Who We Share Your Data With
We share your data with the following third-party service providers who act as data processors on our behalf:
- Twilio - provides SMS message delivery services. They process your phone number to send SMS notifications. Twilio may process data outside the UK with appropriate safeguards in place.
- Resend - provides email delivery services. They process your email address to send email notifications. Resend may process data outside the UK with appropriate safeguards in place.
- Stripe - processes your subscription payments. They process your payment card details and email address. Stripe may process data outside the UK with appropriate safeguards in place.
We have Data Processing Agreements in place with all third-party processors to ensure they handle your data securely and in compliance with UK data protection law.
These service providers retain minimal data for their own legitimate business purposes (such as billing records and fraud prevention), which is necessary for them to provide their services. We do not control their retention periods.
We do not sell, rent, or share your personal data with ANY other third parties for ANY other reason.
This includes, email, telephone numbers, personal and flock locations, and flock sizes.
We take data privacy very seriously.
8. International Data Transfers
Some of our service providers (Twilio, Resend, and Stripe) may process your data outside the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses approved by the UK authorities
- The service provider's participation in recognized data protection frameworks
- Other lawful transfer mechanisms under UK GDPR
9. How Long We Keep Your Data
We retain your personal data only for as long as you maintain an active subscription to our service.
Immediate deletion: When you unsubscribe from the service, your email address, phone number, and flock location data are immediately and permanently deleted from our systems.
Third-party retention: Our service providers (Twilio, Resend, and Stripe) may retain minimal data (such as billing records) for their own legitimate business purposes, typically for accounting, legal compliance, and fraud prevention. We do not control their retention periods.
10. Your Rights
Under UK data protection law, you have the following rights:
- Right of access - You can request a copy of the personal data we hold about you.
- Right to rectification - You can update your details at any time through your account settings.
- Right to erasure - You can request deletion of your data by unsubscribing from the service, which immediately and permanently deletes your information from our systems.
- Right to withdraw consent - You can withdraw your consent and stop receiving notifications at any time by unsubscribing.
- Right to data portability - You can request your data in a machine-readable format.
- Right to object - You can object to processing of your data, though this would effectively require us to terminate your subscription as we cannot provide the service without processing your contact details and flock locations.
- Right to lodge a complaint - If you believe we have not handled your data properly, you can lodge a complaint with the Information Commissioner's Office (ICO):
- Website: https://ico.org.uk/make-a-complaint/
- Telephone: 0303 123 1113
To exercise any of these rights, please contact us using the details in Section 2.
11. Data Security
We take the security of your data seriously and implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.
These measures include:
- Encrypted data transmission (HTTPS/TLS)
- Secure data storage with access controls
- Regular security assessments
- Limiting access to personal data to authorized personnel only
- CSRF (Cross-Site Request Forgery) protection to prevent unauthorized actions on your account
12. Cookies and Tracking
Our website uses only essential cookies that are strictly necessary for the operation and security of the service:
- Session cookies - We use session cookies to keep you logged in to your account. These cookies are deleted when you close your browser or log out.
- CSRF tokens - We use CSRF (Cross-Site Request Forgery) cookies to protect your account from unauthorized actions. These security cookies contain random tokens that verify legitimate requests come from you and not from malicious third parties.
We do not use:
- Analytics cookies or tracking technologies
- Advertising cookies
- Social media cookies
- Any cookies that track your behavior or preferences
By using our service, you consent to the use of these essential cookies. These cookies are necessary for the functionality and security of the service and cannot be disabled while using the site.
13. Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. When we make changes, we will update the "Last updated" date at the top of this policy and notify you via email.
Your continued use of the service after changes to this policy constitutes acceptance of the updated policy.
14. Geographic Scope
This service currently covers HPAI outbreaks in England. We may expand coverage to Scotland, Wales, and Northern Ireland in the future. You will be notified if coverage expands to additional regions.
15. Children's Privacy
Our service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately so we can delete it.