Privacy Policy

1. Who we are

Herron ("we", "us", "our") is a UK-based software product operated at herron.app. Herron provides a browser-based tile and flooring layout planner that helps tradespeople and homeowners plan cuts, estimate materials, and export PDF cut sheets.

For questions about this policy or your data, email us at [email protected].

2. What data we collect

2.1 Project data (stored locally)

Your floor plans, tile dimensions, layout configurations, and cut lists are stored entirely in your browser's localStorage. This data never leaves your device unless you explicitly request a PDF export. We do not have access to your project data and cannot recover it if you clear your browser storage.

2.2 Analytics data

We use PostHog (hosted in the EU) to understand how people use Herron. By default, PostHog runs in memory-only mode — no cookies or persistent identifiers are set until you give consent. If you accept analytics cookies, PostHog upgrades to localStorage and cookie-based persistence, which allows us to recognise returning visits.

Anonymous usage analytics may include:

• Pages visited and features used
• Room dimensions and material choices (anonymised, not linked to you)
• Browser type, operating system, and screen size
• Referral source

We do not collect:

• Your name, email, or any personal identity information (unless you make a purchase)
• Precise location or IP-based geolocation
• Device identifiers or fingerprinting data

Lawful basis: Legitimate interest (memory mode) and consent (persistent mode).

2.3 Payment data

When you purchase a PDF export, payment is processed by Stripe. We receive your email address and a record of the transaction (amount, date, Stripe payment ID). We do not receive or store your card number, expiry date, or CVC — Stripe handles this as a PCI-DSS Level 1 certified processor.

Lawful basis: Contract performance (processing your purchase).

2.4 Email address

If you choose to receive your PDF cut sheet by email, we collect your email address solely to deliver that PDF. Emails are sent via Resend. We do not use your email for marketing unless you separately opt in.

Lawful basis: Contract performance (delivering the product you purchased).

2.5 Error and performance data

We use Sentry to capture JavaScript errors and performance metrics. Sentry does not collect personally identifiable information (PII) by default. Error reports may include the page URL, browser, OS, and a stack trace. This data is used exclusively to diagnose and fix bugs.

Lawful basis: Legitimate interest (maintaining service reliability).

2.6 Server and hosting data

Herron is hosted on Cloudflare. Cloudflare may process standard HTTP request metadata (IP address, user agent, timestamps) for security, caching, and performance purposes. See Cloudflare's privacy policy for details.

Lawful basis: Legitimate interest (security and infrastructure).

3. Third-party processors

We share data with the following processors, all of which are GDPR compliant:

4. Cookies and consent

On your first visit, Herron does not set any tracking cookies. We show a consent banner that lets you accept or decline analytics cookies.

• If you accept: PostHog sets a cookie and localStorage entry to recognise returning visits and improve the product.
• If you decline: PostHog runs in memory-only mode. No persistent analytics identifiers are stored. Your preference is saved in localStorage so we do not ask again.

Essential cookies (e.g. Cloudflare security tokens) may be set regardless of your choice, as they are strictly necessary for the service to function.

You can change your preference at any time by clearing your browser's localStorage for herron.app or by using the cookie settings control in the site footer.

5. Data retention

• Project data: Stored in your browser indefinitely until you delete it.
• Analytics data: Retained in PostHog for 12 months, then automatically deleted.
• Payment records: Retained for 7 years in accordance with UK tax and accounting obligations.
• Email addresses: Retained for 30 days after PDF delivery, then deleted, unless required for transaction records.
• Error logs: Retained in Sentry for 90 days.

6. Your rights

Under the UK GDPR, you have the right to:

• Access the personal data we hold about you
• Rectify inaccurate personal data
• Erase your personal data ("right to be forgotten")
• Restrict processing of your personal data
• Port your data to another service
• Object to processing based on legitimate interest
• Withdraw consent at any time (without affecting prior processing)

To exercise any of these rights, email [email protected]. We will respond within 30 days.

7. International transfers

Some of our processors (Stripe, Resend, Cloudflare) may process data outside the UK and EEA. Where this occurs, transfers are protected by appropriate safeguards including Standard Contractual Clauses (SCCs) and, where applicable, the UK International Data Transfer Agreement (IDTA).

8. Children

Herron is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

9. Changes to this policy

We may update this policy from time to time. Material changes will be highlighted on the site. The "Last updated" date at the top reflects the most recent revision.

10. Contact and complaints

If you have questions or concerns, email [email protected].

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).