Privacy Policy

Wogglebox is a kit and equipment management platform designed for Scout groups and volunteer organisations. The platform is operated by Joss Gamble ("we", "us", "our").

We are committed to protecting your privacy and handling your data responsibly. This policy explains what information we collect, how we use it, and your rights regarding your data.

We collect the following types of information:

Account information: Your name and email address, provided when you create an account or sign in via Google or Microsoft. We do not collect passwords for users who sign in via OAuth providers.

Group and inventory data: Information you enter about your group, including group name, meeting location, equipment inventory, bookings, uniform allocations, and repair records.

Usage data: Basic information about how you interact with the platform, including which pages you visit and features you use. This is collected through standard server logs and hosting provider analytics.

Contact form submissions: If you contact us through the platform, we store your name, email, and message.

We do not collect sensitive personal data such as financial information, health data, or data about children. Wogglebox manages equipment — not personal records about group members or young people.

We use your data to:

Provide the service: Manage your account, display your group's inventory, process bookings, and deliver the core platform features.

Send transactional emails: Deliver invite links and group approval notifications. We do not send marketing emails.

Improve the platform: Understand how features are used so we can make the platform better. We do not sell or share your data with advertisers.

Respond to enquiries: Reply to messages submitted through the contact form.

We use the following third-party services to operate the platform. Each processes data on our behalf and under their own privacy policies:

Supabase — database hosting and authentication. Your account data and group data are stored in a Supabase-hosted PostgreSQL database. Supabase Privacy Policy

Vercel — application hosting. Our platform runs on Vercel's infrastructure in the EU (Dublin). Vercel Privacy Policy

Google OAuth — if you choose to sign in with Google, Google shares your name and email address with us. We do not receive your Google password. Google Privacy Policy

Microsoft OAuth — if you choose to sign in with Microsoft, Microsoft shares your name and email address with us. We do not receive your Microsoft password. Microsoft Privacy Statement

Resend — transactional email delivery. Your email address is shared with Resend solely to deliver invite and approval emails. Resend Privacy Policy

Wogglebox uses a minimal set of cookies and browser storage, strictly for platform functionality:

Authentication cookies: Set by Supabase to keep you signed in. These are essential for the platform to work and cannot be disabled.

Local storage: We store your sidebar theme preference (dark or light) in your browser's local storage. This data never leaves your device.

We do not use advertising cookies, tracking cookies, or third-party analytics cookies.

We retain your account data and group data for as long as your account is active. If you or your group admin requests account deletion, we will remove your personal data within 30 days.

Contact form submissions are retained for up to 12 months after the enquiry has been resolved.

Server logs containing basic usage data are automatically deleted by our hosting provider after their standard retention period.

We take reasonable measures to protect your data, including:

All data is transmitted over HTTPS (encrypted in transit). Database access is controlled through Row Level Security policies, ensuring users can only access data belonging to their own group. Authentication tokens are handled by Supabase using industry standard practices. Invite tokens are cryptographically hashed — raw tokens are never stored.

No system is perfectly secure, but we are committed to following best practices appropriate to the nature and scale of the data we handle.

Under UK GDPR and the Data Protection Act 2018, you have the right to:

Access the personal data we hold about you. Correct any inaccurate data (you can update your display name in Settings). Delete your account and personal data. Export your data in a portable format. Object to processing of your data in certain circumstances.

To exercise any of these rights, please contact us through the contact form or email us directly.

Wogglebox is designed for use by adult volunteers who manage equipment for their organisations. The platform does not knowingly collect personal data from children under 18. Account holders must be adults.

The inventory and booking data managed through the platform relates to equipment — not to personal records about young people in Scout groups or other organisations.

We may update this privacy policy from time to time. If we make significant changes, we will notify active users through the platform. The "last updated" date at the top of this page indicates when the policy was most recently revised.

If you have any questions about this privacy policy or how we handle your data, please get in touch through our contact form.