← Back to sign in

Privacy notice

Effective date: 2026-04-05. This notice describes how Furryflitchers Limited("we", "us", "our") uses personal data when you use REEFX (the "Service"). Our Terms of Service apply to your use of the Service.

1. Who we are

For UK data protection law, we are the data controller for personal data processed through the Service.

  • Legal entity: Furryflitchers Limited
  • Registered office: 13 Bright Road, Dunmow, Essex, CM6 3GU
  • Company number (if applicable): 09963675
  • Contact (including privacy questions): privacy@reefx.net
  • Data Protection Officer: Ty Fairclough (contact us at the email above, marking your message for the DPO where helpful).

When and where this notice applies to your use of REEFX.

2. Scope

This notice covers personal data we process when you visit the Service, create or use an account, complete onboarding, join or take part in exchanges (events or groups), list corals, arrange trades, or contact us. It does not cover third-party websites or apps that we link to; those services have their own notices.

The types of personal information we may collect when you use the service.

3. Data we collect

Depending on how you use the Service, we may process:

  • Account and profile: email address, optional display name or alias, optional profile image or emoji, contact preferences, onboarding choices, and related account metadata.
  • Address and location context: postal address fields you provide (for example line, town, region, postcode, country). We may derive approximate town-centre coordinates from town and country to support coarse distance or discovery features; we do not use this as a precise map of your home.
  • Security and sign-in: session identifiers (stored in hashed form where applicable), magic-link request details, and limited technical data such as request timestamps or IP address associated with authentication events.
  • Your content: text, images, and descriptions you add to listings or profile inventory (for example coral names and notes).
  • Exchanges, invites, and trades: membership of exchanges, roles (such as member or event manager), invite records (including invitee email), and information needed to operate trades between members on an exchange.
  • Legal and compliance records: timestamps and version references when you accept our Terms or this notice.
  • Platform administration: where permitted by law, audit-style records of certain administrative actions taken by our team to operate or secure the platform.
  • Analytics and similar technologies: usage and diagnostic information collected through Google Analytics and similar tools, which may include device and browser data, approximate location, and on-site behaviour (subject to your cookie choices where applicable).

Why we use your data and the main things we do with it.

4. How we use your data

We use personal data to:

  • provide, operate, and improve the Service (accounts, discovery, listings, exchanges, trades);
  • authenticate you, protect accounts, detect abuse, and maintain security;
  • send service emails (for example sign-in links and operational messages) via our email provider;
  • validate or complete address information using our postcode lookup provider;
  • optionally assist with listing content using artificial intelligence features powered by our LLM provider (where enabled in the product);
  • measure use of the Service and improve performance and design (analytics);
  • comply with law, respond to lawful requests, and enforce our Terms;
  • keep records of consent and legal acceptance where required.

The legal grounds that let us process your data under UK privacy law.

5. Legal bases (UK GDPR)

Where UK GDPR applies, we rely on one or more of the following:

  • Contract — to provide the Service you asked for.
  • Legitimate interests — for example securing the Service, understanding aggregate usage, product improvement, and limited administrative access as described below, where not overridden by your rights.
  • Legal obligation — where we must process data to comply with law.
  • Consent — where we ask for it (for example non-essential cookies or specific optional features), you may withdraw consent at any time without affecting earlier processing that was lawful.

Who we share data with to run REEFX, and that we never sell it.

6. Sharing, subprocessors, and sales

We do not sell your personal data. We do not share your personal data with third parties for their own independent marketing in exchange for money.

We share data with service providers who process it on our instructions ("processors" / subprocessors) to run the Service. They must protect the data and use it only for the services they provide to us. Current categories include:

  • Hostinger — hosting and infrastructure.
  • Mailtrap — email delivery and related messaging infrastructure.
  • Ideal Postcodes — address lookup and validation.
  • OpenAI — large language model features used for optional product functionality (for example assisting with coral descriptions), where implemented.
  • Google — analytics and related measurement tools (for example Google Analytics).

We may also disclose data if required by law, to protect rights and safety, or as part of a business transfer (for example merger or asset sale) subject to appropriate safeguards.

What organisers and our staff may see compared with everyday members.

7. Exchange operators and platform administrators

Exchange operators. People who create or manage an exchange (for example event managers) may see limited information about members and activity needed to run that exchange — such as membership, roles, listings visible within the exchange, and trade-related information tied to that exchange. They should use that information only for legitimate exchange-related purposes.

Platform administrators. Our authorised staff may access personal data to operate, secure, and support the Service (for example troubleshooting, fraud prevention, and audit trails). Access is limited to what is reasonably needed for those purposes.

What happens if your data is stored or processed outside the United Kingdom.

8. International transfers

We are based in the United Kingdom. Some subprocessors may process data in other countries. Where personal data is transferred outside the UK or EEA, we use appropriate safeguards required by applicable law (for example adequacy regulations or standard contractual clauses), and we assess risks where required.

How long we keep your information and when we remove or anonymise it.

9. Retention

We keep personal data only as long as needed for the purposes in this notice, including providing the Service, meeting legal, tax, or accounting requirements, resolving disputes, and securing our systems. Retention periods vary by data type; for example account data is generally kept while your account exists, and some records may be kept longer where the law requires backups or audit trails. We delete or anonymise data when it is no longer needed, unless a longer period is justified.

How we protect your data and simple steps you can take to stay safer.

10. Security

We use appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, or alteration. No online service can guarantee perfect security; please use a strong password where applicable and protect access to your email account used for sign-in.

Your choices under UK law: access, fixes, deletion, and how to complain.

11. Your rights

Under UK data protection law you may have rights including to:

  • access a copy of your personal data;
  • ask us to correct inaccurate data;
  • ask us to erase data in certain circumstances;
  • restrict or object to certain processing;
  • data portability for information you provided, where applicable;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with the ICO (Information Commissioner's Office) in the UK.

To exercise your rights, contact us at privacy@reefx.net. We may need to verify your identity before responding.

REEFX is for adults aged 18 and over; we do not target children here.

12. Children

The Service is not intended for anyone under 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, contact us and we will take appropriate steps.

Cookies and similar tools for running the site and measuring usage overall.

13. Cookies and similar technologies

We use cookies and similar technologies that are necessary for the Service to function, and where applicable analytics tools (such as Google Analytics) that may use cookies or identifiers. Where required, we will ask for your consent before using non-essential cookies and provide a way to change your preferences.

How we will tell you if we update this notice or ask you to read it again.

14. Changes to this notice

We may update this notice from time to time. We will post the updated version on this page and change the effective date above. If changes are material, we will take additional steps where required (for example asking you to accept an updated notice during onboarding or in-product prompts).