The short version: we store what you give us to run the community, nothing is sold, nothing leaves the room, and one email gets any of it corrected or deleted. The long version is below — written to be read, not skimmed past.
Bristol Spring is a community project of Spring Incubator Limited, a company registered in England & Wales (company no. 08582887, registered office: 44 West Broadway, Bristol BS9 4TB). Spring Incubator Limited is the data controller — the person to talk to is Brad Askew, its director.
Anything in this notice, any question, any request: email brad@bristolspring.co.uk and a human (Brad) answers.
If you're a member, we hold what's on your member page: your name and email, what you write about yourself, your business(es), the church you tell us you're part of (optional), your photo if you add one, links you choose to share, and — if you opt in to the member map — your postcode. We also hold things you post inside the member area: asks and offers, notes at tables, RSVPs, and prayer requests if you ever post any.
If you subscribe to the Bristol Pulse, we hold your email address, your name if you gave one, and your topic choices.
If you say hello through the contact form, we hold your message and how to reach you back.
Most members' basic details (name, business, church connection) were first gathered by Brad personally, with people he knows, as the community grew — before the member area existed. If that's you, your page is yours to claim, edit, or have deleted.
One purpose, honestly stated: to run Bristol Spring — the member directory, the events, the emails, the tools. Our lawful basis for the membership basics is legitimate interest in administering a members' community; for emails you've asked for, it's your consent, which you can withdraw any time with one click.
Church affiliation and prayer requests are special. The law (UK GDPR Article 9) treats anything revealing religious belief with extra care, and so do we. We rely on the provision for not-for-profit bodies with a religious aim: this information is only ever about members and regular contacts of the community, it's only visible inside the membership, and it is never disclosed outside Bristol Spring without your consent. Prayer requests can always be posted anonymously.
Nothing is sold. Nothing is shared for marketing. There are no advertising trackers or analytics scripts on this site — none.
The member map is opt-in and shows a soft dot at your postcode's centre point — never your address. One honest caveat while we finish the engineering: the postcode you type is stored on your member row, and like the rest of your member page it is readable by signed-in members. So add it only if you're comfortable with members knowing your postcode — or leave it blank, and nothing shows.
A small set of service providers process data on our behalf, under contract, only to run the site: Supabase (the database, sign-in, and file storage), Resend (sends our email), Netlify (hosts the website), and postcodes.io (turns a postcode into a map point — it receives the bare postcode only, never your name). We also keep periodic backups so a mistake can't wipe the community's data; backups are held securely and pruned on a rolling basis.
Some providers process data outside the UK (Resend is US-based). Where that happens we rely on UK-approved safeguards such as the UK extension to the EU–US Data Privacy Framework or the International Data Transfer Agreement.
While you're part of the community, plus a short tail: backups age out within about twelve weeks. Pulse subscriptions last until you unsubscribe. Pastoral content is a river, not a lake: a prayer request that hasn’t been marked answered retires from the wall after 90 days, and anything you write in a monthly check-in about how you’re struggling is erased after six months — automatically, without anyone needing to ask. If you ask us to delete you, we delete your profile and everything attached to it, and the backups holding it expire on that same rolling schedule.
You can ask to see everything we hold about you, correct it, have it deleted, restrict or object to how it's used, or take it away in a portable copy. The route is one email: brad@bristolspring.co.uk. No forms, no questions — deletion requests are honoured within a month, usually much faster.
If you're ever unhappy with how we've handled your information, you can complain to the Information Commissioner's Office at ico.org.uk — though we'd love the chance to put it right first.
If we change anything that matters — a new purpose, a new provider — we'll say so plainly to members by email, not bury it here. This notice was last updated on 7 June 2026.
See also the terms — equally short, equally plain.