Allotmin is completely free until January 2027, and will be priced at £35 per year after that.

We are currently in early access, please forward any feedback and feature requests to tryallotmin@gmail.com.

Allotmin

Privacy Policy

Allotmin — Last updated: May 2026

1. Who We Are

Allotmin is a web-based administration tool for allotment associations. It is developed and operated by a sole trader based in the United Kingdom.

For the purposes of data protection law, the data controller is:

Oliver Penman

Address: Available on request

Email: tryallotmin@gmail.com

References to “we”, “us”, or “our” in this policy refer to the data controller above.

2. What Allotmin Does

Allotmin is a software-as-a-service (SaaS) platform sold to allotment associations (“administrators” or “tenants”). Administrators use Allotmin to manage their own members, plots, waiting lists, and payment records.

We operate as a data processor on behalf of allotment administrators, who are themselves data controllers in relation to their own members’ personal data.

This policy explains how we handle personal data provided to us when administrators sign up for and use the Allotmin platform.

3. Personal Data We Collect

3.1 Administrator Account Data

When an allotment association signs up for Allotmin, we collect:

  • Full name
  • Email address
  • Password (stored as a secure hash — we never store your plain-text password)

This data is used solely to provide and secure access to the Allotmin platform.

3.2 Member Data Entered by Administrators

Administrators enter personal data about their own allotment members into Allotmin. This may include:

  • Name, email address, phone number
  • Plot assignment and payment history
  • Waiting list position and application details
  • Optional notes, address, and tenancy start dates

We store and process this data on behalf of, and under the instruction of, the administrator. We do not use this data for our own purposes.

3.3 Public Waiting List Applicant Data

If an administrator enables the public waiting list feature, members of the public may submit their name, email address, and optional contact details. This data is stored in Allotmin on behalf of the administrator and is subject to their own data protection obligations.

5. How We Use Your Data

We use administrator account data to:

  • Provide access to the Allotmin platform
  • Send transactional emails (e.g. waiting list confirmation emails sent on behalf of administrators)
  • Respond to support queries
  • Maintain platform security and prevent misuse

We do not sell personal data to third parties. We do not use personal data for advertising or marketing profiling.

6. Data Storage and Security

All data entered into Allotmin is stored on servers located in the United Kingdom (DigitalOcean, London region — LON1). Data does not leave the UK.

We take reasonable technical and organisational measures to protect personal data, including:

  • Encrypted passwords (bcrypt hashing)
  • HTTPS encryption for all data in transit
  • Private file storage with authenticated access only
  • Per-tenant data isolation — each administrator can only access their own organisation’s data

As a small sole-trader operation, we do not currently hold ISO 27001 certification or conduct formal penetration testing, but we follow industry-standard security practices.

7. Third-Party Services

We use the following third-party services that may process personal data on our behalf:

Mailgun (Sinch)

Used to deliver transactional emails on behalf of administrators (e.g. waiting list confirmation emails). Recipient email addresses and message content are transmitted to Mailgun for delivery purposes only. Mailgun is UK/EU GDPR compliant.

Mailgun privacy policy →

DigitalOcean

Our hosting provider. All data is stored on DigitalOcean servers in the UK (LON1 region). DigitalOcean is GDPR compliant.

DigitalOcean privacy policy →

ip-api.com

Used to perform IP address geolocation lookups for internal platform analytics. Session IP addresses of logged-in administrators are submitted to ip-api.com to provide a general indication of geographic location. This is an internal tool, visible only to the platform operator.

ip-api.com legal information →

Google Fonts

Used to serve typography via Google’s content delivery network. When you load any page on the Allotmin platform, your browser makes a request to Google’s CDN, which involves transmission of your IP address to Google. No other personal data is shared with Google through this mechanism, and Google Fonts is not used for tracking or analytics.

Google privacy policy →

GitHub

Used for source code version control only. No personal data from administrators or their members is stored in our code repository.

8. Data Retention

We retain administrator account data for as long as an account remains active. If you close your account, your data and all associated member data will be permanently deleted from our systems within 30 days.

Administrators may request deletion of their account and all associated data at any time by contacting us at tryallotmin@gmail.com.

9. Your Rights Under UK GDPR

If you are an administrator using Allotmin, you have the following rights in relation to your personal data:

  • Right of access — to request a copy of the personal data we hold about you
  • Right to rectification — to correct inaccurate data
  • Right to erasure — to request deletion of your account and data
  • Right to restriction — to limit how we process your data in certain circumstances
  • Right to data portability — to receive your data in a commonly used format
  • Right to object — to object to processing based on legitimate interests

To exercise any of these rights, please contact us at tryallotmin@gmail.com. We will respond within one calendar month.

If you are an allotment member whose data has been entered into Allotmin by your association, please contact your allotment administrator directly, as they are the data controller for that data.

10. Contact Us

For any questions about this policy, or to exercise your data rights, please contact:

Oliver Penman

Email: tryallotmin@gmail.com

Address: Available on request

We aim to respond to all enquiries within 5 working days.

11. ICO Registration and Right to Complain

Oliver Penman is registered with the Information Commissioner’s Office (ICO) as a data controller under the Data Protection (Charges and Information) Regulations 2018. Please contact us at tryallotmin@gmail.com for our ICO registration number.

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the ICO:

Information Commissioner’s Office (ICO)

Website: ico.org.uk

Helpline: 0303 123 1113

12. Changes to This Policy

We may update this policy from time to time. Where changes are material, we will notify administrators by email or via a notice within the Allotmin platform. The date at the top of this document reflects when it was last updated.