Privacy Policy
1. Who is the data controller
TradeDocs UK is the data controller for the personal data you provide when you use our website at tradedocs.co.uk and the TradeDocs Pro application at app.tradedocs.co.uk.
For any data-protection query you can reach us at privacy@tradedocs.co.uk.
2. What personal data we collect
From you, the engineer
- Account data: email, password hash, in-app PIN hash, device session details (IP and user-agent), name, trade selection (electrical / gas / both).
- Profile data: company name (optional), NICEIC or Gas Safe registration number, address, logo image, accreditation logo, trade qualifications.
- KYC verification data: photo of your registration card (front and back). We hold these only until we confirm your registration; see Section 4.
- Wallet and billing data: credit balance, top-up history, transaction IDs. Card numbers are handled by our payment processor — we never see or store them.
From your customers (via certificates you issue)
- Certificate content: customer name, property address, phone, email, inspection findings, readings, evidence photos of the installation, your signature.
You are the data controller for the personal data of your customers that appears on certificates you issue. We process that data on your behalf as a data processor — see Section 3.
3. Why we collect it (lawful basis)
Under the UK GDPR every type of personal data must have a lawful basis under Article 6.
| Data type | Lawful basis | Why |
|---|---|---|
| Email, password hash, PIN hash, device sessions | Contract — Art. 6(1)(b) | To provide the account you signed up for. |
| Company name, address, registration numbers, logo | Contract — Art. 6(1)(b) | These appear on the certificates you issue. |
| KYC registration-card photos | Legitimate interests — Art. 6(1)(f) | Confirming you are who you say you are protects your customers and the integrity of the platform. |
| Wallet transactions, IP address at top-up | Contract + Legal obligation — Art. 6(1)(b) and (c) | Billing, fraud prevention and UK tax reporting. |
| Certificate content (your customer's data) | Processed on your behalf | You are the controller. Your own lawful basis — typically contract with your customer — applies. |
| Security logs, audit log | Legitimate interests — Art. 6(1)(f) | Detecting and responding to account compromise. |
| Support messages you send us | Legitimate interests — Art. 6(1)(f) | Answering your question. |
4. How long we keep it
- Account data: for as long as your account is active. When you close the account, PII (name, email, phone, PIN hash) is erased within 30 days by an automated archive sweep.
- KYC selfie / registration-card photos: deleted as soon as verification succeeds ("delete-on-success"). If verification is rejected, retained for 90 days to allow you to appeal, then deleted.
- Certificate metadata: six years after issue. This covers the NICEIC / NAPIT / Gas Safe Register audit window and limitation periods under English law. The PDF itself is not stored — it is regenerated on demand from the row when you or your customer download it.
- Wallet transactions: six years, as required by UK tax and company law.
- Security and audit logs: 12 months.
- Support messages: up to 24 months after the ticket is closed.
5. Where your data lives
Your data is stored on Cloudflare's European infrastructure. Specifically:
- Cloudflare D1 (database) with
jurisdiction: "eu"— all account, profile, certificate and wallet rows. - Cloudflare R2 (object storage) with
jurisdiction: "eu"— evidence photos, engineer logos, KYC documents. - Cloudflare Workers + Containers (compute) — the service is served from edge data centres around the UK and Europe, but all persistent storage remains within the EU.
The UK has an adequacy decision covering transfers of personal data between the UK and the EEA, so your data is protected to UK-equivalent standards at all times.
6. Sub-processors we use
We use only two sub-processors.
- Cloudflare, Inc. — infrastructure (DNS, CDN, D1, R2, Workers, Containers, Email Service, Turnstile). Transfers to Cloudflare are covered by their UK addendum and Standard Contractual Clauses where the service involves any processing outside the UK / EEA.
- Google LLC — Gemini API — AI vision model for extracting data from site photos. Images are sent to the Gemini API only when you trigger an AI scan; Google processes them for the request and does not use them to train its models. We send the smallest necessary crop.
We do not share your data with advertising networks, data brokers, analytics vendors or any other third party.
7. Who else sees your data
Within TradeDocs, access is limited to staff who need it to operate the service — for example, to investigate a support ticket you raise, or to respond to a security incident. All access is logged in our internal audit trail.
We will disclose personal data to a public authority only where we are legally required to, for example under a court order, a valid section 49 RIPA 2000 notice, or an HMRC enquiry. We will resist over-broad requests where we can and will tell you when the law permits it.
8. How we protect it
- Passwords are hashed with argon2id using a server-side pepper. Your plaintext password is never stored or logged.
- The 6-digit PIN is argon2id-hashed on the server; five wrong attempts lock the account for 15 minutes.
- Certificates are issued as encrypted PDFs (AES, 128-bit) with copy / modify / annotate permissions disabled.
- Unverified certificates carry a diagonal "SAMPLE — DRAFT — UNVERIFIED" watermark so they cannot be passed off as issued.
- New-device logins require an email code before a session is issued.
- Rate limits and IP-based monitoring protect auth endpoints from brute force.
9. Your rights
Under the UK GDPR you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectify — ask us to correct inaccurate or incomplete data.
- Erase — ask us to delete your data, subject to the retention rules in Section 4 for legal obligations.
- Restrict — ask us to stop using your data while a dispute is resolved.
- Port — receive your data in a machine-readable format so you can move it elsewhere.
- Object — object to processing we do under legitimate interests.
- Withdraw consent — where we rely on consent (for example, optional communications), you can withdraw it at any time.
You can exercise most of these rights directly from your account settings, or by emailing privacy@tradedocs.co.uk. We will respond within one calendar month.
10. Cookies
TradeDocs Pro uses a minimal set of technical cookies and localStorage keys required to keep you signed in and remember your UI preferences. We do not use advertising cookies, third-party analytics cookies, or tracking pixels.
The specific items we store in your browser are:
tdp_session_token— your JWT access token. Local only; not sent to any third party.tdp_user_email— your email, cached to prefill the login form.tdp_pin_unlocked— a session flag to avoid re-prompting for the PIN on every page.tdp_referral_id— session-scoped; your referrer's ID if you arrived from a referral link.
Clearing your browser storage at any time will sign you out; no data is lost on our side.
11. Children
TradeDocs Pro is a tool for professional engineers. It is not aimed at, or offered to, children under 18. If you believe a child has created an account, please contact us and we will close it.
12. Changes to this policy
We may update this policy to reflect changes to the service, the law, or our sub-processor list. We will update the "Last updated" date at the top and, where the change is material, tell you in the app before it takes effect.
13. Complaints and contact
If you are unhappy with how we have handled your personal data, please tell us first at privacy@tradedocs.co.uk — we will do our best to put it right.
You also have the right to complain to the Information Commissioner's Office (ICO), the UK's independent data-protection authority:
- Website: ico.org.uk/make-a-complaint
- Helpline: 0303 123 1113
- Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF