Legal

Privacy Policy

Last updated: 24 April 2026 · Data controller: TradeDocs UK
Plain-English summary: we keep your data in the EU, we only share it with Cloudflare (our infrastructure) and Google Gemini (our AI vision). We delete your personal data within 30 days of account closure, except certificate metadata we must keep for six years by law. You have the right to ask for a copy of your data, correct it, or delete it — and to complain to the ICO if we get it wrong.

1. Who is the data controller

TradeDocs UK is the data controller for the personal data you provide when you use our website at tradedocs.co.uk and the TradeDocs Pro application at app.tradedocs.co.uk.

For any data-protection query you can reach us at privacy@tradedocs.co.uk.

2. What personal data we collect

From you, the engineer

From your customers (via certificates you issue)

You are the data controller for the personal data of your customers that appears on certificates you issue. We process that data on your behalf as a data processor — see Section 3.

3. Why we collect it (lawful basis)

Under the UK GDPR every type of personal data must have a lawful basis under Article 6.

Data type Lawful basis Why
Email, password hash, PIN hash, device sessions Contract — Art. 6(1)(b) To provide the account you signed up for.
Company name, address, registration numbers, logo Contract — Art. 6(1)(b) These appear on the certificates you issue.
KYC registration-card photos Legitimate interests — Art. 6(1)(f) Confirming you are who you say you are protects your customers and the integrity of the platform.
Wallet transactions, IP address at top-up Contract + Legal obligation — Art. 6(1)(b) and (c) Billing, fraud prevention and UK tax reporting.
Certificate content (your customer's data) Processed on your behalf You are the controller. Your own lawful basis — typically contract with your customer — applies.
Security logs, audit log Legitimate interests — Art. 6(1)(f) Detecting and responding to account compromise.
Support messages you send us Legitimate interests — Art. 6(1)(f) Answering your question.

4. How long we keep it

5. Where your data lives

Your data is stored on Cloudflare's European infrastructure. Specifically:

The UK has an adequacy decision covering transfers of personal data between the UK and the EEA, so your data is protected to UK-equivalent standards at all times.

6. Sub-processors we use

We use only two sub-processors.

  1. Cloudflare, Inc. — infrastructure (DNS, CDN, D1, R2, Workers, Containers, Email Service, Turnstile). Transfers to Cloudflare are covered by their UK addendum and Standard Contractual Clauses where the service involves any processing outside the UK / EEA.
  2. Google LLC — Gemini API — AI vision model for extracting data from site photos. Images are sent to the Gemini API only when you trigger an AI scan; Google processes them for the request and does not use them to train its models. We send the smallest necessary crop.

We do not share your data with advertising networks, data brokers, analytics vendors or any other third party.

7. Who else sees your data

Within TradeDocs, access is limited to staff who need it to operate the service — for example, to investigate a support ticket you raise, or to respond to a security incident. All access is logged in our internal audit trail.

We will disclose personal data to a public authority only where we are legally required to, for example under a court order, a valid section 49 RIPA 2000 notice, or an HMRC enquiry. We will resist over-broad requests where we can and will tell you when the law permits it.

8. How we protect it

9. Your rights

Under the UK GDPR you have the right to:

You can exercise most of these rights directly from your account settings, or by emailing privacy@tradedocs.co.uk. We will respond within one calendar month.

10. Cookies

TradeDocs Pro uses a minimal set of technical cookies and localStorage keys required to keep you signed in and remember your UI preferences. We do not use advertising cookies, third-party analytics cookies, or tracking pixels.

The specific items we store in your browser are:

Clearing your browser storage at any time will sign you out; no data is lost on our side.

11. Children

TradeDocs Pro is a tool for professional engineers. It is not aimed at, or offered to, children under 18. If you believe a child has created an account, please contact us and we will close it.

12. Changes to this policy

We may update this policy to reflect changes to the service, the law, or our sub-processor list. We will update the "Last updated" date at the top and, where the change is material, tell you in the app before it takes effect.

13. Complaints and contact

If you are unhappy with how we have handled your personal data, please tell us first at privacy@tradedocs.co.uk — we will do our best to put it right.

You also have the right to complain to the Information Commissioner's Office (ICO), the UK's independent data-protection authority: