Trade Buddy Privacy Notice

Last updated: 24/11/2025

1. Introduction

Trade Buddy ("we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Notice explains how we collect, use, store, and protect your information when you use our platform to connect with tradespeople for DIY advice and support.

2. Data Controller

Trade Buddy is the data controller responsible for your personal information. You can contact us at:

• Email: privacy@tradebuddy.uk
• Support: support@tradebuddy.uk

3. Information We Collect

Account Information

• Full name, email address, phone number
• Date of birth (for age verification and compliance)
• Address details
• Profile photo (optional)

Booking & Communication Data

• Project descriptions, titles, and details
• Photos and videos you upload
• Messages exchanged with tradespeople
• Call recordings
• Booking history and preferences

Payment Information

• Payment card details (stored securely by Stripe, our payment processor)
• Transaction history and invoices

Technical & Usage Data

• IP address, device type, browser information
• Security events and login history
• App usage patterns and preferences

4. How We Use Your Information

We use your personal data to:

• Provide Services: Connect you with tradespeople, facilitate bookings, enable communication
• Process Payments: Handle transactions securely through Stripe
• Improve Platform: Analyze usage patterns, fix bugs, develop new features
• Security & Fraud Prevention: Monitor for suspicious activity, protect accounts
• Legal Compliance: Meet UK legal and regulatory requirements (GDPR, tax laws)
• Customer Support: Respond to inquiries and resolve issues

5. Legal Basis for Processing

We process your data based on:

• Contract Performance: To provide the services you've signed up for, including mandatory profile photos (for tradesmen) and call recordings for quality assurance, training, and dispute resolution
• Legal Obligation: To comply with UK tax laws, HMRC requirements, and other regulations
• Legitimate Interests: To improve our services, prevent fraud, ensure platform security, and maintain service quality through call recordings
• Consent: For optional marketing communications (you can withdraw consent anytime)

6. Data Sharing

We share your information only when necessary:

With Tradespeople

When you book a call, we share relevant project details (description, photos) with your chosen tradesperson to provide assistance.

Service Providers

 
• Stripe: Payment processing (PCI-DSS compliant)
• Cloud Infrastructure: Secure data hosting and storage
• Communication Tools: Video call infrastructure

Legal Requirements

We may disclose data to comply with legal obligations, court orders, or to protect our rights and safety.

7. Data Security

We implement industry-standard security measures to protect your data:

• Encryption at rest for sensitive personal data (address, date of birth, financial IDs)
• Encryption in transit (HTTPS/TLS) for all communications
• Secure authentication and session management
• Regular security monitoring and logging
• Access controls and data minimization principles
 

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, prevent fraud, resolve disputes, and enforce our terms. We apply different retention periods based on the type of data and its purpose.

Specific Retention Periods

• User profiles & account data: Duration of account + 30 days after deletion request (Legal Basis: Contract performance, legitimate interests)
• Completed bookings: 7 years from completion date (Legal Basis: UK tax law compliance - HMRC requirements)
• Cancelled/failed bookings: 1 year from creation date (Legal Basis: Fraud prevention, dispute resolution)
• Messages & communications: 2 years from last message (Legal Basis: Dispute resolution, contract evidence)
• Security events: 90 days from event date (Legal Basis: Security monitoring, fraud prevention)
• Active security sessions: Duration of session + 30 days after last activity (Legal Basis: Account security, access management)
• Call recordings & uploaded videos: 180 days from session date, or until dispute resolution + 90 days (Legal Basis: Quality assurance, training, dispute resolution)

Automated Data Deletion

When retention periods expire, we automatically delete personal data or convert it to anonymized statistical data that cannot be linked back to you. Our automated data retention system runs daily to ensure compliance with these periods. All deletions are logged for compliance auditing purposes.

Legal Compliance

These retention periods are based on UK legal requirements, industry standards, and our legitimate business interests. Where we retain data for compliance purposes (e.g., 7 years for completed bookings), this is required by UK tax law and HMRC guidance. Data involved in ongoing investigations, disputes, or legal proceedings may be retained longer until resolution.

Your Rights

You can request deletion of your data at any time by contacting us at privacy@tradebuddy.uk or using the account deletion feature in your settings. You may also request a copy of your data before deletion. Note that we may need to retain certain data for legal compliance even after deletion requests (e.g., financial records for tax purposes as required by HMRC).

9. Your Privacy Rights (GDPR/UK GDPR)

Under UK data protection law, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data (subject to legal retention requirements)
• Restrict Processing: Limit how we use your data in certain circumstances
• Data Portability: Receive your data in a structured, machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: For processing based on consent (e.g., call recordings)

To exercise these rights, contact us at privacy@tradebuddy.uk or use the data export feature in your account settings.

10. International Transfers

Your data is primarily stored and processed in the UK and EU. If we transfer data internationally, we ensure adequate safeguards are in place (e.g., Standard Contractual Clauses) to protect your information.

11. Children's Privacy

Our services are not intended for users under 18. We do not knowingly collect data from children. If we become aware that we have collected data from a child, we will delete it promptly.

12. Changes to This Privacy Notice

We may update this Privacy Notice periodically. Material changes will be notified via email or in-app notification. Continued use of our services after changes constitutes acceptance of the updated notice.

13. Complaints

If you have concerns about how we handle your data, please contact us first at privacy@tradebuddy.uk. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Helpline: 0303 123 1113

14. Contact Information

For privacy-related questions or to exercise your rights:

• Email: privacy@tradebuddy.uk
• General Support: support@tradebuddy.uk