Skip to main content

Privacy Policy

Last updated: 1 January 2025

TradePilot Ltd is committed to protecting your privacy. This policy explains what personal data we collect, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

TradePilot Ltd is the data controller for personal data processed through the TradePilot platform. We are registered in England and Wales. If you have any questions about this policy or how we handle your data, contact our Data Protection Officer at [email protected].

2. Data We Collect

We collect personal data in the following categories:

Account & Identity Data

Name, email address, phone number, job title, and business information provided when you register or update your account.

Billing & Payment Data

Subscription details, payment method tokens (we do not store full card numbers), and transaction history. Payments are processed by PCI-DSS compliant third parties.

Usage & Technical Data

IP address, browser type, operating system, pages visited, session duration, and error logs. Collected via server logs and analytics tools.

Location Data

GPS coordinates transmitted by the mobile app when engineers check in to jobs. Location data is only captured when the app is actively in use and the engineer has granted permission.

Customer Data You Input

Names, addresses, contact details, and job history of your customers that you enter into TradePilot. You remain the data controller for this data; we process it on your behalf as a data processor.

3. Legal Basis for Processing

We process your data on the following legal bases:

  • Contract performance — to provide the TradePilot service you have subscribed to
  • Legal obligation — to comply with UK tax, employment, and financial regulations
  • Legitimate interests — to improve the Service, prevent fraud, and maintain platform security
  • Consent — for marketing communications, which you may withdraw at any time

4. How We Use Your Data

  • Providing and improving the TradePilot platform
  • Processing payments and managing your subscription
  • Sending transactional emails (receipts, job alerts, system notices)
  • Sending marketing communications where you have consented
  • Detecting and preventing fraud and abuse
  • Complying with legal and regulatory obligations
  • Conducting anonymised analytics to improve the Service

5. Data Sharing

We do not sell your personal data. We share data with third parties only as necessary to provide the Service:

  • Payment processors (Stripe, SumUp) — to process subscription and job payments
  • Accounting integrations (Xero, QuickBooks) — where you have enabled the integration
  • Infrastructure providers — UK-based hosting and cloud services bound by data processing agreements
  • Legal authorities — where required by law or to protect the rights of TradePilot or our users

6. Data Retention

We retain your account data for the duration of your subscription and for up to 6 years thereafter to comply with UK tax and legal obligations. Customer data you input is retained for 30 days after account closure, during which time you may export it. Location data from engineer check-ins is retained for 12 months.

7. International Transfers

All personal data is stored on UK-based servers. Where any third-party processor is based outside the UK or EEA, we ensure appropriate safeguards are in place, including UK adequacy decisions or Standard Contractual Clauses.

8. Security

We use industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, role-based access controls, and regular security audits. In the event of a personal data breach that poses a high risk to individuals, we will notify affected users and the Information Commissioner’s Office (ICO) as required by UK GDPR.

9. Cookies

Our website uses cookies for essential functionality (session management, security) and optional analytics. You can manage cookie preferences via your browser settings. Disabling non-essential cookies does not affect platform functionality.

10. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access — to request a copy of the data we hold about you
  • Right to rectification — to correct inaccurate or incomplete data
  • Right to erasure — to request deletion of your data where we have no legal basis to retain it
  • Right to restrict processing — to limit how we use your data in certain circumstances
  • Right to data portability — to receive your data in a structured, machine-readable format
  • Right to object — to processing based on legitimate interests or direct marketing
  • Rights related to automated decisions — we do not make solely automated decisions with legal effect

To exercise any of these rights, contact us at [email protected]. We will respond within one calendar month.

11. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113. We would, however, appreciate the opportunity to address your concern before you approach the ICO.