Effective Date: 5 April 2026  |  Last Updated: 5 April 2026
Company: Tradiemate Ltd  |  Contact: legal@tradie-mate.co.uk

1. Who We Are

Tradiemate Ltd ("TradieMate", "we", "us", "our") operates the TradieMate mobile application and website (tradie-mate.co.uk). We provide business management software for UK sole-trader tradespeople, including invoicing, quoting, customer management, job tracking, and payment collection.

We are the data controller for personal data processed through our services. If you have any questions about how we handle your data, contact us at legal@tradie-mate.co.uk.

2. What Data We Collect

2.1 Data you provide directly

  • Account information: your name, email address, phone number, business name, and trade type when you sign up
  • Customer data: names, email addresses, phone numbers, and addresses of your customers that you add to the app
  • Job and invoice data: job descriptions, quote details, invoice amounts, line items, payment information, and photos you upload
  • Feedback: any messages you send us through the in-app feedback feature

2.2 Data collected automatically

  • Device information: device type, operating system version, app version
  • Push notification tokens: to send you notifications about your business activity
  • Usage data: which features you use and when, to help us improve the app

2.3 Data from third parties

  • Payment data: Stripe provides us with payment confirmation details (we never see or store full card numbers)
  • Accounting data: Xero provides invoice and contact synchronisation data

3. How We Use Your Data

We use your data to:

  • Provide and operate the TradieMate app and its features
  • Send invoices and quotes to your customers on your behalf
  • Send automated WhatsApp messages and emails (payment reminders, quote follow-ups, service reminders) that you have enabled
  • Process payments through Stripe
  • Synchronise your invoices and contacts with Xero
  • Send you push notifications about your business activity
  • Send you a welcome email and weekly business digest
  • Improve our app and develop new features
  • Respond to your feedback and support requests
  • Comply with legal obligations

4. Legal Basis for Processing (GDPR)

We process your data under the following legal bases:

  • Contract: processing necessary to provide you with the TradieMate service you signed up for (account data, job/invoice data, customer data)
  • Legitimate interest: improving our service, sending business digest emails, preventing fraud
  • Consent: push notifications, marketing communications (you can withdraw consent at any time)
  • Legal obligation: where we are required to retain data by law

5. Who We Share Your Data With

We share your data with the following third-party service providers, all of whom are bound by data processing agreements:

  • Supabase (database hosting) — stores your account, customer, job, and invoice data. Servers located in West Europe (London).
  • Stripe (payment processing) — processes customer payments and subscription billing. Stripe is PCI DSS compliant.
  • Twilio (WhatsApp messaging) — sends WhatsApp messages to your customers on your behalf (invoices, reminders, quotes).
  • SendGrid (email) — sends emails on your behalf (welcome emails, fallback emails, weekly digests).
  • Xero (accounting) — synchronises your invoices and customer contacts if you connect your Xero account.
  • HubSpot (CRM) — stores your contact information for our customer relationship management.
  • Anthropic (AI) — processes job descriptions to generate quotes using Claude AI. No personal data is sent beyond job descriptions and trade type.
  • Expo / Apple / Google (push notifications) — delivers push notifications to your device.
  • Make.com (automation) — orchestrates workflows between the above services.

We do not sell your data to third parties. We do not share your data with advertisers.

6. Your Customers' Data

When you add customer information to TradieMate, you are the data controller for that customer data, and we are your data processor. You are responsible for:

  • Having a lawful basis to store and use your customers' contact information
  • Informing your customers that you use TradieMate to manage invoices and communications
  • Responding to any data access or deletion requests from your customers

We will assist you in responding to customer data requests where possible.

7. Data Retention

  • Account data: retained while your account is active, deleted within 30 days of account deletion
  • Customer, job, and invoice data: retained while your account is active. You can delete individual records at any time through the app.
  • Payment records: retained for 7 years as required by UK tax law (HMRC)
  • Photos: stored while the associated job exists. Deleted when you delete the photo or the job.
  • Messages log: retained for 2 years for audit purposes

8. Data Security

We take the security of your data seriously:

  • All data is encrypted in transit (TLS/SSL) and at rest
  • Database hosted in Supabase's West Europe (London) region with row-level security policies
  • Authentication via one-time passcodes (no passwords stored)
  • Payment data handled by Stripe (PCI DSS Level 1 certified) — we never store card numbers
  • Access to production systems is restricted to authorised personnel only

9. Your Rights (GDPR)

Under UK GDPR, you have the right to:

  • Access: request a copy of your personal data
  • Rectification: correct inaccurate data (you can edit your profile and customer records in-app)
  • Erasure: request deletion of your data ("right to be forgotten")
  • Portability: receive your data in a machine-readable format
  • Restriction: limit how we process your data
  • Objection: object to processing based on legitimate interest
  • Withdraw consent: for any processing based on consent (e.g., push notifications)

To exercise any of these rights, email legal@tradie-mate.co.uk. We will respond within 30 days.

10. Cookies

The TradieMate mobile app does not use cookies. Our website (tradie-mate.co.uk) uses essential cookies only for basic functionality.

11. Children's Privacy

TradieMate is a business management tool designed for adults. We do not knowingly collect data from anyone under the age of 18. If we learn that we have collected personal data from a child, we will delete it promptly.

12. International Transfers

Your data is primarily stored in the UK/EU (Supabase West Europe). Some of our service providers (Stripe, Twilio, SendGrid, HubSpot, Anthropic) may process data in the United States. Where this occurs, appropriate safeguards are in place including Standard Contractual Clauses (SCCs) and adequacy decisions.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by email or through the app. The "Last Updated" date at the top of this policy indicates when it was most recently revised.

14. Contact Us

If you have questions about this privacy policy or how we handle your data:

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.