TradedocTradedoc
Sign inSign up free

Legal

Privacy Policy

Last updated: April 2026

TradeDoc AI (“we”, “us”, or “our”) is committed to protecting your personal data. This Privacy Policy explains what data we collect when you use TradeDoc AI (available at tradedoc.co.uk), why we collect it, and your rights under the UK General Data Protection Regulation (UK GDPR).

For data protection enquiries, contact us at privacy@tradedoc.co.uk.

1. Data We Collect

Account data

When you register, we collect your name, email address, business name, business address, and trade type (e.g. plumber, electrician, gas engineer, builder). This information is required to create and manage your account.

Payment data

We record your subscription plan and status. Payment card details are processed directly and securely by Stripe and are never transmitted to or stored by TradeDoc AI.

Generated documents

When you create quotes, inspection reports, or compliance certificate drafts, you enter data about your customers and jobs, including customer names, addresses, phone numbers, property details, and job descriptions. This data is stored as part of your documents in My Documents.

Usage data

We use Plausible Analytics, a privacy-first analytics tool. Plausible does not use cookies and collects no personal data — only aggregated, anonymised metrics such as page views and feature usage.

Technical data

Our servers may log IP addresses and browser type for security and debugging purposes. These logs are retained for a maximum of 30 days.

2. Lawful Basis for Processing

  • Contract performance: We process your account and document data to provide the service you signed up for.
  • Legitimate interests: We process usage data to improve our service and detect fraudulent activity.
  • Legal obligation: We retain financial records to comply with UK law, including HMRC requirements.

3. How We Use Your Data

  • Provide, maintain, and improve the TradeDoc AI service
  • Process payments and manage your subscription via Stripe
  • Send transactional emails (account confirmations, password resets, receipts) via Resend
  • Respond to support and data protection enquiries
  • Detect and prevent fraud or misuse
  • Comply with our legal and regulatory obligations

4. Third Parties

We share data only with trusted third-party service providers necessary to operate the service:

Stripe

Payment processing. Stripe processes your card details under their own Privacy Policy. We never receive or store card numbers.

Resend

Transactional email delivery (confirmations, receipts, password resets).

Supabase

Database hosting and authentication. Data is stored within the European Economic Area (EEA).

Vercel

Application hosting and infrastructure. Servers are located in the UK/EEA.

Plausible Analytics

Privacy-first, cookieless analytics. No personal data is shared. Plausible is GDPR compliant.

We do not sell your personal data to any third party. Ever.

5. Data Retention

Account data: Retained for the duration of your account, plus two years after account closure for legal and accounting purposes.

Generated documents: Retained while your account is active. You may delete individual documents at any time via My Documents. If you close your account, your documents are deleted within 30 days.

Payment records: Retained for seven years to comply with HMRC financial record-keeping requirements.

Server logs: Retained for a maximum of 30 days.

6. Your Rights (UK GDPR)

Under the UK GDPR, you have the following rights regarding your personal data:

Right of access: Request a copy of the personal data we hold about you.
Right to rectification: Ask us to correct inaccurate or incomplete data.
Right to erasure: Request deletion of your personal data ('right to be forgotten'), subject to legal retention requirements.
Right to restrict processing: Ask us to limit how we use your data in certain circumstances.
Right to data portability: Receive your data in a structured, commonly used, machine-readable format.
Right to object: Object to processing based on legitimate interests.

To exercise any of these rights, email us at privacy@tradedoc.co.uk. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).

7. International Transfers

Your data is primarily stored on servers within the UK and European Economic Area (EEA). Some of our third-party service providers (including Stripe) operate globally. Where data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner.

8. Security

We implement industry-standard security measures including TLS encryption for data in transit, encryption at rest, role-based access controls, and regular security reviews. While we take every reasonable precaution, no system can guarantee absolute security.

9. Children

TradeDoc AI is intended for use by adults operating trade businesses. We do not knowingly collect personal data from persons under the age of 18. If you believe we have inadvertently collected such data, please contact us immediately at privacy@tradedoc.co.uk.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page will reflect any changes. For material changes, we will notify registered users by email in advance.

Contact & Data Requests

For all data protection enquiries, access requests, or erasure requests, contact us at privacy@tradedoc.co.uk. We aim to respond within 30 days.

Terms of Service →Cookie Policy →