1. Who we are
traidhand is a trading name of traidhand Ltd. We provide a software-as-a-service platform that helps UK tradespeople manage enquiries, quotes, jobs, and invoices. In this policy, “we”, “us”, and “our” refer to traidhand Ltd.
If you have questions about this policy, contact us at privacy@traidhand.com.
2. Data we collect
We collect the following categories of personal data:
- Account data - name, email address, phone number, and business details you provide when creating an account.
- Customer data - names, email addresses, phone numbers, and addresses of your customers that you enter or that are received via inbound enquiries.
- Usage data - pages visited, features used, browser type, IP address, and device information collected automatically.
- Communication data - emails sent and received through the platform, enquiry form submissions, and AI-generated correspondence.
- Payment data - subscription tier and billing information processed by our payment provider (we do not store card details).
3. Legal basis for processing
We process your data under the following legal bases (UK GDPR Article 6):
- Contract - to provide the traidhand service as agreed in our Terms of Service.
- Legitimate interests - to improve our service, prevent fraud, and send service-related communications.
- Consent - for optional marketing communications (you can withdraw consent at any time).
- Legal obligation - where required to comply with applicable laws.
4. How we use your data
- To operate and maintain your traidhand account and business workspace.
- To process inbound enquiries, generate quotes, and manage jobs and invoices.
- To provide AI-powered features such as lead pre-qualification, smart classification, and automated correspondence.
- To send transactional emails (quote notifications, invoice reminders, enquiry confirmations).
- To improve the platform through anonymised usage analytics.
5. Third-party services
We share data with the following third-party processors, all of whom are bound by data processing agreements:
- Supabase (database and authentication) - EU/US data centres.
- Vercel (hosting and edge functions) - global CDN.
- Resend (transactional email delivery) - US.
- Anthropic (AI processing via Claude) - US. Email content and enquiry details may be sent for AI analysis.
- Google (AI processing via Gemini) - US. Email content and enquiry details may be sent for AI analysis.
Where data is transferred outside the UK, we rely on adequate safeguards including standard contractual clauses and UK adequacy decisions.
6. Data retention
- Account data - retained while your account is active, deleted within 30 days of account closure.
- Customer data - retained while your account is active. You can delete individual customer records at any time.
- Usage data - anonymised and aggregated after 12 months.
- Email content - retained for 24 months, then automatically purged.
7. Your rights under UK GDPR
You have the right to:
- Access - request a copy of the personal data we hold about you.
- Rectification - correct inaccurate or incomplete data.
- Erasure - request deletion of your data (“right to be forgotten”).
- Restriction - limit how we process your data in certain circumstances.
- Portability - receive your data in a machine-readable format.
- Object - object to processing based on legitimate interests.
To exercise any of these rights, email privacy@traidhand.com. We will respond within 30 days.
8. Cookies
We use essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising cookies. Analytics are performed using anonymised, aggregated server-side data.
9. Security
We implement industry-standard security measures including encrypted connections (TLS), row-level security on our database, webhook signature verification, rate limiting on public endpoints, and regular security audits. However, no system is 100% secure and we cannot guarantee absolute security.
10. Changes to this policy
We may update this policy from time to time. Material changes will be communicated via email or an in-app notification. Continued use of the service after changes constitutes acceptance of the updated policy.