Legal

Privacy Policy

Last updated: 19 March 2026

1. Who we are

TradieFlow is a website building and hosting service for UK tradesmen, operated by Liam Hart. For the purposes of UK data protection law (including the UK GDPR and the Data Protection Act 2018), we are the data controller.

If you have any questions about how we handle your data, you can contact us at hello@tradieflow.uk.

2. What data we collect

Information you provide

  • Account information: When you sign up, we collect your name, email address, and password through our authentication provider (Clerk).
  • Business information: Business name, trade type, address, phone number, logo, photos, and website content you add through your dashboard.
  • Contact form submissions: Name, email address, and message content when you use our marketing site contact form.
  • Payment information: Payment card details are collected and processed directly by Stripe. We do not store your full card details on our servers.

Information collected automatically

  • Analytics data: We use Google Analytics, Google Tag Manager, and PostHog to collect information about how you use our website, including pages visited, time on site, traffic sources, and general interaction patterns. This helps us improve our service.
  • Advertising data: We use Google Ads (AdWords) to track conversions from our advertising campaigns and to enable remarketing. This may involve collecting data about your browsing activity on our site.
  • Device and browser information: IP address, browser type, operating system, and device type.
  • Cookies and local storage: We use cookies and browser local storage for authentication sessions and analytics. See section 7 for more detail.

Enquiry data (from your customers)

When someone submits an enquiry through your TradieFlow website, we collect their name, email, phone number (optional), and message. This data is stored in our database and made available to you through your dashboard. You are responsible for how you use this data in your own business.

3. How we use your data

We use your personal data for the following purposes:

  • To provide our service: Building, hosting, and maintaining your website; processing payments; managing your account.
  • To communicate with you: Responding to support requests, sending service-related emails, and notifying you of important changes.
  • To improve our platform: Analysing usage patterns to make our product better.
  • To process enquiries: Delivering contact form and enquiry submissions to the appropriate recipient.

We do not sell your personal data to third parties. We do not use your data for automated decision-making or profiling.

4. Legal basis for processing

Under UK GDPR, we process your data on the following legal bases:

  • Contract: Processing necessary to provide you with the service you have signed up for (account management, website hosting, payment processing).
  • Legitimate interests: Analytics and service improvement, fraud prevention, and ensuring platform security.
  • Consent: Where applicable, such as for optional marketing communications and advertising cookies (including Google Ads remarketing).
  • Legal obligation: Where we are required to retain data for tax, accounting, or regulatory purposes.

5. Who we share your data with

We use trusted third-party services to operate our platform. These providers only process your data on our behalf and in accordance with our instructions:

  • Clerk - Authentication and user management
  • Stripe - Payment processing and billing
  • Google - Analytics (Google Analytics), advertising (Google Ads), and tag management (Google Tag Manager)
  • PostHog - Product analytics
  • Vercel - Website hosting and deployment
  • Supabase - Database hosting
  • Resend - Transactional email delivery

Some of these providers may process data outside the UK. Where this occurs, appropriate safeguards are in place (such as Standard Contractual Clauses) to ensure your data remains protected.

6. How long we keep your data

  • Account data: Retained for the duration of your subscription, plus 30 days after cancellation.
  • Payment records: Retained for 7 years as required by UK tax law.
  • Contact form submissions: Retained for 12 months, then deleted.
  • Analytics data:Retained in accordance with PostHog's data retention policies.
  • Customer enquiry data: Retained for the duration of your subscription, plus 30 days.

7. Cookies and tracking technologies

We use cookies, local storage, and similar tracking technologies for the following purposes:

  • Essential cookies: Required for authentication and security. These are set by Clerk and are necessary for the service to function.
  • Analytics cookies: Set by Google Analytics and PostHog to help us understand how visitors use our website.
  • Advertising cookies: Set by Google Ads (AdWords) for conversion tracking and remarketing purposes. These cookies may track your browsing activity across other websites to show you relevant advertisements.
  • Tag management: Google Tag Manager is used to deploy and manage our analytics and advertising tags.

For full details on the cookies we use, including how to manage your preferences, please see our Cookie Policy.

8. Your rights

Under UK data protection law, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate or incomplete data
  • Erase your personal data (subject to legal retention requirements)
  • Restrict or object to certain types of processing
  • Data portability - receive your data in a structured, machine-readable format
  • Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at hello@tradieflow.uk. We will respond within 30 days.

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Data security

We take the security of your data seriously. All data is transmitted over HTTPS with 256-bit SSL encryption. Our platform is hosted on Vercel with Cloudflare providing additional security and DDoS protection. Access to production systems is restricted and monitored.

Payment data is handled entirely by Stripe, which is PCI DSS Level 1 certified - the highest level of payment security certification.

10. Children's privacy

Our service is not intended for anyone under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a minor, please contact us immediately.

11. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a notice on our website. The “last updated” date at the top of this page will always reflect the most recent version.

12. Contact us

If you have any questions about this Privacy Policy or how we handle your data, please contact us at:

hello@tradieflow.uk