← Back

Privacy Policy

Template — review with a solicitor before launch

Effective date: 21 April 2026 · Last updated: 21 April 2026

1. Who we are

Waveatrade Ltd (“we”, “us”, “our”) operates the Waveatrade platform that connects homeowners with UK tradespeople. We are registered in England and Wales under company number [REPLACE WITH COMPANIES HOUSE NUMBER], with a registered office at [REPLACE WITH REGISTERED UK ADDRESS]. We are the data controller for the personal data described in this policy.

2. Personal data we collect

  • Account details: name, email, password hash, account role (homeowner or tradesperson), postcode, and avatar.
  • Tradesperson profile: bio, hourly rate, trades, primary trade, availability, verification documents (ID, public liability insurance).
  • Marketplace activity: jobs posted, quotes sent, reviews left, messages sent, community posts and reactions.
  • Technical data: IP address (transient), device type, browser, session cookies. We do not use advertising or tracking cookies.

3. Why we use your data (lawful bases)

  • Contract — to provide the Waveatrade service you signed up for.
  • Legitimate interests — to keep the platform secure, prevent fraud, and verify tradesperson credentials.
  • Legal obligation — to respond to lawful requests and comply with UK law.
  • Consent — for any non-essential marketing (we will ask separately if we ever send this).

4. Who we share your data with

We share limited personal data with the following processors, each bound by a Data Processing Agreement:

  • Supabase (database, authentication, file storage) — hosted in the EU.
  • Vercel (application hosting).
  • Sentry (error tracking, no personal data beyond user ID).

We never sell your personal data. Public profile information you choose to publish (name, reviews, community posts) is visible to other users.

5. International transfers

Our data is primarily stored in the European Economic Area. Where any transfer outside the UK/EEA occurs, it is covered by Standard Contractual Clauses or an adequacy decision.

6. How long we keep it

We keep personal data for as long as your account is active. After deletion, we retain anonymised transaction history for legal and fraud-prevention purposes (up to 6 years, in line with UK tax rules).

7. Your rights under UK GDPR

You have the right to:

  • access a copy of your data (“subject access request”);
  • correct inaccurate data;
  • delete your data (“right to be forgotten”);
  • restrict or object to our processing;
  • data portability;
  • withdraw consent at any time;
  • complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk.

Exercise these rights by emailing privacy@waveatrade.com. We reply within 30 days.

8. Cookies

We use only essential cookies required to keep you signed in and protect against cross-site request forgery. No advertising, analytics, or tracking cookies are set. You can clear cookies at any time from your browser settings.

9. Security

Passwords are hashed. All traffic is encrypted with TLS. Access to production systems is restricted, logged, and regularly reviewed. We will notify you and the ICO within 72 hours of any personal data breach that presents a risk to your rights.

10. Children

Waveatrade is not intended for anyone under 18. If we become aware of a user under 18, we delete the account.

11. Changes to this policy

We may update this policy from time to time. Material changes will be notified via email or an in-app banner at least 14 days before taking effect.

12. Contact us

Questions? Email privacy@waveatrade.com or write to Waveatrade Ltd, [REPLACE WITH REGISTERED UK ADDRESS].