Legal
Privacy Policy
Last updated: 30 April 2026
Who we are
TradeReplies(“we”, “us”, “our”) operates tradereplies.com and provides AI-assisted enquiry management software for UK tradespeople. This policy explains what personal data we collect, why, and how we handle it.
For any privacy questions, contact us at hello@tradereplies.com.
Data we collect
Account & business information
When you sign up: your name, email address, password, business name, trade type, service area, and settings you configure (working hours, assistant tone, contact number, logo).
Enquiry data
Messages and contact details submitted by people who enquire through your TradeReplies lead page or widget — including names, email addresses, phone numbers, and job descriptions. This data belongs to you as a data controller; we process it on your behalf.
Website analytics
When you visit tradereplies.com or a TradeReplies-hosted business page, we collect page views, referrer URLs, UTM parameters, approximate device type, browser, and IP address. A first-party cookie (_trv, valid 365 days) is set to count unique visitors. A session cookie (_trs) tracks activity within a single session. We also use Google Analytics (see Third Parties below).
Payment information
Subscription payments are handled by Stripe. We do not store your card details — Stripe holds those under PCI-DSS compliance. We retain a record of your subscription status and billing history.
WhatsApp & SMS messages
If you enable the WhatsApp integration, message content passes through our platform via Twilio to enable AI-assisted replies. Message logs are stored so you can review conversations in your inbox.
Why we collect it & legal basis
Under UK GDPR, we rely on the following lawful bases:
- Contract — to provide the service you signed up for (account, enquiry handling, billing)
- Legitimate interests — analytics to improve the product, security monitoring, fraud prevention
- Legal obligation — retaining transaction records as required by law
- Consent — marketing emails (you can unsubscribe at any time)
Cookies
| Cookie | Purpose | Expires |
|---|---|---|
| _trv | Unique visitor identifier (first-party analytics) | 1 year |
| _trs | Session grouping (first-party analytics) | Session |
| _ga, _gid | Google Analytics — aggregate traffic measurement | Up to 2 years |
| sb-* (auth) | Supabase authentication session | Session / 1 year |
You can block or delete cookies via your browser settings. Disabling cookies may affect some functionality.
Third-party processors
We share data with the following processors, each bound by data processing agreements:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, file storage | EU (AWS) |
| Stripe | Payment processing | US/EU |
| Twilio | WhatsApp & SMS message routing | US/EU |
| Vercel | Website hosting & edge delivery | Global (EU edge) |
| Google Analytics | Aggregate website traffic analytics | US |
| OpenAI / AI providers | Generating AI replies to enquiries | US |
Transfers outside the UK/EEA are covered by Standard Contractual Clauses or adequacy decisions.
Data retention
- Account and business data — held for the duration of your subscription, then deleted within 90 days of account closure (except where legal obligations require longer retention)
- Enquiry and message data — retained for as long as your account is active
- Website analytics — rolling 2-year window
- Billing records — 7 years (UK legal requirement)
Your rights
Under UK GDPR you have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate data
- Erasure — request deletion (“right to be forgotten”)
- Restriction — limit how we process your data
- Portability — receive your data in a machine-readable format
- Object — opt out of processing based on legitimate interests
To exercise any of these rights, email hello@tradereplies.com. We will respond within 30 days. If you are unsatisfied with our response, you may lodge a complaint with the ICO (ico.org.uk).
Security
All data is encrypted in transit (TLS) and at rest. Access to production systems is restricted to authorised personnel. We use row-level security on our database to ensure each customer's data is isolated. We conduct periodic security reviews and promptly address vulnerabilities.
Changes to this policy
We may update this policy from time to time. We'll notify active subscribers of material changes by email. Continued use of the service after changes constitutes acceptance of the updated policy.
Contact
TradeReplies · hello@tradereplies.com