Back to Home

Privacy Policy

Last Updated: January 15, 2025

Effective Date: January 15, 2025

1. Introduction

This Privacy Policy explains how JMC Software Solutions Ltd ("we", "us", "our") collects, uses, stores, and protects your personal information when you use MyTradeMate ("Service").

We are committed to protecting your privacy and complying with UK data protection laws, including the UK GDPR and Data Protection Act 2018.

1.1 Data Controller

JMC Software Solutions Ltd
Email: privacy@mytrademate.co.uk

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

  • Full name
  • Email address
  • Phone number
  • Business name
  • Business address
  • VAT number (optional)
  • Payment information (processed by Stripe)

Business Data You Create:

  • Client information (names, contact details, addresses)
  • Appointment details (dates, times, locations, notes)
  • Quote details (items, prices, terms)
  • Invoice details (amounts, payment status, due dates)
  • Files and attachments (photos, documents)
  • Communication history (emails sent through TradeMate)

2.2 Information Collected Automatically

Usage Information:

  • Pages visited within MyTradeMate
  • Features used
  • Time spent on pages
  • Click patterns
  • Device information (browser type, operating system, device model)
  • IP address
  • Login times and frequency

Cookies and Similar Technologies:

  • Essential cookies (required for Service functionality)
  • Analytics cookies (with your consent)
  • Preference cookies (remember your settings)

2.3 Information from Third Parties

Stripe (when you process payments):

  • Payment method details
  • Transaction history
  • Payout information

Google/Microsoft (if you use social login):

  • Name
  • Email address
  • Profile picture

3. How We Use Your Information

3.1 Legal Basis for Processing

We process your personal data under the following legal bases:

Contract Performance (providing the Service you pay for):

  • Creating and managing your account
  • Providing appointment, quote, and invoice functionality
  • Storing your business data
  • Processing payments via Stripe
  • Providing customer support

Legitimate Interests (running our business):

  • Improving Service features and performance
  • Preventing fraud and abuse
  • Analyzing usage patterns
  • Sending service updates and security notifications

Legal Obligation:

  • Complying with financial record-keeping requirements (HMRC - 7 years)
  • Responding to legal requests
  • Preventing illegal activity

Consent (you can withdraw anytime):

  • Sending marketing emails about new features
  • Using non-essential cookies for analytics

3.2 Specific Uses

We use your information to:

Provide Core Service:

  • Authenticate your login
  • Display your appointments, quotes, invoices, and clients
  • Generate PDF documents (quotes and invoices)
  • Send emails to your clients (via Resend)
  • Send SMS to your clients (via Twilio)
  • Store files and attachments
  • Process subscription payments (via Stripe)

Improve Service:

  • Analyze which features are most used
  • Identify bugs and performance issues
  • Develop new features based on usage patterns
  • A/B test improvements

Communicate with You:

  • Send transactional emails (password resets, payment confirmations)
  • Send service announcements (downtime, new features)
  • Provide customer support
  • Send marketing emails (only with your consent - you can unsubscribe)

Ensure Security:

  • Detect and prevent fraud
  • Monitor for Terms of Service violations
  • Protect against security threats
  • Maintain system integrity

4. How We Share Your Information

We do NOT sell your personal data to anyone.

4.1 Third-Party Service Providers

We share data with trusted service providers who help us operate MyTradeMate:

Stripe (Payment Processing):

  • What we share: Payment amount, currency, customer email
  • What they collect: Payment method details, billing address
  • Their privacy policy: https://stripe.com/gb/privacy
  • Location: USA (adequate safeguards via Standard Contractual Clauses)
  • Purpose: Process subscription payments and payouts

Resend (Email Delivery):

  • What we share: Recipient email, sender name, email content
  • Purpose: Deliver quote/invoice emails to your clients
  • Their privacy policy: https://resend.com/legal/privacy-policy
  • Location: USA (adequate safeguards via Standard Contractual Clauses)

Twilio (SMS Delivery):

  • What we share: Recipient phone number, SMS content
  • Purpose: Send appointment reminders and notifications
  • Their privacy policy: https://www.twilio.com/legal/privacy
  • Location: USA (adequate safeguards via Standard Contractual Clauses)

Vercel (Hosting Infrastructure):

  • What we share: All data stored in the Service
  • Purpose: Host and run the MyTradeMate application
  • Their privacy policy: https://vercel.com/legal/privacy-policy
  • Location: Distributed (EU and USA regions)

4.2 Legal Requirements

We may disclose your information if required to:

  • Comply with legal obligations (court orders, subpoenas)
  • Enforce our Terms of Service
  • Protect our rights, property, or safety
  • Prevent fraud or illegal activity
  • Respond to government requests

4.3 Business Transfers

If we are acquired or merged with another company:

  • Your data may be transferred to the new owner
  • You will be notified before any transfer
  • The new owner must honor this Privacy Policy

5. Payment Information and Stripe

We use Stripe for payment processing. We do NOT store your credit card details on our servers.

What Stripe Collects:

  • Payment method details (card number, expiry, CVV)
  • Billing address
  • Name on card

What We Store:

  • Stripe Customer ID (reference number only)
  • Last 4 digits of card
  • Card brand (Visa, Mastercard, etc.)
  • Subscription status and billing history

PCI Compliance: Stripe is PCI DSS Level 1 certified (highest security standard).

Stripe's Privacy Policy: https://stripe.com/gb/privacy

6. Cookies and Tracking Technologies

6.1 What Are Cookies?

Cookies are small text files stored on your device that help websites remember information about your visit.

6.2 Types of Cookies We Use

Essential Cookies (Required - cannot be disabled):

  • Session cookie: Keeps you logged in
  • Security cookie: Prevents CSRF attacks
  • These cookies are necessary for the Service to function

Functional Cookies (Can be disabled):

  • Preference cookies: Remember your settings (theme, language)
  • These improve your experience but are not essential

Analytics Cookies (Can be disabled):

  • Google Analytics: Tracks page views, session duration, user flow
  • Purpose: Understand how users interact with TradeMate
  • Data is anonymized before sending to Google

Performance Cookies (Can be disabled):

  • Track loading times and errors
  • Help us identify and fix performance issues

6.3 Managing Cookies

You can manage cookies through:

  • Cookie Consent Banner: Choose which cookies to accept when you first visit
  • Settings Page: Update cookie preferences anytime at /settings/privacy
  • Browser Settings: Block or delete cookies (may affect functionality)

6.4 Do Not Track

We respect Do Not Track (DNT) browser settings. If DNT is enabled, we will not use analytics cookies.

7. Data Security

We take security seriously and implement industry-standard measures:

7.1 Technical Measures

  • Encryption: All data transmitted via HTTPS/TLS
  • Password Security: Passwords hashed using bcrypt (industry standard)
  • Database Security: Encrypted at rest, access controls, regular backups
  • Session Management: Secure JWT tokens, automatic expiry
  • Access Controls: Role-based permissions, principle of least privilege

7.2 Organizational Measures

  • Employee Training: Staff trained on data protection
  • Access Restrictions: Only authorized personnel can access data
  • Regular Audits: Security reviews and vulnerability scans
  • Incident Response: Documented breach response procedures

7.3 Your Responsibility

You must:

  • Keep your password secure and confidential
  • Use a strong, unique password
  • Log out when using shared devices
  • Notify us immediately if you suspect unauthorized access

7.4 Data Breaches

If a breach occurs that poses a high risk to your rights:

  • We will notify you within 72 hours
  • We will notify the ICO (UK data regulator)
  • We will explain what happened and what steps we're taking

8. Data Retention

8.1 How Long We Keep Your Data

Active Accounts:

  • Account data: Retained while account is active
  • Business data: Retained while account is active
  • Login logs: Retained for 12 months

Cancelled Accounts:

  • Account and business data: Deleted 30 days after cancellation
  • Financial records: Retained for 7 years (HMRC requirement)
  • Anonymized analytics: Retained indefinitely

Backups:

  • Backups retained for 30 days, then automatically deleted
  • If you request deletion, we cannot remove data from backups, but it will be automatically deleted within 30 days

8.2 Why We Retain Data

  • Financial Records: Legal requirement to keep for 7 years for tax purposes
  • Fraud Prevention: Retain information about banned accounts to prevent re-registration
  • Legal Defense: May need to retain data to defend against legal claims

9. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

9.1 Right to Access

You can request a copy of all personal data we hold about you.

How to Exercise:

  • Log into TradeMate → Settings → Privacy → Download My Data
  • Or email privacy@mytrademate.co.uk with subject "Data Access Request"
  • We will respond within 30 days with a complete export

9.2 Right to Rectification

You can correct inaccurate or incomplete data.

How to Exercise:

9.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data.

How to Exercise:

  • Log into TradeMate → Settings → Account → Delete Account
  • Or email privacy@mytrademate.co.uk with subject "Data Deletion Request"
  • We will delete your data within 30 days (except financial records required by law)

Exceptions: We may retain data if required to:

  • Comply with legal obligations (7-year financial records)
  • Establish, exercise, or defend legal claims
  • Prevent fraud

9.4 Right to Restrict Processing

You can request we stop processing your data (but not delete it).

How to Exercise: Email privacy@mytrademate.co.uk with specific restrictions requested

9.5 Right to Data Portability

You can receive your data in a machine-readable format to transfer to another service.

How to Exercise:

  • Log into TradeMate → Settings → Privacy → Download My Data
  • Data provided in JSON and CSV formats

9.6 Right to Object

You can object to processing based on legitimate interests or for marketing.

How to Exercise:

9.7 Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects.

9.8 How to Exercise Your Rights

Response Time: We will respond to all requests within 30 days (may be extended to 60 days for complex requests).

Free of Charge: Requests are free unless manifestly unfounded or excessive.

Verification: We may ask for ID verification to ensure we don't disclose data to the wrong person.

Contact: Email privacy@mytrademate.co.uk for any data protection requests.

10. Children's Privacy

MyTradeMate is a business service intended for users aged 18+. We do not knowingly collect data from children under 18.

If we discover we've collected data from someone under 18, we will delete it immediately.

11. International Data Transfers

11.1 Where Your Data Is Stored

  • Primary database: EU-West (London)
  • Backup location: EU-West (London)

11.2 Transfers Outside the UK

Some service providers are located outside the UK (primarily USA):

  • Stripe (payment processing)
  • Resend (email delivery)
  • Twilio (SMS delivery)

Safeguards: We use Standard Contractual Clauses (SCCs) approved by the UK ICO to ensure your data is protected when transferred.

12. Changes to This Privacy Policy

12.1 Updates

We may update this Privacy Policy to reflect:

  • Changes in laws or regulations
  • New features or services
  • Feedback from users or regulators

12.2 Notification

We will notify you of significant changes:

  • By email to your registered address
  • Via in-app notification
  • By updating the "Last Updated" date at the top

Your Continued Use: Using MyTradeMate after changes constitutes acceptance.

Your Right to Object: If you disagree, you may delete your account.

13. Contact Us

13.1 Data Protection Questions

For privacy questions or to exercise your rights:

Email: privacy@mytrademate.co.uk
Post: JMC Software Solutions Ltd

13.2 Complaints

You have the right to lodge a complaint with the UK data protection regulator:

Information Commissioner's Office (ICO)
Website: https://ico.org.uk/make-a-complaint/
Phone: 0303 123 1113
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We encourage you to contact us first so we can try to resolve any concerns.

Last Updated: January 15, 2025

Version: 1.0