TradeOff ("we", "us", "our") operates the TradeOff mobile application (the "App"). This policy explains how we collect, use, and protect your personal data when you use the App.
We are based in the United Kingdom and process data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Data We Collect
Account information
- Full name and email address (required to create an account)
- Password (hashed; we never store or see your plaintext password)
- Two-factor authentication enrolment status and recovery codes
Profile information
- Profile photo (compressed and resized on your device before upload)
- Bio / about text (up to 200 characters)
- Skills and interests you select
- Location (city/area, entered manually or detected via GPS with your permission)
- Service area radius (1-50+ miles)
Activity data
- Services you list, trade proposals, and completed trades
- Messages you send and receive
- Ratings and reviews you leave or receive
- Notification preferences
- Online status and last-seen timestamp
Device and technical data
- Device platform (iOS or Android) and OS version
- App version
- Push notification token (for delivering notifications via Firebase Cloud Messaging)
2. Data We Do Not Collect
- We do not use analytics or tracking SDKs
- We do not serve advertisements or share data with ad networks
- We do not collect contacts, call logs, or browsing history
- We do not use cookies (the App uses token-based authentication)
3. How We Use Your Data
- Provide the service: creating your account, displaying your profile, enabling trades and messaging
- Notifications: sending push notifications about trades, messages, and reviews (you control which types you receive)
- Safety and moderation: investigating disputes, enforcing our terms, and preventing abuse
- Improving the App: fixing bugs and understanding how features are used (using aggregated, non-identifying data only)
4. Legal Basis for Processing
- Contract: processing necessary to provide the service you signed up for (account, trades, messaging)
- Legitimate interests: safety, security, and fraud prevention
- Consent: location access, push notifications, and optional profile fields (you can withdraw consent at any time)
5. Who We Share Data With
We do not sell your personal data. We share data only with:
- Other users: your public profile, listed services, ratings, and messages are visible to users you interact with. You control visibility of your email, location, and online status via privacy settings.
- Supabase (infrastructure provider): hosts our database, authentication, file storage, and real-time services. Data is stored in the EU/UK.
- Firebase Cloud Messaging (Google): delivers push notifications to your device. Only a device token is shared; message content is not sent through FCM.
6. Data Storage and Security
- Data is stored in Supabase-managed PostgreSQL databases with row-level security policies enforcing data isolation between users
- All data in transit is encrypted via TLS
- Passwords are hashed using bcrypt
- Two-factor authentication is available for additional account security
- Admin access is restricted to authorised personnel with 2FA enforced
7. Data Retention
We retain your data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where we are required by law to retain it (e.g. transaction records for tax or legal purposes).
Cached data on your device is cleared when you sign out.
8. Your Rights
Under UK GDPR, you have the right to:
- Access: request a copy of your personal data
- Rectification: correct inaccurate data (you can edit your profile directly in the App)
- Erasure: request deletion of your account and data
- Restriction: ask us to limit how we process your data
- Portability: receive your data in a structured, machine-readable format
- Object: object to processing based on legitimate interests
- Withdraw consent: for location, notifications, or optional profile fields at any time via your device settings or the App
To exercise any of these rights, contact us at privacy@tradeoff.uk.
9. Children
The App is not intended for anyone under 18 years of age. We do not knowingly collect data from children. If we learn that we have collected personal data from a child, we will delete it promptly.
10. Changes to This Policy
We may update this policy from time to time. We will notify you of material changes via the App or by email. The "Effective date" at the top of this page indicates when the policy was last revised.
11. Contact
If you have questions about this policy or wish to exercise your data rights:
TradeOff
Email: privacy@tradeoff.uk
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).
TradeOff ("we", "us", "our") operates the TradeOff website at tradeoff.uk (the "Website"). This policy explains how we collect, use, and protect your personal data when you visit the Website.
We are based in the United Kingdom and process data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Data We Collect
Waitlist registration
When you sign up for early access, we collect:
- Your name
- Your email address
- The date and time of registration
- Your IP address (for security and abuse prevention)
What we do not collect
- We do not use cookies
- We do not use analytics or tracking scripts
- We do not serve advertisements
- We do not use third-party tracking pixels
2. How We Use Your Data
- Waitlist communication: to notify you when TradeOff launches or becomes available for early access
- Security: IP addresses are logged to prevent abuse and spam submissions
We will not use your email for marketing beyond launch-related updates. We will not share or sell your data to third parties.
3. Legal Basis for Processing
- Consent: you provide your information voluntarily by submitting the registration form
- Legitimate interests: IP logging for abuse prevention
4. Data Storage and Security
- Waitlist data is stored securely on our web server
- The data file is not publicly accessible
- All data in transit is encrypted via TLS (HTTPS)
- Access is restricted to authorised personnel only
5. Data Retention
We retain your waitlist data until the App launches and you have been notified, after which it will be deleted unless you create an App account. You can request removal from the waitlist at any time.
6. Your Rights
Under UK GDPR, you have the right to:
- Access: request a copy of the data we hold about you
- Erasure: request removal from the waitlist and deletion of your data
- Withdraw consent: at any time by contacting us
To exercise any of these rights, contact us at privacy@tradeoff.uk.
7. Children
The Website is not intended for anyone under 18 years of age. We do not knowingly collect data from children.
8. Changes to This Policy
We may update this policy from time to time. The "Effective date" at the top of this page indicates when it was last revised.
9. Contact
If you have questions about this policy or wish to exercise your data rights:
TradeOff
Email: privacy@tradeoff.uk
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).