Privacy Policy

Trade Booking · last updated 3 June 2026

This policy explains how Trade Booking ("we", "us", "the service") handles personal data across its products — the Diary (online bookings & workshop diary) and Accounts (invoicing & bookkeeping) — whether you use one product or both under a single Trade Booking account.

This is a plain-English template provided to get you started. It is not legal advice — please have it reviewed for your business before relying on it commercially.

Who controls your data

When a business signs up to Trade Booking, that business is the data controller for its own customers' information. Trade Booking acts as a data processor, storing and processing that information on the business's behalf to deliver the service. Trade Booking is the controller for your own account/login details.

One account, both products

A single Trade Booking account can give you access to the Diary, Accounts, or both. We keep a shared sign-in (your email, name and a securely hashed password) and a record of which products your account uses, so you can move between them and add products without signing up again. Your business records in each product are kept against your account.

What we store

Account & sign-in: business name, your name, email, password (only ever as a secure hash), and which products you use.
Diary records: bookings, ramps/bays, staff, services, vehicles, customers, reminders and booking messages.
Accounts records: invoices, quotes, jobs, expenses, mileage, customers, vehicles and VAT figures.
Customer contact details you add (name, email, phone) to send invoices, statements, quotes or booking messages on your behalf.
Uploaded files such as logos and receipt images.
Payment connection data if you enable online payments (see below).

Taking payments (Stripe & GoCardless)

If you switch on online payments, you connect your own Stripe and/or GoCardless account. Your customers' card and bank details are handled directly by those regulated providers — we never see or store full card or bank numbers. We store only the connection reference needed to create payments on your behalf and to mark invoices paid. Money is paid into your own account.

Sub-processors

We use a small set of trusted providers to run the service:

Cloudflare — hosting, database and file storage.
Stripe & GoCardless — payment processing (only if you enable payments).
Resend — sending emails (invoices, reminders, statements).
Twilio / ClickSend — sending SMS/WhatsApp messages (only if you enable them).
DVLA & HMRC — vehicle look-ups and Making Tax Digital VAT submissions (only when you use those features).

How long we keep it

We keep your data while your account is active. If you close your account we delete or anonymise personal data within a reasonable period, except where we must retain records to meet legal obligations (e.g. tax records). You can export or request deletion of your data at any time.

Your rights

Under UK GDPR you can access, correct, export or delete your personal data, and object to or restrict certain processing. To exercise these, contact us (below). You can also complain to the ICO (ico.org.uk).

Security

Passwords are stored only as salted hashes, data is encrypted in transit, and access tokens for connected services are encrypted at rest. No system is perfectly secure, but we take reasonable measures to protect your information.

Contact

Questions about this policy or your data: privacy@trade-booking.com.