Privacy Policy

1. Introduction

WasteFindr ("we", "our", "us") is committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform to find or list waste clearance services.

Data Controller: WasteFindr, contactable at hello@wastefindr.co.uk.

2. Lawful Basis for Processing

We process personal data under the following lawful bases:

Contract: To provide our platform services, manage subscriptions, and process business registrations
Legitimate interest: To improve the platform, detect fraud (including licence misuse scanning), and ensure security
Legal obligation: To retain invoices and waste transfer notes as required by law (up to 7 years)
Consent: For analytics cookies, functional cookies, and marketing communications — which you can withdraw at any time

3. Information We Collect

3.1 Personal Information

We may collect the following personal information:

Full name, email address, phone number, and postal address
Business details including company name, company number, VAT number, waste carrier registration number, service areas, and working hours
Payment and billing information (processed securely via Stripe)
Bank payout details (account name, sort code, account number) for Findr Elite members who enable online invoice payments
Profile photos, business logos, and cover images
Business verification documents: Public Liability Insurance certificate, Waste Carrier's Licence, Proof of Address, Photo ID (e.g. driving licence or passport), and Environmental Permit
Business type classification (Registered Company or Sole Trader)
Waste crime report details (reporter name, email, phone, incident descriptions, photos, vehicle details)
Customer lead information (name, phone, email, postcode, job details)
Business customer records (name, email, phone, address, postcode, notes)

3.2 Automatically Collected Information

When you access WasteFindr, we may automatically collect:

IP address and browser type
Device information and operating system (user agent string)
Pages visited, time spent, and navigation patterns
Session information including login timestamps, device identifiers, and last activity timestamps
Cookies and similar tracking technologies (see our Cookie Policy)

3.3 Security & Authentication Data

To protect your account, we collect and process:

Password hashes (stored for password history enforcement — we never store passwords in plain text)
Multi-factor authentication (MFA) enrolment status and method (TOTP or email code)
Active session records including device info and last activity timestamps
Password change timestamps (for 90-day expiry enforcement)

3.4 Fraud Detection Data

To protect consumers and maintain platform integrity, we collect and process data related to fraud detection, including:

Registration audit logs recording verification outcomes, name matches, and duplicate licence detection
Web scanning results that identify unauthorised use of waste carrier licence numbers on third-party websites
Cross-referencing of platform data against the Environment Agency register for re-verification

4. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve the WasteFindr platform
Connect customers with licensed waste clearance businesses
Process business registrations and verify waste carrier credentials against the Environment Agency register
Send quotes, invoices, and waste transfer notes via email
Facilitate reviews and ratings between users and businesses
Send service-related communications, notifications, and trial reminders
Manage subscription billing, free trials, and document usage caps
Process online invoice payments for Findr Elite businesses via Stripe
Enforce security policies including password expiry, MFA requirements, and concurrent session limits
Detect and prevent fraud, abuse, or misuse of the platform — including scanning for unauthorised use of waste carrier licence numbers
Process and investigate waste crime reports submitted to the platform
Provide compliance intelligence to local authorities with platform accounts

5. Cookie Consent & Preferences

When you first visit WasteFindr, you are presented with a cookie consent banner that allows you to accept or reject non-essential cookies. You may choose to:

Accept All: Enable essential, analytics, and functional cookies
Essential Only: Restrict to cookies necessary for the platform to function
Manage Preferences: Individually toggle analytics and functional cookies

Your cookie preferences are stored locally on your device. The consent banner appears once per browser session if no choice has been made. You can change your preferences at any time by clearing your browser cookies and revisiting the site. For full details, see our Cookie Policy.

6. Email Communications & Unsubscribe

WasteFindr sends the following types of email communications:

Transactional emails: Account verification, password resets, and security notifications — these cannot be unsubscribed from
Service notifications: Lead alerts, quote/invoice notifications, document emails, trial reminders, team invitations, and business status updates
Marketing emails: From time to time, we may send you promotional emails about new features, platform updates, tips, offers, or other information we think may be of interest to you. Marketing emails are only sent where you have given your consent (opt-in) during registration or via your account settings

All notification and marketing emails are sent from our verified notify.wastefindr.co.uk subdomain and include a one-click unsubscribe link. You can opt out of marketing or notification emails at any time by:

Clicking the unsubscribe link in any marketing or notification email
Updating your preferences in Dashboard → Settings

Unsubscribed email addresses are recorded in our suppression list and will not receive further marketing or notification emails. Important account-related emails (e.g. password resets, invoice receipts) will still be sent as these are necessary for the performance of our contract with you.

7. Information Sharing

We may share your information with:

Listed businesses: When you request a quote or contact a business, your name, contact details, and job description are shared with that business
Local authorities: Waste crime reports and compliance intelligence may be shared with relevant local authority officers who have accounts on the platform
Team members: Business owners on Findr Elite plans can invite team members who may access business data
Service providers: Third-party providers who assist with email delivery, hosting, payment processing (Stripe), and fraud detection
Legal requirements: When required by law, regulation, or legal process

We do not sell your personal information to third parties. Full business addresses are used only for administrative and verification purposes — public business profiles display only the City/Town.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

Encryption in transit (HTTPS/TLS) and at rest
Row-level security (RLS) policies ensuring users can only access their own data
Mandatory password rotation every 90 days with password history enforcement (last 5 passwords)
Multi-factor authentication (MFA) requirement for team members on Findr Elite
Concurrent session detection and management (non-Elite business accounts limited to one active session)
Input sanitisation and HTML escaping in all outbound email templates
Rate limiting on public-facing endpoints
Sensitive business data (email, phone, address) restricted from public views
Email suppression lists to prevent sending to unsubscribed or bounced addresses

However, no method of electronic storage is 100% secure.

9. Data Retention

We retain your personal information according to the following schedule:

User accounts: For as long as your account is active. Upon account closure, data is archived for a mandatory 7-year retention period in compliance with legal and regulatory requirements, then permanently deleted
Archived business data: When a business account is closed, all associated records (profile, leads, quotes, invoices, waste transfer notes, team members, customers, documents, reviews) are archived as a single record and retained for 7 years before automatic deletion
Invoices & waste transfer notes: Retained for up to 7 years to comply with legal and regulatory requirements
Inactive sessions: Automatically cleaned up after 1 hour of inactivity
Consent records: Retained indefinitely for audit purposes
Waste crime reports: Retained for investigation purposes and shared with local authorities as needed
Registration audit logs: Retained for fraud detection and regulatory compliance
Email send logs: Retained for delivery tracking and debugging purposes

10. Your Rights (UK GDPR)

Under UK GDPR and the Data Protection Act 2018, you have the right to:

Access: Request a copy of all personal data we hold about you
Rectification: Correct inaccurate or incomplete data via your profile settings
Erasure: Request deletion of your account and associated data (subject to legal retention requirements — archived business data must be retained for 7 years)
Data portability: Download all your personal data as a readable text file. All users can access this from Profile → Account → Download My Data. Business owners can also use Dashboard → Settings → Download My Data
Object to processing: Object to processing based on legitimate interest
Restrict processing: Request restriction of processing in certain circumstances
Withdraw consent: Withdraw cookie or marketing consent at any time without affecting the lawfulness of prior processing. You can unsubscribe from notification emails via the link in any notification email

To exercise these rights, use the self-service tools in your Dashboard Settings or contact us at hello@wastefindr.co.uk. We will respond within 30 days.

11. Consent Logging

We maintain an auditable record of all consent actions. When you accept or change cookie preferences, or toggle marketing communications, we log the consent type, value, timestamp, IP address, and user agent. This log is accessible to you via the data export feature and to administrators for compliance auditing.

12. International Transfers

Your data is primarily processed and stored within secure infrastructure. Where data is transferred outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

13. Children's Privacy

WasteFindr is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of any material changes by posting the updated policy on this page with a revised "Last updated" date.

15. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

16. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at hello@wastefindr.co.uk.