Home How it works Browse
Log in Register
← Go back

# Build.Staines — Privacy Policy

Last updated: 9 May 2026

---

## 1. Who we are

Build.Staines is a construction marketplace platform operated by James Staines, trading as Build.Staines, based in Thetford, England. The platform operates at staines.build. References to "Build.Staines" and "staines.build" refer to the same platform.

Our platform connects clients with verified trade professionals in the United Kingdom.

For the purposes of UK data protection law, Build.Staines is the data controller for personal data collected through this platform.

Contact: legal@staines.build

---

## 2. What data we collect

### 2.1 Clients

- Name and email address
- Home postcode
- Job scope details including project title, description, category, tasks, and budget
- Portal session data and login history
- Payment data (processed by Stripe — we do not store card details)
- Audit event records of actions taken on the platform

### 2.2 Trades

- Name, business name, and email address
- Full business address including postcode
- Trade category and trade type
- Professional documents (Public Liability certificates and other UK construction documents)
- Profile assets: logo, profile photo, and hero image
- Before and after job evidence photos
- Portal session data and login history
- Payment data (processed by Stripe — we do not store card details)
- Audit event records of actions taken on the platform

### 2.3 Data generated by platform use

- Job scope records and their status history
- Marketplace introduction records
- Credit and token balances and transaction history
- Document verification status
- Communications and notes between platform participants

---

## 3. How we use your data

We use personal data for the following purposes:

- To operate the platform and match trades to client jobs
- To verify trade identity and professional credentials
- To send transactional emails including login codes, notifications, and account updates
- To display trade profiles on the public marketplace
- To process payments via Stripe
- To maintain an audit trail of platform activity for security and dispute resolution
- To administer credits, tokens, scope unlocks, and marketplace introductions
- To comply with our legal obligations

---

## 4. Legal basis for processing

Under UK GDPR, we rely on the following legal bases:

- **Contract performance** — to provide the services you have signed up for
- **Legitimate interests** — to operate and improve the platform, prevent fraud, and maintain security
- **Legal obligation** — where processing is required to comply with applicable law

---

## 5. Who we share your data with

We use the following third-party data processors to operate the platform. Each is bound by a data processing agreement and processes data only on our instruction.

### Railway (hosting)

Our application and server infrastructure is hosted on Railway. Your data is stored on servers within Railway's infrastructure.

Privacy policy: railway.app/legal/privacy

### Neon (database)

Your personal data and platform records are stored in a PostgreSQL database hosted by Neon.

Privacy policy: neon.tech/privacy

### Stripe (payments)

Payment processing is handled by Stripe. When you make a purchase on the platform, your payment data is processed by Stripe. We do not store card details.

Privacy policy: stripe.com/gb/privacy

### Postmark (email)

Transactional emails are sent via Postmark. Your email address and the content of transactional notifications are processed by Postmark.

Privacy policy: postmarkapp.com/privacy-policy

### Cloudinary (media)

Profile photos, logos, hero images, and job evidence photos are stored and served via Cloudinary.

Privacy policy: cloudinary.com/privacy

### Amazon Web Services — S3 (backups)

Encrypted database backups are stored in AWS S3. Backup data is stored in the EU (Stockholm) region. Backups are used solely for disaster recovery purposes.

Privacy policy: aws.amazon.com/privacy

### OpenAI (AI processing)

When you create a job scope, the project details you provide are processed by OpenAI to generate a structured scope description. We do not send any contact details or personally identifying information to OpenAI.

Privacy policy: openai.com/policies/privacy-policy

We do not sell your personal data to third parties. We do not use your data for advertising purposes.

---

## 6. Public marketplace listings

Trade profiles on the Build.Staines marketplace are publicly visible. This includes your business name, trade categories, profile photo, logo, hero image, and completed job evidence photos. Your personal email address, home address, and phone number are never displayed publicly.

Client job scopes are visible to matched trades only. Client identity is not disclosed to trades until both parties have agreed to proceed.

---

## 7. Data retention

We retain your personal data for as long as your account is active. If you request deletion of your account, we will delete or anonymise your personal data within 90 days of the deletion request, except where we are required to retain it for legal or regulatory purposes.

Audit event records may be retained for longer where required for dispute resolution or legal compliance.

---

## 8. Your rights under UK GDPR

You have the following rights in relation to your personal data:

- **Right of access** — you can request a copy of the personal data we hold about you
- **Right to rectification** — you can ask us to correct inaccurate or incomplete data
- **Right to erasure** — you can ask us to delete your personal data in certain circumstances
- **Right to restriction of processing** — you can ask us to limit how we use your data
- **Right to data portability** — you can ask for your data in a portable format
- **Right to object** — you can object to processing based on legitimate interests

To exercise any of these rights, contact us at legal@staines.build. We will respond within one month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe we have not handled your data correctly.

---

## 9. Cookies and sessions

The Build.Staines portal uses server-side sessions to keep you logged in. A session cookie is stored in your browser for this purpose. We do not use advertising cookies or third-party tracking cookies.

---

## 10. Security

We take reasonable technical and organisational measures to protect your personal data, including encrypted connections (HTTPS), rate limiting on authentication endpoints, and access controls on administrative functions.

No method of transmission over the internet is completely secure. If you have concerns about the security of your data, please contact us at legal@staines.build.

---

## 11. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the date at the top of this page. Continued use of the platform after changes are posted constitutes acceptance of the updated policy.

---

## 12. Contact

Build.Staines
Thetford, England
legal@staines.build
staines.build