Privacy Policy

Spanr is operated by Smart Designs Online Ltd, registered in England and Wales (Company No. 12345678). Our registered office is at 123 Tech Street, London, EC1A 1BB.

We are the data controller for all personal data collected through the Spanr platform. You can contact us at privacy@spanr.uk.

We collect the following categories of personal data:

• Account data: name, email address, phone number, and password (stored as a bcrypt hash).
• Business data: company name, VAT number, Gas Safe registration number, NICEIC number, and trade type.
• Job data: customer details, job descriptions, photos, notes, and certificate information you create within the platform.
• Financial data: invoice and quote information. Payment card details are handled directly by Stripe and never stored by Spanr.
• Usage data: IP address, browser type, pages visited, and feature usage — collected via server logs and analytics.
• Communications: emails and SMS messages sent through the platform on your behalf.

We process your data under the following legal bases (UK GDPR Article 6):

• Contract performance: to provide the Spanr service you have subscribed to.
• Legitimate interests: to improve our service, prevent fraud, and keep you informed about relevant updates.
• Legal obligation: to comply with HMRC, ICO, and other UK regulatory requirements.
• Consent: for marketing communications and non-essential cookies (you can withdraw consent at any time).

• Providing and improving the Spanr platform
• Sending transactional emails and SMS (job confirmations, invoices, reminders)
• Processing payments via Stripe
• Generating PDF certificates and documents
• Customer support and account management
• Legal compliance and fraud prevention
• Product analytics to improve the platform (aggregated, not sold)

We retain your account data for the duration of your subscription plus 7 years (UK accounting and legal obligations). Job and financial records are retained for 7 years from the date of the transaction. You can request deletion of your account at any time via Settings → Data & Privacy. We will delete your data within 30 days, subject to our legal retention obligations.

We share data only with trusted third-party processors:

• Stripe: payment processing
• Resend: transactional email delivery
• Twilio: SMS delivery
• Sentry: error monitoring (anonymised)
• Supabase: database infrastructure

All processors are contractually bound by data processing agreements. We do not sell your data. We never transfer data outside the UK/EEA without adequate safeguards.

You have the right to:

• Access the personal data we hold about you
• Rectify inaccurate data
• Erase your data (right to be forgotten)
• Restrict processing in certain circumstances
• Portability — receive your data in a machine-readable format
• Object to processing based on legitimate interests
• Withdraw consent at any time

To exercise any right, email privacy@spanr.uk. We will respond within 30 days. You also have the right to lodge a complaint with the ICO.

We use essential cookies to operate the platform (authentication tokens) and optional analytics cookies. See our Cookie Policy for full details.

We employ industry-standard security measures: TLS 1.3 encryption in transit, bcrypt password hashing, JWT token rotation, Redis-backed session management, and regular security reviews. In the event of a breach, we will notify affected users and the ICO within 72 hours as required by law.

Data Controller: Smart Designs Online Ltd
Email: privacy@spanr.uk
Post: 123 Tech Street, London, EC1A 1BB