Privacy & trust, in plain sight

§1 · How your data is used

When you submit a job request to Tradelynx, the data you provide is used to match you with a suitable local trader and keep your conversation with them in one place. We don't sell your contact details, we don't hand them to lead-broker resellers, and we don't publish them on a directory. (Your property's maintenance record is different — if you build a HomeLynx Property Passport, you can choose to share property data with estate agents, insurers, and lenders, and they may use it in their own decisions. Section 3 below explains exactly how that works.)

What you give us at intake:

• Your name, email, and phone
• The job description, postcode, and any photos you upload
• Your preferred timing

What we do with it:

• Match you with one local trader at a time. We send the job to a trader who covers your area and trade. If they don't accept, the request moves on to the next trader. You aren't broadcast to a directory.
• Strip metadata from photos. Images are re-encoded server-side. GPS coordinates, camera serial numbers, or capture timestamps embedded in the file metadata are removed before a trader sees the photo.
• Keep your messages on Tradelynx. Conversations between you and the trader stay inside the platform thread until the trader accepts the job. After acceptance, contact details may be shared so they can arrange the visit.

What we don't do:

• We don't sell your contact details or use them for anyone else's marketing.
• We don't share your phone or email with traders before they accept the job.
• We don't use your data to train AI models. The AI we use (Anthropic Claude, OpenAI) processes inputs to perform a specific task — for example, scanning a trader's credential card — and the inputs aren't retained for training by those vendors on the API tier we use.

§2 · Who sees what

Different parties see different parts of your data, by design.

• You see all of your own data — leads, jobs, messages, notifications, your profile.
• A trader being offered the job (before they accept) sees: the trade, your postcode area (not the full address), the job summary, urgency, and any photos you uploaded (with metadata stripped). They do not see your name, email, or phone.
• The trader who accepts the job additionally sees the full address and can message you through the platform thread. Phone calls, when used, may be routed via a masked number so your personal number isn't shared.
• Other traders on Tradelynx see no part of your job. The offered/accepted distinction is enforced both at the application layer and via row-level database security.
• Admin (the founder) can see all data for support, fraud review, and compliance. Every admin action is logged to an immutable audit trail.

For the technical detail of which database tables hold which fields and which roles can read or write each one, see the Data Access Matrix (maintained alongside the codebase under ISO 27001:2022 Annex A.5.15 / A.8.3).

§3 · HomeLynx Property Passport sharing

The Property Passport turns your maintenance history into something you can show people — and "show people" is the point, so we want to be straight about it. If you use the passport's sharing features, property data leaves Tradelynx and goes to professional organisations who pay for our enterprise products, and they can take it into account in their own decisions.

• Estate agents can see the work-history events you've individually chosen to share (what kind of work, when, and how it was verified — no prices, no trader names), plus condition reports an agent prepares about a property. Useful when you're selling: a documented maintenance record supports the asking price.
• Insurers see nothing unless you accept their connection invitation. If you accept, they see an anonymised maintenance history for the property. Insurers may use it when making decisions about your policy — cover, pricing, and renewal terms. You can disconnect at any time.
• Mortgage lenders monitoring a property receive periodic condition summaries (how many incident or condition events, and how serious) and can view property-level facts like EPC band, compliance status, and valuation records. Lenders may use this in lending decisions and how they assess the property's value. Monitoring works on an opt-out basis — you can unsubscribe a property from a lender's monitoring and redact past summaries.
• Share codes: if you generate a passport share code, anyone you give the code and postcode to sees the passport summary you've enabled — so only share it with people you want looking.

What's never in any of these views: your name, email, phone, your messages, traders' identities, or exact amounts paid (work values appear as broad bands). Every enterprise read of your passport data is logged.

The honest framing: a well-kept passport will usually work for you — but once you share property data with an agent, insurer, or lender, how they weigh it is their decision, not ours. If you'd rather they saw nothing, don't enable sharing: it's off until you act, except lender monitoring, which you can switch off per property.

§4 · How jobs are routed to traders

Tradelynx is not a directory. You don't pick from a list and hope for callbacks. We send your job to one trader at a time, in a deliberate order:

• Trade fit. The trader covers the trade you've asked for (plumbing, electrical, etc.) and the specific job type if given.
• Geography. Their working radius covers your postcode area.
• Availability. They're currently accepting jobs and haven't paused or hit their daily cap.
• Standing. Verified status, completion history, and account health are taken into account.

The trader has a window to respond. If they don't accept, the job moves to the next eligible trader. You see one accepted match, not five competing quotes.

§5 · What 'verified' means

Every trader on Tradelynx completes identity verification through DiDit (a regulated identity-verification provider) — a biometric liveness check plus an ID document check. We also confirm a UK address and verify their phone number.

During admission, traders submit insurance documents and any trade credentials they hold (Gas Safe, NICEIC, OFTEC, etc.). These are kept on file and AI-scanned for type and expiry. They are not independently re-verified against the issuing scheme on a live basis.

What this means in practice:

• Identity is verified. The person you're messaging is the person who passed the DiDit check at admission.
• Documentation is on file. Insurance and trade-credential documents are submitted, but Tradelynx doesn't guarantee that an insurance policy is currently active or that a Gas Safe number is currently registered.
• For regulated work, please verify directly. If the job is gas, electrical, asbestos, or another regulated trade, we recommend you confirm the trader's current scheme registration with the relevant body (Gas Safe Register, NICEIC, etc.) before work begins.

The longer technical disclaimer is on the Verification Explained page; the legal version is in the Terms of Service.

§6 · Your rights and self-service controls

Under UK GDPR you have the right to access, correct, and delete the data we hold about you. We've built self-service tools for the most common requests:

• Download your data (Article 15 right of access). Sign in to your account and call POST /api/customer/account/export — you'll receive a JSON file with every record we hold about you, scoped to your authenticated user.
• Delete your account (Article 17 right to erasure). Sign in and call POST /api/customer/account/delete with { "confirm": true }. Your auth account is removed immediately. Any leads you submitted are anonymised in place (your name and contact removed; the trader's job-history record stays intact).
• File a formal data-subject request. Use POST /api/customer/account/dsar to file an access, correction, restriction, or objection request. We respond within 30 days.
• Email us directly at privacy@tradelynx.co.uk for any of the above if you prefer not to use the in-app tools.

Some data is preserved by law even after a deletion request: payment records (HMRC requires us to keep them for six years), anonymised job records (so the trader's work history remains intact), and immutable audit logs (a security control). The full retention table is in the Data Retention Schedule.

§7 · Security and where data lives

A short summary of the technical controls. The full picture is in our ISMS (ISO 27001:2022) and AIMS (ISO 42001:2023) documentation, available on request.

• Hosted in the EU/UK. Database (Supabase) and application hosting (Vercel) are in EU regions. Data does not transit outside the UK or EU for storage.
• TLS 1.2+ in transit, AES-256-GCM at rest for sensitive fields (encrypted access codes, key safe contents).
• Row-level security on every database table that holds personal data. Authenticated users can only read rows linked to their identity.
• No card data on Tradelynx infrastructure. Payments use Stripe Elements; we never see your card number. PCI scope: SAQ A.
• Approved third parties only. Supabase (database, auth), Vercel (hosting), Stripe (payments), Resend (email), Telnyx (telephony), DiDit (identity), Anthropic and OpenAI (AI), Sentry (error monitoring), Google Analytics 4 (anonymised traffic). No other vendor receives your data without explicit review.

§8 · Contact

Questions about how we use your data, or want to report a concern? Email privacy@tradelynx.co.uk.

You also have the right to complain to the UK Information Commissioner's Office (ICO).