Privacy Policy
Last updated: 28 May 2026
1. Who We Are
TYDFY LTD (“we”, “us”, “our”) is the data controller for personal data collected through this platform. We operate a managed two-sided residential cleaning marketplace connecting customers with vetted cleaning professionals in the UK.
TYDFY LTD is a company registered in England and Wales, company number 17269761. Registered office: 128 City Road, London EC1V 2NX, United Kingdom. ICO registration number: ZC171837.
If you have any privacy questions, please contact us at privacy@tydfy.co.uk.
2. What Data We Collect
| Data Category | Examples | Who it applies to |
|---|---|---|
| Identity data | Name, email address | All users |
| Contact data | Phone number (encrypted at rest) | All users |
| Address data | Service address, postcode (address encrypted; postcode plain text) | Customers |
| Financial data | Payment amounts, booking totals (processed by Stripe; amounts retained) | All users |
| Bank details | Account number, sort code (encrypted at rest; used for payout) | Cleaners |
| Identity documents | DBS certificate, photo ID, right to work, proof of address | Cleaners |
| Usage data | Booking history, availability settings, quality scores | All users |
3. Lawful Basis for Processing
- Contract performance (UK GDPR Article 6(1)(b)): We process your name, email, phone, address, and payment details to deliver the cleaning service you have booked.
- Legitimate interests (UK GDPR Article 6(1)(f)): We process usage data and quality scores to operate the platform safely, match cleaners to bookings, and detect fraud.
- Legal obligation (UK GDPR Article 6(1)(c)): We retain financial transaction records for 7 years under the Taxes Management Act 1970 (HMRC requirement).
- Consent (UK GDPR Article 6(1)(a)): We obtain explicit consent from cleaners at registration for processing their identity documents and bank account details.
4. Data Retention
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| Financial records (booking amounts, payments) | 7 years from the transaction date | Taxes Management Act 1970 (HMRC legal obligation) |
| DBS certificate data | Maximum 6 months — certificate content deleted; reference number retained | DBS Code of Practice |
| Identity documents (photo ID, right to work) | Active account + 12 months after account closure | Contract performance + legitimate interests |
| Account and profile data | Active account + 12 months after closure or erasure request approval | Contract performance |
| Audit logs | 7 years (immutable — required for regulatory accountability) | Legal obligation + legitimate interests |
5. Third-Party Data Processors
- Stripe Inc. — Payment processing. Card data is processed entirely by Stripe and never touches our servers. Stripe is PCI-DSS compliant. Stripe Privacy Policy.
- SendGrid (Twilio Inc.) — Transactional email delivery (booking confirmations, notifications). Emails are processed in the EU. SendGrid Privacy Policy.
- Microsoft Azure (UK South) — Cloud infrastructure. Identity documents are stored in Azure Blob Storage (UK South region only). Data does not leave the UK. Microsoft Privacy Statement.
6. Your Rights Under UK GDPR
- Right of Access (Article 15): Request a copy of all personal data we hold about you.
- Right to Erasure (Article 17): Request deletion of your personal data, subject to legal hold obligations.
- Right to Restriction (Article 18): Request that we restrict processing of your data in certain circumstances.
- Right to Portability (Article 20): Receive your data in a structured, machine-readable format.
- Right to Object (Article 21): Object to processing based on legitimate interests.
7. Exercising Your Rights
To exercise any of the above rights:
- Authenticated users: Visit My Profile & Data Rights in your dashboard to export your data or submit an erasure request.
- Privacy complaints: Submit a complaint at /privacy/complaint. We will acknowledge your complaint within 30 calendar days (DUAA s.164A requirement).
- Email: Contact us at privacy@tydfy.co.uk. We will respond within 30 days.
8. Complaints to the ICO
If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
ICO helpline: 0303 123 1113 (Monday to Friday, 9am to 4:30pm).