Privacy Policy

2. What Data We Collect

We collect the following categories of personal data:

Information you provide directly

• Identity data: your first name and last name
• Contact data: email address, phone number, and postal address (including postcode)
• Booking data: service type, preferred date and time, property details (number of bedrooms, bathrooms, access instructions)
• Payment data: we do not store your full card number. Payment card details are processed directly by Stripe. We store only a transaction reference, the last four digits of your card, and payment status.
• Direct Debit data: bank account holder name and sort code/account number, processed via GoCardless. We store only a GoCardless mandate reference.
• Communications: any messages you send us via the contact form or by email

Information collected automatically

• Technical data: IP address, browser type and version, pages visited, time and date of visits (via Vercel analytics)
• Account data: login timestamps and session identifiers

3. How We Use Your Data

We use your personal data for the following purposes, and only where we have a lawful basis to do so:

We will never sell your personal data to third parties, and we will not use it for any purpose incompatible with those listed above.

4. Who We Share Your Data With

We share your data only where necessary and only with trusted third-party processors who are contractually required to handle your data securely and in accordance with UK GDPR.

• Stripe (Stripe Payments Europe, Ltd.) — processes card payments on our behalf. Stripe is PCI-DSS Level 1 certified. Privacy policy: stripe.com/gb/privacy
• GoCardless (GoCardless Ltd.) — processes Direct Debit mandates and payments. GoCardless is FCA-authorised. Privacy policy: gocardless.com/privacy
• SendGrid (Twilio SendGrid) — sends transactional and notification emails on our behalf. Privacy policy: twilio.com/en-us/legal/privacy
• Twilio — sends SMS booking reminders and notifications. Your phone number is transmitted to Twilio for this purpose only.
• Neon (database hosting) — stores your data in secure, encrypted PostgreSQL databases hosted within the EU/UK.
• Vercel — hosts this website. Vercel processes server request logs including IP addresses.
• Our contractors — we share your first name, address (for the appointment), and any access instructions with the contractor assigned to your booking. We do not share payment details with contractors.

We do not transfer your personal data outside of the UK or European Economic Area (EEA) except where processors have appropriate safeguards in place (such as Standard Contractual Clauses or UK adequacy decisions).

5. Data Retention

We keep your personal data only for as long as necessary for the purposes it was collected, and to comply with our legal obligations:

• Booking and financial records (invoices, payment records): retained for 6 years from the date of the transaction, as required by HMRC for tax purposes.
• Account data: retained for as long as your account is active, plus 12 months after your last booking. You can request deletion at any time (subject to our legal obligations above).
• Marketing consent records: retained until you withdraw consent.
• Contact form messages: retained for 12 months, then deleted.
• Website logs: retained for 30 days by Vercel.

When data is no longer required, we securely delete or anonymise it.

6. Your Rights

Under UK GDPR, you have the following rights regarding your personal data. You can exercise any of these rights by emailing viberprocleaning@gmail.com. We will respond within 30 days.

• Right of access — you can request a copy of all personal data we hold about you (a Subject Access Request).
• Right to rectification — you can ask us to correct inaccurate or incomplete data. You can also update most information directly in your account settings.
• Right to erasure ("right to be forgotten") — you can ask us to delete your personal data. Note that we may be required to retain certain records for legal reasons (e.g. financial records for 6 years).
• Right to data portability — you can request a copy of your data in a structured, machine-readable format (JSON or CSV).
• Right to restrict processing — you can ask us to stop processing your data in certain circumstances, for example while a complaint is being investigated.
• Right to object — you can object to processing based on our legitimate interests, or to direct marketing at any time.
• Right to withdraw consent — where processing is based on consent (e.g. marketing emails), you can withdraw consent at any time by clicking "unsubscribe" or contacting us.

7. Cookies

We use essential cookies to keep you logged in during your session. We do not use third-party advertising cookies or tracking cookies. If we introduce analytics cookies in future, we will update this policy and request your consent.

8. Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include:

• Encryption of data in transit (HTTPS/TLS)
• Encryption of data at rest in our database
• Hashed and salted passwords (we never store plain-text passwords)
• Access controls — staff access only the data they need to do their job

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform you without undue delay.

9. Changes to This Policy

We may update this policy from time to time. When we make material changes, we will notify you by email or by displaying a notice on our website. The "last updated" date at the top of this page will always reflect the current version.

10. Contact Us

For any questions, data requests, or concerns about this privacy policy, please contact:

If you are unhappy with our response, you have the right to complain to the Information Commissioner's Office (ICO):