Legal · Last updated 2 July 2026
Privacy Policy
This policy explains what personal data Storage Compass (operated as a sole trader in the United Kingdom) collects, why, and your rights under the UK GDPR and the Data Protection Act 2018.
1. Controller & contact
The data controller is the operator of Storage Compass (sole trader, United Kingdom). Contact: info@storagecompass.co.uk. For data-subject requests use our privacy request form.
2. Data we collect
- Account data: name, work email, password hash, organisation, role, plan tier.
- Billing data: handled by Paddle (our merchant of record). We receive limited billing metadata (invoice ID, plan, country, VAT status). We do not store card details.
- Usage data: pages viewed, searches, saved deals, credits consumed, IP address, device/browser, referrer.
- Submissions: facility claims, land listings, lead enquiries and any content you send us.
- Communications: support emails and in-app messages.
3. Lawful bases & purposes
- Contract — to provide the Service, process payments, and support you.
- Legitimate interests — to secure the Service, prevent fraud/abuse, improve features, and send service updates.
- Consent — for marketing emails, non-essential cookies/analytics. You can withdraw consent at any time.
- Legal obligation — accounting, tax, and responding to lawful requests.
4. Public register & open data
Our platform surfaces information from public sources (Companies House, local planning authorities, UK Police API, ONS, OpenStreetMap, operator websites). Where this contains personal data (e.g. director names, applicant names on planning records) we process it under legitimate interests for market intelligence purposes. You may request suppression of your personal details from displayed records — see “Your rights”.
5. Sharing & processors
We share data only with processors needed to run the Service, including: Supabase (database/auth hosting, EU region), Cloudflare (edge hosting), Paddle (payments & VAT), Resend/Postmark or equivalent (email delivery), Google Maps Platform (map tiles & imagery), analytics providers, and support tooling. Each is bound by a data processing agreement. We do not sell personal data.
6. International transfers
Where data is transferred outside the UK/EEA, we rely on adequacy decisions or Standard Contractual Clauses with the UK Addendum.
7. Retention
Account data: for the life of your account plus up to 24 months. Billing records: 7 years (statutory). Usage logs: up to 24 months. Submissions (claims, listings, leads): retained while relevant to the Service. You can request earlier deletion (subject to legal holds).
8. Security
Encryption in transit (TLS) and at rest, role-based access, row-level security in the database, least-privilege service keys, audit logging, and regular dependency scanning. No system is 100% secure; you use the Service at your own risk.
9. Your rights
Under UK GDPR you have the right to: access, rectify, erase, restrict or object to processing, portability, and to withdraw consent. Email info@storagecompass.co.uk. You may also complain to the UK Information Commissioner (ICO) at ico.org.uk.
10. Cookies
We use essential cookies for authentication and security. Non-essential analytics cookies are set only with consent. See our disclaimer & cookie notice.
11. Changes
We may update this policy from time to time. Material changes will be notified in-app or by email.