Privacy Policy

Last updated: May 2026

1. Who We Are

SitePatrol ("we", "us", "our") operates the website sitepatrol.co.uk — a directory connecting buyers of site security services with security providers in the United Kingdom. We are the data controller for personal information collected through this website.

2. What Data We Collect

Buyer quote requests

When you submit a quote request, we collect your name, email address, company name, site location, and the service requirements you describe. This information is stored on our secure database and is provided to security providers who unlock the lead.

Provider accounts

When a security provider creates a listing, we collect company name, contact name, business email and phone, company description, service areas, accreditations claimed (SIA, NSI, ISO etc.), and the contact details displayed on the listing.

Payment information

Payments — for subscriptions and pay-per-lead unlocks — are processed by Stripe. We do not store card details. Stripe may collect billing information as part of the payment process; please refer to stripe.com/privacy.

Website usage

We use Vercel Analytics to understand how visitors use the site. The data is anonymised and does not identify individual users. No personal data is collected through analytics.

3. How We Use Your Data

To display provider listings and run search results.
To deliver buyer quote requests to security providers via the lead unlock model.
To manage provider subscriptions, lead unlock purchases, and Stripe billing.
To send transactional emails relating to your account, enquiries, or unlocks.
To improve our service through anonymised usage analytics.

We do not sell your personal data to any third party. We do not use your data for unsolicited marketing.

4. Legal Basis for Processing

Under UK GDPR, we rely on the following lawful bases:

Contract performance — processing is necessary to provide the directory service you have requested (submitting an enquiry, listing as a provider, or unlocking a lead).
Legitimate interests — running anonymised analytics to improve the platform; enforcing these terms; preventing fraud and abuse.
Legal obligation — retaining payment records and other data where required by law.

5. Data Sharing and Third-Party Processors

We share data only with:

Stripe — payment processing, processed under Stripe's Data Processing Agreement.
Resend — transactional email delivery.
Vercel — hosting and anonymous analytics.
Supabase / PostgreSQL — secure database storage.
Security providers — when a provider unlocks your quote request, the contact details and requirements you submitted are shared with that provider for the sole purpose of responding to your enquiry. Providers are contractually required to use those details only for the response to that specific enquiry.

We do not transfer personal data outside of the UK or EEA without appropriate safeguards in place.

6. Data Retention

Buyer quote request data is retained for 12 months from submission, after which it is deleted.
Provider listing data is retained for the lifetime of the listing plus 12 months.
Payment records are retained for 7 years in accordance with UK financial record-keeping requirements.

7. Cookies

We use a minimal set of cookies:

Session cookies — used for provider authentication. Essential for the operation of provider accounts.
Vercel Analytics — anonymous, non-identifying signals; no consent banner is required as no personal data is processed.

We do not use advertising cookies, tracking pixels, or third-party marketing cookies.

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right of access — request a copy of the personal data we hold about you.
Right to rectification — ask us to correct inaccurate data.
Right to erasure — ask us to delete your personal data, subject to any legal obligation to retain it.
Right to data portability — request your data in a structured, machine-readable format.
Right to object — object to processing based on legitimate interests.
Right to restrict processing — ask us to limit how we use your data in certain circumstances.

To exercise any of these rights, contact hello@sitepatrol.co.uk. We will respond within 30 days.

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. Data Security

We take reasonable technical and organisational measures to protect personal data against unauthorised access, loss or disclosure. Our database is hosted on Supabase with access controls in place. All data is transmitted over HTTPS. Provider account access is protected by authentication.

10. Changes to This Policy

We may update this privacy policy from time to time. The date at the top reflects the last revision. Continued use of the site after any changes constitutes acceptance of the updated policy.

11. Contact

Data controller: SitePatrol. Email: hello@sitepatrol.co.uk