VettedBuilder logoVettedBuilder
Back to VettedBuilder

Privacy Policy

Version 2.0  ·  Effective 2026-03-05

PRIVACY POLICY

Policy version: v2.0/05-03-2026

1. Introduction

This Privacy Policy is provided by VETTEDBUILDER Ltd, a company incorporated in England and Wales with company number 17041601 and its registered office at 69 Stokoe Avenue, Altrincham, WA14 4LF ("VETTEDBUILDER", "we", "our" or "us"). VETTEDBUILDER operates an online marketplace connecting consumers with independent builders and tradespeople (together, the "Marketplace").

We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on how and why we collect, store, use and share any information relating to you (your personal data).

It also explains your rights in relation to your personal data and how to contact us or the relevant regulator in the event you have a complaint. Our collection, storage, use and sharing of your personal data is regulated by law, including under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

In relation to the Marketplace, VETTEDBUILDER is generally the controller for personal data processed to operate and improve the Platform, administer consumer and builder accounts, facilitate in-app messaging, manage the lead and quote workflow, publish and moderate reviews, bill builders (including subscription and/or per-lead fees), and prevent fraud and misuse. Independent builders and consumers will typically each act as controllers of the personal data they choose to share with each other through the Marketplace (for example, where a consumer shares project details and contact details with a builder, or a builder shares a quote). We use third-party service providers to support these activities (including Stripe for billing and payment processing, an identity verification provider for ID checks, and Google Cloud Platform hosting in the UK), who will process personal data on our behalf as processors where applicable.

2. What this policy applies to

This privacy policy relates to (a) your use of the VETTEDBUILDER website and any mobile or web application features we make available (together, the "Platform"), (b) personal data processed when you create and use a consumer or builder account, use in-app messaging, request, provide or manage leads and quotes, post reviews, and (c) personal data processed in connection with builder payments processed by Stripe and identity verification completed through our third-party verification provider.

The Website may link to other websites owned and operated by third parties. Those other websites may gather information about you in accordance with their own separate privacy policies. For privacy information relating to those other websites, please consult their privacy policies as appropriate. For more information see the section 'Who we share your personal data with' below.

3. Personal data we collect about you

The personal data we collect about you depends on whether you use the Platform as a consumer and/or as a builder, and how you use the Marketplace features (including in-app messaging, leads/quotes, reviews, payments and identity verification). We may collect personal data (a) directly from you, (b) automatically when you use the Platform, and/or (c) from third parties such as payment and identity verification providers. This includes:

| Category of data | In more detail | |---|---| | Identity and contact data | - Name, email address, telephone number, postal address (where provided), and account/profile information (for example, whether you are a consumer or a builder, business name, trade details, service categories, and other information you choose to include in your profile). <br>- For Service Providers (builders and tradespeople), identity and business verification data (including identity documents and verification results from third-party verification services). For Customers, email address and mobile number verification data (including one-time passcodes used for verification). <br>- If you have an online account with us, your account access details (such as login credentials) and account settings. <br>- Your preferences, feedback, reviews/ratings, and survey responses (where you choose to provide them). | | Data collected when you interact with our Platform, in-app messaging, lead/quote workflow or forms | Information you submit to us via the Platform, in-app messaging, leads/quotes and forms (including information you choose to provide in free-text fields), such as project details, addresses where works are to be carried out (where provided), photos/documents, quote details, and relevant interaction history. <br><br>For Service Providers using voice-enabled features: voice data (including voice commands and audio recordings) collected when you use voice-based interaction features on the Platform. | | Technical and usage data collected automatically | - Your activities on, and use of, the Website and related online services, including pages viewed and times of access. <br>- Tracking information such as IP address, cookie identifiers, browser type and version (user agent), device information, session identifiers, referral URLs, and analytics/marketing pixels and scripts. Where enabled, we may also collect approximate location derived from IP address. If you choose to enable device location permissions (for example, in a mobile app), we may process more precise location data for the purpose of helping you find relevant local builders or projects (you can withdraw permission in your device settings). | | Data collected when you contact or make an enquiry with us | Your name, email address and telephone number, and the contents of your communications with us. | | Marketing and communications data | Your preferences in receiving marketing from us and your communication preferences. |

We may also collect, use and share aggregated and anonymised data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate Website usage data to analyse trends and improve the Website and our services.

We collect and use this personal data for the purposes described in the section 'How and why we use your personal data' below.

4. Sensitive Data

Sensitive personal data (also known as special category data) means information related to personal data revealing racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic data; biometric data (where used for identification purposes); data concerning health; data concerning a person's sex life; and data concerning a person's sexual orientation.

We do not typically require special category data to operate the Marketplace. However, depending on the identity verification method used by our third-party verification provider, identity verification may involve processing biometric data for identification purposes (for example, facial matching) and/or information contained in identity documents. Additionally, where Service Providers use voice-enabled features on the Platform, we may process voice data (including voice commands and audio recordings) which may constitute biometric data. Where special category data is processed, we will do so with appropriate safeguards and only where a lawful basis and an additional UK GDPR condition applies (for example, where necessary for reasons of substantial public interest such as preventing fraud, or to enable voice-based platform functionality, and/or with your explicit consent where required, as applicable).

Please do not provide special category data to us via the Platform or in communications unless it is specifically requested or necessary for the relevant purpose. If you voluntarily provide special category data, we will handle it in accordance with this Privacy Policy and applicable law.

5. How your personal data is collected

We use different methods to collect data from and about you including through:

  • Your interaction with us: We collect personal data from you directly when you create an account, complete your profile, contact us, submit enquiries, request or provide leads/quotes, use in-app messaging, post reviews/ratings, start an identity verification process, pay builder subscription and/or per-lead fees via Stripe (as applicable), subscribe to communications, or otherwise correspond with us (including by email, telephone or via social media).
  • Automated technologies or interactions: As you interact with the Website, we will automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.

6. How and why we use your personal data

Under data protection law, personal data may only be processed where there is a lawful basis. VETTEDBUILDER acts as a controller for processing necessary to operate the Marketplace (including account administration, in-app messaging, lead/quote workflow, reviews, builder billing, trust and safety and platform security). Where VETTEDBUILDER acts as a controller, we rely on one or more of the following lawful bases:

  • where you have given consent
  • to comply with our legal and regulatory obligations
  • for the performance of a contract with you or to take steps at your request before entering into a contract, or
  • for our legitimate interests or those of a third party

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own. You can obtain details of this assessment by contacting us (see 'How to contact us' below).

The table below explains what we use your personal data for and why.

| What we use your personal data for | Our reasons | |---|---| | Create and manage any account you have with us (where applicable) | To perform our contract with you or to take steps at your request before entering into a contract (where applicable) | | Facilitate the Marketplace (including in-app messaging, lead/quote workflow, reviews/ratings, identity verification, and voice-enabled features for Service Providers) | To perform our contract with you (for example, under the Marketplace terms) and/or for our legitimate interests in operating, maintaining and improving the Marketplace, preventing fraud and misuse and keeping users safe. Where applicable, to enable voice-based interaction features for Service Providers (including processing voice data to convert speech to text and to train and improve our AI modules using third-party AI services, including large language models), based on your consent and our legitimate interests in improving Platform functionality, and (where applicable) to comply with legal and regulatory obligations. | | Process builder payments (subscription and/or per-lead fees) via Stripe | To perform our contract with you (for example, under the Marketplace terms) and/or for our legitimate interests in operating, maintaining and improving the Marketplace, preventing fraud and misuse and keeping users safe, and (where applicable) to comply with legal and regulatory obligations. | | To enforce legal rights or defend or undertake legal proceedings | Depending on the circumstances: <br>- to comply with our legal and regulatory obligations <br>- in other cases, for our legitimate interests or those of a third party, i.e. to protect our business, interests and rights or those of others | | Sending relevant marketing communications and making personalised suggestions about our services (where permitted) | Depending on the circumstances: where required by law, consent; otherwise, our legitimate interests to promote and grow our business (subject to your right to opt out and applicable marketing rules, including PECR). | | Carry out market research through your voluntary participation in surveys | Necessary for our legitimate interests to study how customers use the products, use our Website and to help us improve and develop our Website and products and services offered through the Website. | | Communications with you not related to marketing, including service communications, updates to our policies, changes to the Website or important notices | Depending on the circumstances: to comply with our legal and regulatory obligations; to perform our contract with you (where applicable); or for our legitimate interests in providing customer support and operating our business. | | Protect the security of systems and data | To comply with our legal and regulatory obligations and, where appropriate, for our legitimate interests in protecting systems and data and preventing and detecting fraud and other criminal activity. | | Operational reasons, such as improving efficiency, training, and quality control or to provide support to you | For our legitimate interests or those of a third party, i.e., to be as efficient as we can so we can deliver the best service to you | | Statistical analysis to help us manage our business, e.g., in relation to our performance, customer base, Platform and functionalities and offerings or other efficiency measures | For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service to you and improve and develop our Platform | | Updating and enhancing user records | Depending on the circumstances: to perform our contract with you (where applicable); to comply with our legal and regulatory obligations; or for our legitimate interests in maintaining accurate records and delivering our services. | | Comply with our legal and regulatory obligations (including responding to lawful requests and meeting applicable record-keeping requirements) | To comply with our legal and regulatory obligations. | | To support corporate governance and, where necessary, to share information in connection with a significant corporate transaction or restructuring | To share your personal data with members of our group and third parties in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale or in the event of our insolvency. In such cases, information will be shared only where necessary and, where possible, anonymised or aggregated. <br><br>Depending on the circumstances: <br>- to comply with our legal and regulatory obligations <br>- in other cases, for our legitimate interests or those of a third party, i.e., to protect, realise or grow the value in our business and assets |

See 'Who we share your personal data with' for further information on the steps we will take to protect your personal data where we need to share it with others.

7. Marketing

We may send you communications about the Marketplace, service updates and insights, and (where permitted) promotional offers.

Where required by law (including under PECR), we will obtain your consent before sending you direct marketing. Where consent is not required, we may send marketing on the basis of our legitimate interests, and you can opt out at any time. We maintain records of your marketing preferences.

You will have the right to opt out of receiving marketing communications at any time by:

  • contacting us at legal@vettedbuilder.com
  • using the 'unsubscribe' link included in all marketing emails you may receive from us

We will not sell your personal data to third parties for their own direct marketing purposes.

For more information on your right to object at any time to your personal data being used for marketing purposes, see 'Your rights' below.

8. Who we share your personal data with

We share personal data only where necessary for the purposes set out in this Privacy Policy. As controller for Marketplace operations, we may share personal data with: (a) other users (for example, where a consumer shares project information with a builder or a builder sends a quote to a consumer through the Platform), (b) our service providers who help us operate the Platform, such as Google Cloud Platform (UK region hosting and related infrastructure support), (c) Stripe (to process builder subscription and/or per-lead payments and related fraud prevention; we do not store or process your full card details ourselves), (d) our third-party identity verification provider (to verify identity and help prevent fraud, where identity verification is offered or required), and (e) third-party AI service providers, including large language models (to process voice data for Service Providers using voice-enabled features, to convert speech to text and to train and improve AI modules). Where our service providers process personal data on our behalf, they do so under contractual obligations as processors (as applicable) and must only process personal data in accordance with our instructions.

We only allow service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you.

We or the third parties mentioned above may occasionally also need to share your personal data with:

  • external auditors, e.g. in relation to the audit of our accounts and our company — the recipient of the information will be bound by confidentiality obligations
  • professional advisors (such as lawyers and other advisors) — the recipient of the information will be bound by confidentiality obligations
  • law enforcement agencies, courts or tribunals and regulatory bodies to comply with legal and regulatory obligations
  • other parties in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency — usually, information will be anonymised, but this may not always be possible, however, the recipient of the information will be bound by confidentiality obligations

If you would like more information about who we share our data with and why, please contact us (see 'How to contact us' below).

We do not share your personal data with third parties except as described in this Privacy Policy or where required or permitted by law.

9. How long your personal data will be kept

We will keep personal data for as long as necessary for the purposes set out in this Privacy Policy. As controller for Marketplace operations, we generally retain account, messaging, lead/quote, review and support data for as long as you have an account and for a reasonable period afterwards to operate the Marketplace, comply with legal obligations, resolve disputes, prevent fraud and enforce our terms. Builder billing and payment records processed via Stripe are retained as required for payment processing, accounting and tax and regulatory purposes. Identity verification data (where applicable) is retained only for as long as necessary to complete verification, maintain audit trails where needed for fraud prevention and compliance, and to meet legal obligations. Voice data collected through voice-enabled features is stored temporarily to convert speech to text and to train our AI modules; voice recordings are typically retained for 90 days, after which they are deleted or anonymised unless a longer retention period is required for legal compliance, dispute resolution or fraud prevention.

Following the end of the applicable retention period, we will delete or anonymise personal data in accordance with applicable data protection requirements, unless we are required to retain it (for example, due to legal obligations or a legal hold).

10. Transferring your personal data out of the UK

We may transfer your personal data outside the UK (for example, where our service providers or their support teams process data in other countries). Our Platform is hosted on Google Cloud Platform in the UK; however, some of our service providers (including Stripe and our identity verification provider) may operate globally and may process personal data outside the UK. Where we transfer personal data outside the UK, we will ensure appropriate safeguards are in place to protect your personal data, such as the UK International Data Transfer Agreement (IDTA) and, where required, a transfer risk assessment (TRA), or another lawful transfer mechanism under UK data protection law.

Furthermore, under UK data protection laws, we can only transfer your personal data to a country outside the UK where: the UK government has decided the particular country ensures an adequate level of protection of personal data (known as an 'adequacy regulation') further to Article 45 of the UK GDPR; there are appropriate safeguards in place (such as the IDTA and, where relevant, the UK Addendum to the EU Standard Contractual Clauses), together with enforceable rights and effective legal remedies for you; or a specific exception applies under relevant data protection law.

  • The EEA: we may rely on the UK adequacy regulations in respect of EEA countries (where applicable).
  • Other countries: we will put in place appropriate safeguards (such as the IDTA and, where required, a TRA) and other measures required by UK data protection law.

In the event we could not or choose not to continue to rely on either of those mechanisms at any time we would not transfer your personal data outside the UK unless we could do so on the basis of an alternative mechanism or exception provided by UK data protection law.

11. Your rights

You generally have the following rights, which you can usually exercise free of charge. For most Marketplace processing, VETTEDBUILDER is the controller and you can direct requests to us. For more information regarding these rights, please visit the ICO website here.

| Right | Description | |---|---| | Access to a copy of your personal data | The right to be provided with a copy of your personal data. | | Correction (also known as rectification) | The right to require us to correct any mistakes in your personal data. | | Erasure (also known as the right to be forgotten) | The right to require us to delete your personal data — in certain situations. | | Restriction of use | The right to require us to restrict use of your personal data in certain circumstances, e.g. if you contest the accuracy of the data. | | Data portability | The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party — in certain situations. | | To object to use | The right to object: <br>- at any time to your personal data being used for direct marketing (including profiling) <br>- in certain other situations to our continued use of your personal data, e.g. where we use your personal data for our legitimate interests. | | Not to be subject to decisions without human involvement | The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you |

For further information on each of those rights, including the circumstances in which they do and do not apply, please contact us (see 'How to contact us' below). You may also find it helpful to refer to the guidance from the UK's Information Commissioner on your rights under the UK GDPR.

If you would like to exercise any of those rights, please email, call or write to us — see below: 'How to contact us'. We may need to verify your identity before responding. When contacting us please:

  • provide enough information to identify yourself (e.g., your full name and username) and any additional identity information we may reasonably request from you, and
  • let us know which right(s) you want to exercise and the information to which your request relates

12. Keeping your personal data secure

We have implemented appropriate technical and organisational security measures to protect your personal data. Access to personal data is restricted to authorised personnel and service providers on a need-to-know basis, and we maintain policies and controls designed to protect against unauthorised access, alteration, disclosure or loss of personal data.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

13. How to complain

Please contact us if you have any queries or concerns about our use of your information (see below 'How to contact us'). We hope we will be able to resolve any issues you may have.

You also have the right to lodge a complaint with the Information Commissioner.

The Information Commissioner can be contacted at https://ico.org.uk/make-a-complaint or telephone: 0303 123 1113.

14. Changes to this privacy policy

We may change this privacy policy from time to time to reflect updates in our services, our processing activities, or regulatory requirements. Where appropriate, we will take steps to bring any significant changes to your attention, for example by posting an updated version on the Website and/or contacting you.

15. How to contact us

You can contact us by post, email or telephone if you have any questions about this privacy policy, the information we hold about you, to exercise your rights under data protection law, or to make a complaint.

Our contact details are shown below:

  • 69, Stokoe Avenue, Altrincham, WA14 4LF
  • info@vettedbuilder.com
  • 03301330654