TradeOff ("we", "us", "our") operates the TradeOff mobile application (the "App"). This policy explains how we collect, use, and protect your personal data when you use the App.
We are based in the United Kingdom and process data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Data We Collect
Account information
- Full name and email address (required to create an account)
- Password (hashed — we never store or see your plaintext password)
- Two-factor authentication enrolment status and recovery codes
Profile information
- Profile photo (compressed and resized on your device before upload)
- Bio / about text (up to 200 characters)
- Skills and interests you select
- Location text (city/area — entered manually or auto-filled from GPS with your permission)
- Precise GPS coordinates (latitude and longitude) — collected via your device's location service when you tap "Use My Location" and stored server-side to power distance-based discovery. You can disable this at any time in Settings → Location Services.
- Service area radius (1-50+ miles)
Activity data
- Services you list, trade proposals, and completed trades
- Messages you send and receive
- Photos you send in chat, attach as trade delivery evidence, or submit as arbitration evidence
- Trade dispute reports and arbitration evidence
- Ratings and reviews you leave or receive
- Services you save to your wishlist
- Notification preferences
- Online status and last-seen timestamp
- Last active timestamp (recorded once per session to support safety and moderation)
Device and technical data
- Device platform (iOS or Android) and OS version
- App version
- Push notification token (for delivering notifications via Firebase Cloud Messaging)
2. Data We Do Not Collect
- We do not use analytics or tracking SDKs
- We do not serve advertisements or share data with ad networks
- We do not collect contacts, call logs, or browsing history
- We do not use cookies (the App uses token-based authentication)
3. How We Use Your Data
- Provide the service — creating your account, displaying your profile, enabling trades and messaging
- Location-based discovery — using your GPS coordinates to surface nearby services and calculate distances (coordinates are never shown to other users)
- Notifications — sending push notifications about trades, messages, and reviews (you control which types you receive)
- Safety and moderation — investigating disputes, enforcing our terms, preventing abuse, and detecting compromised or jailbroken devices
- Improving the App — fixing bugs and reviewing aggregated usage patterns via admin tooling (no third-party analytics SDK is used)
4. Legal Basis for Processing
- Contract — processing necessary to provide the service you signed up for (account, trades, messaging)
- Legitimate interests — safety, security, and fraud prevention
- Consent — location access, push notifications, and optional profile fields (you can withdraw consent at any time)
5. Who We Share Data With
We do not sell your personal data. We share data only with:
- Other users — your public profile, listed services, ratings, and messages are visible to users you interact with. You control visibility of your email, location, and online status via Settings → Privacy. GPS coordinates are never exposed to other users.
- Supabase (infrastructure provider) — hosts our database, authentication, file storage, and real-time services under a Data Processing Agreement. Data is stored in the EU/UK.
- Firebase Cloud Messaging / Google — delivers push notifications to your device. Only your device token is transmitted; message content is not sent through FCM.
- Google — if you choose to sign in with Google, Google authenticates your identity and shares your name and email address with us. Google's use of your data is governed by Google's Privacy Policy.
- Apple — if you choose to sign in with Apple, Apple authenticates your identity and shares your name and email address with us. Apple's use of your data is governed by Apple's Privacy Policy.
- Talsec (freeRASP) — our runtime app self-protection library checks your device for signs of rooting, jailbreaking, tampering, or debugging. Device integrity signals are processed by Talsec to protect the security of the App and its users. No personal profile data is shared. See Talsec's Privacy Policy.
6. Data Storage and Security
- Data is stored in Supabase-managed PostgreSQL databases with row-level security policies enforcing data isolation between users
- All data in transit is encrypted via TLS
- Passwords are hashed using bcrypt
- Two-factor authentication is available for additional account security
- Admin access is restricted to authorised personnel with 2FA enforced
7. Data Retention
We retain your data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where we are required by law to retain it (e.g. transaction records for tax or legal purposes).
Cached data on your device is cleared when you sign out.
8. Your Rights
Under UK GDPR, you have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate data (you can edit your profile directly in the App)
- Erasure — request deletion of your account and data
- Restriction — ask us to limit how we process your data
- Portability — receive your data in a structured, machine-readable format. You can download a copy directly in the App via Settings → Data & Privacy → Download My Data.
- Object — object to processing based on legitimate interests
- Withdraw consent — for location, notifications, or optional profile fields at any time via your device settings or the App
To exercise any of these rights, contact us at privacy@tradeoff.uk.
9. Children
The App is not intended for anyone under 18 years of age. We do not knowingly collect data from children. If we learn that we have collected personal data from a child, we will delete it promptly.
10. Changes to This Policy
We may update this policy from time to time. We will notify you of material changes via the App or by email. The "Effective date" at the top of this page indicates when the policy was last revised.
11. Contact
If you have questions about this policy or wish to exercise your data rights:
TradeOff
Email: privacy@tradeoff.uk
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).
TradeOff ("we", "us", "our") operates the TradeOff website at tradeoff.uk (the "Website"). This policy explains how we collect, use, and protect your personal data when you visit the Website.
We are based in the United Kingdom and process data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Data We Collect
Waitlist registration
When you sign up for early access, we collect:
- Your name
- Your email address
- The date and time of registration
- Your IP address (for security and abuse prevention)
What we do not collect
- We do not use cookies
- We do not use analytics or tracking scripts
- We do not serve advertisements
- We do not use third-party tracking pixels
2. How We Use Your Data
- Waitlist communication — to notify you when TradeOff launches or becomes available for early access
- Security — IP addresses are logged to prevent abuse and spam submissions
We will not use your email for marketing beyond launch-related updates. We will not share or sell your data to third parties.
3. Legal Basis for Processing
- Consent — you provide your information voluntarily by submitting the registration form
- Legitimate interests — IP logging for abuse prevention
4. Data Storage and Security
- Waitlist data is stored securely on our web server
- The data file is not publicly accessible
- All data in transit is encrypted via TLS (HTTPS)
- Access is restricted to authorised personnel only
5. Data Retention
We retain your waitlist data until the App launches and you have been notified, after which it will be deleted unless you create an App account. You can request removal from the waitlist at any time.
6. Your Rights
Under UK GDPR, you have the right to:
- Access — request a copy of the data we hold about you
- Erasure — request removal from the waitlist and deletion of your data
- Withdraw consent — at any time by contacting us
To exercise any of these rights, contact us at privacy@tradeoff.uk.
7. Children
The Website is not intended for anyone under 18 years of age. We do not knowingly collect data from children.
8. Changes to This Policy
We may update this policy from time to time. The "Effective date" at the top of this page indicates when it was last revised.
9. Contact
If you have questions about this policy or wish to exercise your data rights:
TradeOff
Email: privacy@tradeoff.uk
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).
