This policy explains how Kye Prior, trading as TradeTerra (“we”, “us”) collects and uses personal data when you use the TradeTerra platform (the “Service”). We are committed to protecting your privacy and handling personal data in line with UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).
1. Who we are
TradeTerra is operated by Kye Prior, trading as TradeTerra, as a sole trader. We are not a company registered at Companies House and do not have a UK company registration number. For privacy-related questions contact support@tradeterra.co.uk. Legal notices should be sent to: 417 Avonside House, East Station Road, Peterborough, PE2 8UA, United Kingdom. ICO status: Registered with the Information Commissioner's Office (ICO), reference ZC133492.
2. Two distinct roles
Under UK GDPR we have two separate roles, depending on whose data is being processed. Our processor commitments are set out in our Data Processing Agreement:
- Data controller for personal data about you as a subscriber — your name, email, business details, billing records, support messages and usage logs.
- Data processor for personal data your trade business puts into the Service about your own customers — e.g. customer names, phone numbers, addresses, quote and invoice content, SMS and call records. You are the controller of that data. We only process it on your instructions.
3. Personal data we collect about you (the subscriber)
- Account data: name, email, password hash, role, business name.
- Business profile: trading name, address, phone, VAT number if you are VAT-registered, logo and bank details (for display on your quotes and invoices), and any other business identifiers you choose to add for your own documents.
- Billing data: Stripe customer ID, subscription status, invoice history. Full card numbers are held by Stripe, not us.
- Usage data: sign-in timestamps, IP address, browser user-agent, actions taken in the app (for security and debugging).
4. Personal data you put into the Service
- Your customers' names, phone numbers, email addresses, postal addresses, job descriptions, quote content, invoice content, and notes you record.
- Inbound and outbound SMS messages and call metadata (caller number, timestamp, duration) handled via our telephony partner.
You are responsible for having a lawful basis (typically legitimate interest or contract) to hold this information about your customers, and for responding to rights requests from them.
5. Lawful bases
We rely on the following bases under UK GDPR Article 6:
- Contract — to provide the Service to you and take payment.
- Legitimate interests — to secure the Service, diagnose faults, prevent abuse, and improve the product. Legitimate-interest balancing test available on request.
- Legal obligation — for tax records, statutory invoicing, and responding to lawful requests.
- Consent — for optional marketing emails from us. You can withdraw at any time.
6. Who we share data with (sub-processors)
To operate the Service we use the following processors. Each is contractually bound to protect personal data.
- Supabase — database, authentication, file storage.
- Stripe — subscription billing.
- Twilio — SMS and voice.
- Resend — transactional email.
- Vercel — hosting and CDN.
- Sentry — optional server-side error monitoring, if enabled for the production environment.
Those suppliers are separate legal entities (their contracts or privacy notices may refer to names such as “Limited” or “Inc.”). They are not us — TradeTerra is the trading name of Kye Prior as a sole trader, not a limited company.
Some of these providers may transfer or process data outside the UK. Where they do, we rely on the UK International Data Transfer Agreement or equivalent safeguards.
7. How long we keep data
- Account data — for the life of your subscription, plus up to 12 months after cancellation so you can resubscribe without loss of data.
- Billing and tax records — 6 years, as required by HMRC.
- Content you create (customers, quotes, invoices, messages) — retained while your account is active. You can delete individual records inside the Service where deletion controls are available, or contact us to request export or account deletion. On verified account deletion requests we delete your content within 30 days except where retention is required by law.
- Security logs — up to 90 days.
8. Your rights
Under UK GDPR you can ask us to:
- access a copy of your personal data;
- correct inaccurate data;
- erase your data (subject to lawful exceptions such as tax records);
- restrict processing;
- port your data to another provider;
- object to processing based on legitimate interests;
- withdraw consent for marketing at any time.
Email support@tradeterra.co.ukto exercise any of these rights. We'll respond within one month. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.
9. Security
We use TLS in transit, encrypted storage at rest, row-level security in our database, role-based access within your business, and access logging on administrative actions. No system is 100% secure; if we detect a breach that affects you we will notify you in line with our obligations.
10. Cookies
We use strictly necessary cookies to keep you signed in and to maintain session security. We do not use advertising cookies. If we ever add analytics, you'll see a consent banner first.
11. Children
The Service is for business use and is not directed to anyone under 16. We do not knowingly collect personal data from children.
12. Changes to this policy
We may update this policy from time to time. The “Last updated” date at the top of the page will change. If the update materially affects your rights we will email you at least 14 days before it takes effect.
13. Contact
Questions or requests: email support@tradeterra.co.uk, or write to us at 417 Avonside House, East Station Road, Peterborough, PE2 8UA, United Kingdom.