CleanCoatBack to Home

Privacy Policy

CleanCoat Proposals — operated by Colin Brown trading as CleanCoat

Last updated: March 2026

1. Who We Are

This platform is operated by Colin Brown trading as CleanCoat ("we", "us", "our"). We operate a digital proposal platform used by trade businesses to send personalised quotes and proposals to their clients.

For the purposes of UK data protection law, we act as:

  • A data controller in respect of data relating to our own business customers (the trade businesses using this platform).
  • A data processor in respect of personal data that our business customers collect from their own clients (homeowners and other end customers).

If you have any questions about this policy, contact us at [email protected].

2. What Data We Collect and Why

2a. Data About Business Customers (Trade Businesses)

When a trade business signs up to use this platform, we collect:

  • Name and email address (for account access and communication)
  • Business name, phone number, and website (for display in proposals)
  • Payment information (processed by our payment provider — we do not store card details)

We use this data to provide the platform service, send account-related communications, and process payments. The legal basis is contract performance (Article 6(1)(b) UK GDPR).

2b. Data About End Clients (Homeowners)

When a trade business creates a proposal for one of their clients, the following data is entered into the platform:

  • Client name, address, phone number, and email address
  • Property details relevant to the quote

This data is entered by the trade business (the data controller) and processed by us on their behalf. We do not use this data for any purpose other than delivering the proposal platform service. The legal basis for our processing is legitimate interests (Article 6(1)(f) UK GDPR) — specifically, the legitimate interest of the trade business in sending a professional proposal to their client.

2c. Usage Data

We automatically collect basic usage data including IP addresses, browser type, and pages visited. This is used solely for security monitoring and platform improvement. We do not sell or share this data with third parties.

3. How Long We Keep Your Data

Data TypeRetention Period
Business customer account dataDuration of subscription + 2 years
Proposal and client data2 years from last activity, then deleted
Usage/log data90 days
Payment records7 years (legal requirement)

4. Who We Share Data With

We do not sell personal data. We share data only with the following categories of third-party service providers who process data on our behalf:

  • Cloud hosting provider — for secure data storage and platform operation
  • Payment processor — for subscription billing (they have their own privacy policy)
  • Email delivery service — for sending proposal notifications

All third-party processors are contractually required to process data only on our instructions and in accordance with UK GDPR.

5. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

  • Right of access — you can request a copy of the data we hold about you
  • Right to rectification — you can ask us to correct inaccurate data
  • Right to erasure — you can ask us to delete your data (subject to legal retention requirements)
  • Right to restriction — you can ask us to limit how we use your data
  • Right to portability — you can ask for your data in a machine-readable format
  • Right to object — you can object to processing based on legitimate interests

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

6. Data Security

We take the security of personal data seriously. We use:

  • Encrypted connections (HTTPS/TLS) for all data in transit
  • Encrypted storage for data at rest
  • Access controls limiting who can access personal data
  • Regular security reviews

In the event of a data breach that is likely to result in a risk to individuals, we will notify the ICO within 72 hours and affected individuals without undue delay.

7. International Transfers

We store data on servers located within the United Kingdom or European Economic Area. Where any data is transferred outside these regions, we ensure appropriate safeguards are in place in accordance with UK GDPR Chapter V.

8. Changes to This Policy

We may update this policy from time to time. We will notify business customers of significant changes by email. The current version is always available at this URL.

9. Contact

Colin Brown trading as CleanCoat

Email: [email protected]