Privacy Policy

Last updated: 26 April 2026

1. Who we are

This privacy policy applies to the TradGo service, available at tradgo.co.uk and app.tradgo.co.uk.

The data controller is:

Michael Stevenson, trading as Autaimate (a UK sole trader)
49 Vicarage Road, St Austell, PL24 2PH, United Kingdom
Contact: hello@tradgo.co.uk

If you have any questions about this policy, your data, or want to exercise your rights, contact us using the email above.

2. What data we collect

We collect the following categories of personal data:

From tradespeople (TradGo customers)

  • Account details: name, email address, phone number, business name
  • Trade and service information: trade type, services offered, pricing ranges, geographic service area
  • Voice samples: audio recordings you upload during onboarding to train your AI agent
  • Credential information: scheme registration numbers (NICEIC, Gas Safe, etc.) where applicable
  • Billing data: payment method, billing address, transaction history (handled by Stripe — see processors below)
  • Authentication data: login records, session tokens (handled by Clerk — see processors below)
  • Conversation history: SMS, WhatsApp, and chat widget messages between your agent and your customers

From end customers (people who message a TradGo agent)

  • Phone number, name (where provided), and the content of their messages
  • Job-related information they share (location, property details, type of work needed)
  • Photos they send via WhatsApp

We collect this data on behalf of the tradesperson, who is the controller of their customers' data; we act as a processor for that data.

From all visitors

  • Technical data: IP address, browser type, device information, pages visited (collected by Cloudflare and Sentry — see processors below)
  • Cookies: see our Cookies Policy for details

3. How we use your data and our lawful basis

Under UK GDPR (Article 6), we rely on the following lawful bases:

  • Performance of a contract (Article 6(1)(b)): to provide the TradGo service to subscribed tradespeople — running the AI agent, sending and receiving SMS/WhatsApp messages, processing payments, providing dashboard access.
  • Legitimate interests (Article 6(1)(f)): to operate, secure, and improve the service — including monitoring for fraud and abuse, debugging via Sentry, and improving the AI agent's accuracy.
  • Legal obligation (Article 6(1)(c)): to comply with UK law, including tax records, accounting, and responding to lawful requests from authorities.
  • Consent (Article 6(1)(a)): for any non-essential cookies or marketing emails, where applicable.

4. Data processors we use

To deliver TradGo, we use the following sub-processors. Each is bound by a Data Processing Agreement (DPA) and processes data only on our instructions.

  • Cloudflare (USA / global) — DNS, CDN, hosting for tradgo.co.uk
  • Railway (USA) — hosting for the app subdomain
  • Neon (USA, EU regions) — PostgreSQL database
  • Clerk (USA) — user authentication and session management
  • Stripe (USA / UK) — payment processing
  • Twilio (USA) — SMS and WhatsApp message delivery
  • Anthropic (USA) — Claude AI model that powers the agent's conversation
  • Resend (USA) — transactional email delivery
  • Ably (UK / global) — real-time messaging infrastructure
  • Sentry (USA) — error monitoring

Where data is transferred outside the UK or EU (e.g. to USA-based processors), we rely on UK adequacy decisions, Standard Contractual Clauses, or other lawful transfer mechanisms.

5. How long we keep data

  • Account data: kept for as long as you have an active subscription, plus 6 years for tax and accounting purposes (HMRC requirement).
  • Conversation data: kept while your account is active so you can refer back to past customer conversations. Deleted within 90 days of account closure unless required for legal reasons.
  • Voice samples: kept while your account is active. Deleted on request or within 90 days of account closure.
  • Billing records: kept for 6 years (HMRC requirement).
  • Technical logs and error reports: kept for 30 days.

6. Your rights under UK GDPR

You have the following rights regarding your personal data:

  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — correct inaccurate data
  • Right to erasure — request deletion of your data ("right to be forgotten")
  • Right to restrict processing — limit how we use your data
  • Right to data portability — receive your data in a portable format
  • Right to object — object to processing based on legitimate interests
  • Right to withdraw consent — where we rely on consent

To exercise any of these rights, email hello@tradgo.co.uk. We respond within 30 days.

If you're not satisfied with our response, you can complain to the UK Information Commissioner's Office (ICO) at ico.org.uk or call 0303 123 1113.

7. Security

We take reasonable technical and organisational measures to protect your data, including encryption in transit (TLS), encryption at rest, access controls, and regular security reviews. No system is perfectly secure, but we work continuously to protect your information.

8. Children

TradGo is a business service intended for adults running trade businesses. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided data to us, contact us and we'll delete it.

9. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top will reflect any changes. Significant changes will be notified to active customers by email.

10. Contact

For all data protection questions or to exercise your rights:

Michael Stevenson, trading as Autaimate
49 Vicarage Road, St Austell, PL24 2PH, United Kingdom
hello@tradgo.co.uk