Data controller: SSH Ltd, trading as Estiquote.
SSH Ltd is registered in England and Wales and is registered with the Information Commissioner's Office (ICO) as a data controller. Our ICO registration number will be provided on request.
Contact for data matters: estiquoteofficial@gmail.com
| Data | When collected | Why |
|---|---|---|
| Name | Account registration | To personalise your account |
| Email address | Account registration | Account access, notifications, billing |
| Postcode | Registration or estimator use | Regional pricing, postcode-level estimates (Pro) |
| Project data | Estimator use | To generate and save your estimates |
| Subscription plan | Payment | To enforce plan features and billing |
| Stripe customer ID | First payment | Billing management, subscription records |
| IP address | Platform use | Security, fraud prevention, analytics |
| Browser / device type | Platform use | Compatibility and analytics |
| Data | When collected | Why |
|---|---|---|
| Business name | Listing registration | Published on your builder profile |
| Contact name | Listing registration | Internal verification and communication |
| Email address | Listing registration | Account access, enquiry delivery, billing |
| Phone number | Listing registration | Published on profile; homeowner enquiries |
| Business postcode | Listing registration | Map pin placement, search radius |
| Trade categories | Listing registration | Search matching and profile display |
| Business description | Listing registration | Published on your profile |
| Insurance details | Verification process | Verification only โ not published |
| Trade qualifications | Verification process | Verification only โ certificate numbers not published |
| Stripe customer ID | First payment | Billing management |
When a homeowner submits an enquiry to a builder via the platform, we collect and forward the homeowner's name, email, phone number, postcode, and project description to the relevant builder. This data is processed via Formspree and is shared with the builder for the sole purpose of responding to the enquiry.
| Purpose | Data used | Legal basis |
|---|---|---|
| Providing the estimator tool | Postcode, project inputs | Contract performance |
| Managing your account | Name, email, plan | Contract performance |
| Processing subscription payments | Email, Stripe ID | Contract performance |
| Delivering builder enquiries | Homeowner contact details | Contract performance / consent |
| Verifying builder listings | Insurance, qualifications | Contract performance |
| Sending service emails | Email address | Contract performance |
| Sending material price alerts (Pro) | Email address | Contract performance |
| Security and fraud prevention | IP address, usage data | Legitimate interests |
| Platform analytics and improvement | Usage data, device data | Legitimate interests |
| Legal compliance | As required | Legal obligation |
We do not use your data for automated decision-making that produces legal or similarly significant effects on you. We do not use your data for targeted advertising on third-party platforms.
Under UK GDPR, we rely on the following lawful bases for processing your personal data:
We do not sell your personal data. We share data only with the following third parties, for the purposes described:
| Third party | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing and subscription management | Email, billing address, subscription data |
| Formspree | Processing form submissions (contact, signup, enquiries) | Form submission content |
| Builder businesses | Delivering homeowner enquiries to the relevant builder | Name, email, phone, postcode, project description |
| Netlify | Website hosting and serverless functions | Access logs, IP addresses |
| OpenStreetMap | Map tile delivery | Approximate location (postcode area) |
All third-party processors are contractually required to process data only in accordance with our instructions and applicable data protection law. We carry out due diligence on all processors before use.
We may disclose your data to law enforcement or regulatory authorities if required to do so by law, or to protect the rights and safety of Estiquote users.
| Data type | Retention period | Reason |
|---|---|---|
| Account data (homeowner) | Duration of account + 2 years | Service continuity, legal claims |
| Account data (builder) | Duration of subscription + 2 years | Service continuity, legal claims |
| Saved project estimates | Until deleted by user or account closure | User-controlled |
| Billing records | 7 years from transaction date | HMRC / tax law requirement |
| Enquiry data | 6 months from submission | Dispute resolution |
| Security logs (IP addresses) | 90 days | Security and fraud prevention |
| Verification documents | Duration of listing + 1 year | Regulatory compliance |
After the applicable retention period, data is securely deleted or anonymised. You may request early deletion of your data subject to our legal retention obligations โ see Section 8.
Estiquote uses browser local storage (not traditional cookies) to store your session data, saved estimates, and plan status on your device. This data does not leave your browser unless you are logged in, in which case it is synchronised with our database.
Stripe may set cookies for fraud detection and session management when you visit a payment page. These are necessary for secure payment processing and cannot be disabled without breaking the payment flow. For more information, see Stripe's Privacy Policy.
Under UK GDPR, you have the following rights in respect of your personal data:
To exercise any of these rights, contact us at estiquoteofficial@gmail.com. We will respond within 30 days. We may need to verify your identity before processing your request.
If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
We take the security of your personal data seriously. Our security measures include:
In the event of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify you and the ICO within 72 hours of becoming aware of the breach, as required by UK GDPR Article 33.
Estiquote is intended for use by adults aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18. If we become aware that we have collected data from a child under 18, we will delete it promptly. If you believe we have inadvertently collected data from a child, please contact us at estiquoteofficial@gmail.com.
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email at least 14 days before the new policy takes effect. The current version is always available at estiquote.co.uk/privacy.html.
For all data protection queries, Subject Access Requests, or complaints: