Privacy Policy

1. Introduction

NearClean ("we", "us", "our") operates the NearClean platform at nearclean.co.uk. We are a marketplace that connects customers with trusted cleaning service providers.

We are committed to protecting your personal data and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy explains what data we collect, how we use it, and your rights regarding your personal information.

2. Data We Collect

Account Information

When you create an account, we collect:

• Name (first and last)
• Email address
• Phone number (optional)
• Password (stored securely using one-way hashing — we cannot see your password)

Address and Location Data

To match you with nearby cleaning services, we collect:

• Your address or postcode
• Geographic coordinates (latitude and longitude) derived from your address

Booking Data

When you make a booking, we store:

• Service requested and any selected options
• Date, time, and duration
• Service address
• Any notes you provide
• Booking status and history

Business Profile Data

If you register as a cleaning business, we also collect:

• Business name and description
• Business address and service areas
• Services offered and pricing
• Business phone number and website
• Staff information (names, roles)

Payment Data

Payments are processed by Stripe. We do not store your credit or debit card numbers on our servers. Stripe handles all payment card data in accordance with PCI DSS standards. We store only a reference to your Stripe customer account to process payments.

Technical Data

When you use our site, we automatically collect:

• IP address (for security and fraud prevention)
• Browser type and version
• Device information

We do not use any analytics or advertising tracking services. We do not use Google Analytics, Facebook Pixel, or similar tracking tools.

3. How We Use Your Data

We use your personal data to:

• Provide the NearClean marketplace — connecting customers with cleaning businesses
• Process and manage bookings
• Process payments through Stripe
• Send booking confirmations, reminders, and status updates
• Enable businesses to manage their schedules and staff
• Communicate with you about your account
• Protect the security of our platform (e.g. detecting fraudulent logins)
• Comply with legal obligations (e.g. tax and accounting records)

We do not sell your personal data to third parties. We do not send marketing emails unless you explicitly opt in to receive them.

4. Legal Basis for Processing

Under the UK GDPR, we process your data on the following legal bases:

• Contract performance — processing necessary to provide the booking service you have requested (e.g. managing your bookings, processing payments)
• Legitimate interests — processing necessary for our legitimate business interests, such as platform security, fraud prevention, and service improvement, where these interests are not overridden by your rights
• Legal obligation — processing required to comply with the law (e.g. financial record-keeping)
• Consent — where we rely on your consent, you can withdraw it at any time by contacting us

5. Third-Party Services

We use the following third-party services to operate NearClean:

Google Maps API

Used for address lookup and location services when entering your address. Google may collect data in accordance with their privacy policy. See: Google Privacy Policy.

Stripe

Used for secure payment processing. Stripe handles all card data and is PCI DSS compliant. See: Stripe Privacy Policy.

Content Delivery Networks (CDNs)

We use external services to deliver fonts and icons efficiently:

• Google Fonts — provides the typefaces used on our site. Google may receive your IP address when fonts are loaded.
• Font Awesome (cdnjs.cloudflare.com) — provides icons used across the site.
• jQuery (code.jquery.com) — a JavaScript library used for site functionality.

These CDN services may receive your IP address and browser information when resources are loaded. We plan to self-host these resources in a future update to eliminate this data sharing.

6. Cookies and Local Storage

Essential Cookies

We use cookies that are strictly necessary for the site to function:

• Session cookie (sessionid) — keeps you logged in during your visit. Expires after 24 hours.
• CSRF token (csrftoken) — protects against cross-site request forgery attacks. Required for all form submissions.

These cookies are essential and cannot be disabled without breaking the site's functionality.

Local Storage

We use your browser's local storage (similar to cookies but stored locally on your device) for:

• Cookie consent preference — remembers that you have acknowledged this cookie notice
• App install prompt preference — remembers if you dismissed the "Install App" prompt
• UI preferences — stores small interface preferences like dismissed notices

Third-Party Cookies

The CDN services listed in section 5 may set their own cookies when loading resources. Google Maps and Stripe may also set cookies on pages where they are used. Please refer to their respective privacy policies for details.

No Tracking Cookies

We do not use any analytics, advertising, or tracking cookies.

7. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — request that we correct any inaccurate or incomplete data
• Right to erasure — request that we delete your personal data (subject to legal obligations)
• Right to data portability — request your data in a commonly used, machine-readable format
• Right to restrict processing — request that we limit how we use your data
• Right to object — object to processing based on legitimate interests
• Right to withdraw consent — where processing is based on consent, withdraw it at any time

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been violated.

8. Data Retention

• Active accounts — your data is retained for as long as your account is active
• Deleted accounts — personal data is deleted or anonymised within 30 days of account deletion. Booking and payment records may be retained for up to 7 years to comply with tax and accounting obligations.
• Security logs — login attempt records are retained for up to 90 days

9. Data Security

We take the security of your data seriously and implement appropriate measures including:

• All data transmitted over HTTPS (encrypted in transit)
• Passwords stored using strong one-way hashing (we never store or see your password)
• Role-based access controls — staff only see data relevant to their assigned bookings
• Protection against common web attacks (CSRF, XSS, SQL injection)
• Failed login detection and account protection

While we implement strong security measures, no system is completely secure. We encourage you to use a strong, unique password for your account.

10. Children's Privacy

NearClean is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Changes to This Policy

We may update this privacy policy from time to time. The "Last updated" date at the top of this page indicates when it was last revised. For material changes, we will notify you by email or by a prominent notice on our site.

12. Contact Us

If you have any questions about this privacy policy or how we handle your data, please contact us: