Tradie.im
Privacy Policy

Last updated: 21 March 2026

1. Who We Are

Tradie.im is a trade platform operated on the Isle of Man. We are the data controller responsible for your personal data. We are registered with the Isle of Man Information Commissioner (registration number R503676). If you have any questions about this policy or your data, contact us at [email protected].

2. Legal Framework

We process personal data in accordance with the Isle of Man Data Protection Act 2018 and the Data Protection (Application of GDPR) Order 2018, which applies the EU General Data Protection Regulation (GDPR) to the Isle of Man.

3. What Data We Collect

We collect and process the following categories of personal data:

  • Account information: Name, email address, and avatar (provided during sign-up via Clerk)
  • Business profile data: Business name, address, phone number, social media links, accreditations, opening hours, services, and descriptions (tradies only)
  • Job postings: Job descriptions, locations, and budget information
  • Messages: Private messages exchanged between customers and tradies, including messages to and from the AI assistant
  • Reviews and ratings: Written reviews, star ratings, and uploaded photos or videos
  • Activity data: Cheers given/received, engagement metrics, and saved addresses
  • Payment and subscription data: PayPal subscription IDs, billing status, payment history, and plan details. We do not store your full payment card details — these are held by PayPal
  • Invoicing data: Invoices created by tradies, including line items, amounts, customer details, and payment status
  • Time tracking data: Time entries, timer durations, hourly rates, and time budget information (Pro subscribers)
  • Calendar and scheduling data: Schedule entries, site visit bookings, and calendar event metadata
  • AI interaction data: Prompts, queries, and content provided to and generated by AI features (see section 11)
  • Receipt and expense images: Photographs of receipts and invoices uploaded by tradespersons, processed by AI to extract expense details
  • Team membership data: If you join a business as a team member, your role, permissions, activity within the business (including time entries, calendar events, and job interactions), which is visible to the business owner and other authorised team members
  • Custom job form data: Businesses may create custom fields to collect additional information relevant to their services from potential customers. The data collected depends on the fields configured by each business.
  • Push notification tokens: Device tokens for delivering push notifications, and your notification preferences
  • Analytics data: Page views, feature usage, clicks, and performance metrics collected via PostHog (only when you consent to analytics cookies)
  • Location data: With your explicit opt-in, approximate geolocation for the geofence feature (auto-starting timers near job sites). This data is processed locally on your device and is not sent to our servers
  • Technical data: IP address, browser type, and device information collected automatically when you use the platform

4. Lawful Basis for Processing

We process your data under the following legal bases:

Contract performance (Article 6(1)(b)): Processing necessary to provide the Tradie.im platform, including account management, business listings, job postings, messaging, reviews, subscriptions, invoicing, payment processing, AI writing assistance for Pro subscribers, and receipt/expense scanning.

Legitimate interests (Article 6(1)(f)): Platform security, fraud prevention, service improvement, the cheers/reputation system, AI-powered search and ranking features, push notifications for platform activity, and the AI chat assistant. We have conducted Legitimate Interest Assessments for these activities and concluded that our interests do not override your rights and freedoms. You have the right to object to processing based on legitimate interests at any time (see Section 8).

Consent (Article 6(1)(a)): Where you explicitly opt in to optional features such as analytics cookies (PostHog), geolocation features (geofencing for timers), and specific notification types. You may withdraw consent at any time through your account settings or the cookie consent banner without affecting the lawfulness of prior processing.

Legal obligation (Article 6(1)(c)): Where we are required to retain data to comply with Isle of Man law, including financial record-keeping requirements.

5. How We Use Your Data

We use your personal data to:

  • Create and manage your user account
  • Display business profiles on the platform
  • Facilitate job postings, quotes, and messaging between customers and tradies
  • Display reviews and ratings on business profiles
  • Operate the cheers reward system
  • Process subscription payments and manage billing
  • Enable tradies to create, send, and manage invoices
  • Process invoice payments between customers and tradies
  • Provide time tracking and budget management tools
  • Manage calendar events, schedule entries, and site visit bookings
  • Power AI features including the chat assistant and content generation
  • Send notifications about activity relevant to your account (including push notifications, email, and in-app notifications)
  • Ensure platform safety and enforce our terms of service
  • Improve and develop the platform
  • To extract expense details from uploaded receipt images using AI processing
  • To facilitate custom job forms configured by businesses, enabling them to collect information relevant to their services from potential customers
  • To enable businesses to manage teams, including controlling team member access to business data through granular permissions

6. Third-Party Services

We use the following third-party services that process personal data:

  • Clerk (authentication provider) — stores your login credentials, email address, name, and avatar. See Clerk's Privacy Policy.
  • Cloudflare (image storage and CDN via R2) — stores images you upload to business profiles, reviews, and jobs. Also provides content delivery and security services. See Cloudflare's Privacy Policy.
  • PayPal (payment processor) — processes subscription payments and invoice payments. PayPal acts as an independent data controller (not a processor on our behalf) for payment data it receives, and independently determines the purposes and means of processing that data. PayPal receives your name, email address, and payment details necessary to complete transactions. See PayPal's Privacy Policy.
  • Anthropic (AI provider) — powers our AI assistant and content generation features via the Claude API. When you use AI features, your inputs (such as prompts, job details, or message context) are sent to Anthropic for processing. Anthropic does not use API data to train its models. See Anthropic's Privacy Policy.
  • Receipt and expense images uploaded for scanning are also processed by Anthropic's AI. Images are processed in real-time and are not retained by Anthropic after processing.
  • PostHog (analytics) — if you consent to analytics cookies, we use PostHog to collect usage data such as page views, feature interactions, clicks, and performance metrics. This helps us understand how the platform is used and improve it. PostHog processes data in the EU. See PostHog's Privacy Policy.

We have data processing agreements (DPAs) or equivalent contractual safeguards in place with each of these providers to ensure your data is handled in accordance with Applied GDPR requirements. PayPal operates as an independent controller under its own Data Protection Addendum; all other providers listed above act as data processors under our DPAs. Copies of our data processing agreements are available on request.

When you interact with a business that has team members, your job details, messages, and invoicing information may be accessible to authorised team members of that business, subject to permissions set by the business owner. The business owner is responsible for ensuring that team member access complies with applicable data protection law.

When you submit a job request through a business's custom form on our hire pages, your information (including any custom fields configured by the business) is shared with that business and its team members. The business is responsible for their own use of your data beyond what is necessary for the platform's services.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide our services. Specifically:

  • Account data is retained until you delete your account
  • Business profiles are retained until the owner deletes them or their account
  • You may request deletion of your reviews at any time without deleting your account. Where a review is deleted, the associated rating may be retained in anonymised form for the purpose of maintaining rating integrity.
  • Messages associated with active jobs or disputes are retained to the extent necessary for the establishment, exercise, or defence of legal claims (Applied GDPR Article 17(3)(e)). Once a job is completed and any dispute period has passed, messages will be deleted upon request.
  • Cheers transaction records are retained for audit purposes
  • Payment and subscription records are retained for 7 years to comply with financial record-keeping requirements
  • Invoices and related payment records are retained for 7 years to comply with Isle of Man tax and accounting requirements
  • Time tracking data is retained until you delete your account or the associated records
  • AI interaction logs are retained for up to 90 days for service improvement and debugging, then anonymised or deleted
  • Analytics data collected by PostHog is retained for up to 12 months, after which it is automatically deleted
  • Push notification tokens are deleted when you unsubscribe from notifications or delete your account
  • Receipt and expense images are retained for 7 years alongside associated financial records, in accordance with Isle of Man tax and accounting requirements
  • Team membership records are retained for the duration of the membership and deleted upon the member leaving the business or deleting their account

When you delete your account, we remove your personal data from our active systems. Some data may be retained in encrypted backups for a limited period (up to 30 days). Financial records that we are legally required to retain will be kept in accordance with applicable laws.

Where you exercise your right to erasure, we will delete your personal data from active systems. Data in encrypted backups will be overwritten through our normal backup cycle within 30 days. We will not restore erased data from backups.

8. Your Rights

Under the Applied GDPR, you have the following rights:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data (you can also delete your account directly in Settings)
  • Right to data portability: Request your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interests
  • Right to restrict processing: Request that we limit how we use your data
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing
  • Rights related to automated decision-making: See section 11 below

Where we terminate your account, we will provide a reasonable period for you to export your data where practicable.

To exercise any of these rights, email us at [email protected]. We will respond within one month of receiving your request. This period may be extended by up to two further months for complex requests, in which case we will inform you of the extension.

9. Cookies

Tradie.im uses cookies in two categories:

  • Essential cookies: Strictly necessary for the platform to function, including authentication cookies set by Clerk. These cannot be disabled.
  • Analytics cookies: We use PostHog to collect anonymous usage data (page views, feature interactions, and performance metrics) to help us improve the platform. PostHog sets cookies and uses localStorage to maintain session continuity. Analytics cookies are only activated with your explicit consent — when you first visit the site, a cookie consent banner gives you the choice to accept or decline analytics. You can change your preference at any time by clearing your browser's local storage for tradie.im. We honour Do Not Track (DNT) browser settings.

We do not use advertising cookies. No data collected via analytics is used for advertising or sold to third parties.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including encrypted connections (HTTPS), secure authentication, access controls, and encrypted data at rest. In the event of a personal data breach, we will notify the Isle of Man Information Commissioner within 72 hours where required and inform affected individuals without undue delay.

Where a data breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay, providing details of the breach and the steps we recommend you take.

11. AI and Automated Decision-Making

Tradie.im uses artificial intelligence powered by Anthropic's Claude for the following purposes:

  • AI Chat Assistant: Tradies can interact with an AI assistant for help with business queries, drafting quotes, composing messages, and generating content. Your prompts and relevant context (such as job details) are sent to Anthropic for processing.
  • Content Summarisation: We use AI to summarise platform updates for our public changelog.
  • Smart Suggestions: AI may be used to provide recommendations or suggestions within the platform.
  • AI Writing Assistant: Pro subscribers can use an AI writing assistant to draft professional text for quotes, invoices, and messages. Your input text and relevant context are sent to Anthropic for processing.
  • Receipt and Expense Scanning: Tradespersons can upload photographs of receipts and invoices for AI-powered data extraction. Images are sent to Anthropic for processing to extract amounts, dates, descriptions, and categories.

Important: No fully automated decisions with legal or significant effects are made about you. AI features are assistive tools — all decisions (such as accepting quotes, approving businesses, or sending messages) require human action. You are not subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you (Article 22 GDPR).

Data handling: Data sent to Anthropic via their API is processed in accordance with Anthropic's data processing terms. Anthropic does not use API inputs or outputs to train their AI models. We do not send your personal data to AI services unnecessarily — only the context required to fulfil your request is transmitted.

You can choose not to use AI features without any impact on your access to core platform functionality.

12. Data Protection Impact Assessments

We have conducted Data Protection Impact Assessments (DPIAs) for our high-risk processing activities, including AI-assisted features, international data transfers, the cheers ranking system, receipt image processing, and custom job form data collection. These assessments are reviewed periodically and updated when processing activities change materially. You may contact us at [email protected] for further information about our DPIAs.

13. International Transfers

Some of our third-party processors process data outside the Isle of Man. Where personal data is transferred outside the Isle of Man, we ensure adequate safeguards are in place. Specifically:

  • Clerk and Anthropic (United States): Transfers are protected by Standard Contractual Clauses (SCCs) approved under GDPR, supplemented by technical measures including encryption in transit and at rest. We have conducted Transfer Impact Assessments for these transfers.
  • Cloudflare (Global network): Data is processed at the nearest data centre. Transfers outside adequate jurisdictions are protected by Cloudflare's DPA incorporating SCCs.
  • PayPal (Various jurisdictions): As an independent data controller, PayPal applies its own transfer mechanisms including SCCs and binding corporate rules.
  • PostHog (European Union): Processed within the EU. No additional transfer mechanism required.

We have conducted Transfer Impact Assessments for each international transfer and implemented supplementary technical and organisational measures where required by the Applied GDPR.

14. Push Notifications

With your consent, we may send push notifications to your device about platform activity such as new messages, quote updates, job status changes, and timer reminders. You can manage your notification preferences at any time from your notification settings. You can also disable push notifications through your browser or device settings.

15. Children's Data

Our platform is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we become aware that a user is under 18, we will take steps to delete their account and associated personal data. If you believe a child has provided us with personal data, please contact us at [email protected].

16. Complaints

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Isle of Man Information Commissioner:

17. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. For material changes, we will make reasonable efforts to notify you via email or in-app notification. We encourage you to review this policy periodically.