Who We Are
KitHQ ("KitHQ", "we", "us", "our") is a job management software platform for tradespeople, operated as a sole trader business in the United Kingdom. Our registered contact address and data controller details are provided at the end of this policy.
This Privacy Policy explains how we collect, use, store, and protect personal data when you use the KitHQ platform, including the Trader App, Customer Companion App, and all related services.
We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Data We Collect
We collect different categories of data depending on how you use KitHQ:
| Category | Data collected | Who it relates to |
|---|---|---|
| Account data | Name, email address, password (hashed), business name, phone number, business address, trade type, registration numbers (e.g. Gas Safe, NICEIC) | Traders |
| Business data | Hourly rates, parts surcharge settings, VAT registration details, invoice prefix, branding (logo, colours), Stripe account reference | Traders |
| Customer data | Customer name, email, phone number, address, property details, appliance information, service history, private notes | Traders' customers |
| Job data | Job descriptions, scheduled dates and times, job status, arrival and departure timestamps, job notes, customer signatures | Traders & their customers |
| Location data | GPS coordinates captured on job arrival (used to record location of work carried out). Only captured when the trader taps "Arrive" on an active job | Traders |
| Photos | Photos taken on site during jobs. Stored securely and linked to the relevant job and customer record | Traders & their customers |
| Financial data | Invoice amounts, payment status, parts costs, subscription billing information. Card details are processed by Stripe and never stored by KitHQ | Traders & their customers |
| Compliance documents | Gas Safety certificates (CP12), OFTEC certificates, electrical certificates, job completion certificates, digital signatures | Traders & their customers |
| AI usage data | Photos submitted for AI parts identification. These are processed by OpenAI's GPT-4o Vision API. We track usage counts for quota enforcement only | Traders |
| Usage data | Login timestamps, feature usage, subscription status. Used to improve the service and enforce fair usage limits | Traders |
How We Use Your Data
We use your data for the following purposes:
- Providing and operating the KitHQ platform and all its features
- Generating invoices, quotes, and compliance certificates on your behalf
- Sending emails to your customers (invoices, quotes, reminders) as instructed by you
- Processing subscription payments via Stripe
- Syncing invoice data to Xero when you connect your Xero account
- Syncing emails from your connected Gmail account to provide a unified inbox within KitHQ (Gmail integration subscribers only, requires your explicit OAuth authorisation)
- Identifying parts from photos using GPT-4o Vision (AI Add-on subscribers only)
- Sending automated service reminders and payment follow-ups as configured by you
- Enforcing fair usage limits on AI photo identification
- Improving and developing the KitHQ service
- Complying with legal obligations
Our legal basis for processing under UK GDPR is:
- Contract performance — processing necessary to deliver the service you have subscribed to
- Legitimate interests — service improvement, security, fraud prevention
- Legal obligation — where required by law
- Consent — for optional features such as marketing communications and Gmail account integration
Your Customers' Data
As a trader using KitHQ, you are the data controller for the personal data you enter about your customers. KitHQ acts as a data processor on your behalf.
This means:
- Your customers' data belongs to you and is entered by you
- You are responsible for having a lawful basis to store and process your customers' data
- You should have your own privacy notice that covers how you use their data
- KitHQ will only process your customers' data as instructed by you (e.g. sending an invoice email)
- We will never use your customers' data for our own marketing or share it with third parties without your instruction
If a customer asks you about how their data is used in KitHQ, you should refer them to this privacy policy as well as your own.
Third-Party Services
KitHQ uses the following third-party services to operate. Each has its own privacy policy:
| Service | Purpose | Data shared |
|---|---|---|
| Supabase | Database, authentication, file storage | All platform data — stored in EU data centres |
| Stripe | Subscription billing and payment processing | Billing email, subscription details. Card data processed by Stripe only |
| Resend | Transactional email delivery | Customer email address, invoice/quote content |
| OpenAI (GPT-4o Vision) | AI parts photo identification (AI Add-on only) | Photos submitted for identification. OpenAI retains API data for up to 30 days for safety monitoring only. OpenAI does not use API data to train its models. |
| Perplexity | Parts price sourcing and supplier search | Part name and number for search queries only |
| Xero | Accounting software sync (when connected by trader) | Invoice data, customer name and email, payment status |
| Google (Gmail) | Email sync for unified inbox (when connected by trader via OAuth) | Email metadata, sender, subject, and body of emails synced to your KitHQ inbox. Access requires your explicit authorisation and can be revoked at any time via Settings → Integrations. Google's privacy policy applies to your Gmail data. |
| Google Maps | Job directions, travel time, and engineer location map | Job address for routing — processed client-side only. Engineer GPS coordinates displayed on team dashboard — not shared with Google. |
We carefully select third-party services that meet appropriate security and privacy standards. Where possible, we use services with EU or UK data residency.
Location Data
KitHQ requests access to your device's GPS location when you tap the "Arrive" button on an active job. This location data is:
- Captured only at the moment you tap "Arrive" — not continuously tracked
- Stored against the job record as evidence of where work was carried out
- Visible to you (the trader) in your job records
- Not shared with your customers or any third party
- Used solely to provide an accurate record of job attendance
You can deny location permission when prompted — the job will still be marked as arrived but without GPS coordinates. Location permission can be managed in your device settings at any time.
Data Retention
We retain your data for as long as your KitHQ account is active. Specific retention periods:
- Account and business data — retained for the duration of your subscription plus 7 years (UK tax record requirements)
- Invoice and financial records — 7 years from the invoice date (HMRC requirement)
- Job photos — retained until you delete them or close your account
- Gas Safety certificates (CP12) — 2 years minimum (Gas Safe requirement)
- AI photo identification data — usage counts retained for billing; photos not retained by KitHQ after processing
- Location data — retained with the job record for the same period as job data
When you close your account, we will delete your personal data within 30 days, except where retention is required by law (e.g. financial records).
Data Security
We take the security of your data seriously. Our security measures include:
- All data transmitted over HTTPS/TLS encryption
- Database-level Row Level Security (RLS) — traders can only access their own data
- Passwords hashed using industry-standard algorithms — never stored in plain text
- API keys and secrets stored as server-side environment variables — never exposed to the browser
- Supabase storage with signed URLs for file access
- Stripe handles all card data — KitHQ never touches or stores card numbers
- Regular security reviews as the platform develops
Despite these measures, no system is completely secure. If you become aware of any security vulnerability or data breach, please contact us immediately at hello@kithq.co.uk.
Your Rights Under UK GDPR
You have the following rights regarding your personal data:
Right of Access
Request a copy of all personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete personal data.
Right to Erasure ("Right to be Forgotten")
Request deletion of your personal data, subject to legal retention requirements.
Right to Restriction of Processing
Request that we limit how we use your data in certain circumstances.
Right to Data Portability
Request your data in a structured, machine-readable format (CSV export available in Settings).
Right to Object
Object to processing based on legitimate interests, including direct marketing.
To exercise any of these rights, email hello@kithq.co.uk. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
Cookies
KitHQ uses minimal cookies necessary to operate the service:
- Authentication cookies — to keep you logged in to your account (essential, cannot be disabled)
- Session cookies — to maintain your session state while using the app (essential)
We do not use advertising cookies, tracking pixels, or third-party analytics cookies. We do not share cookie data with advertisers.
Children's Privacy
KitHQ is a professional business tool intended for use by adults (18 years and over). We do not knowingly collect personal data from anyone under the age of 18. If you believe a minor has provided us with personal data, please contact us at hello@kithq.co.uk and we will delete it promptly.
Changes to This Policy
We may update this Privacy Policy from time to time as KitHQ develops. When we make significant changes, we will:
- Update the "Last updated" date at the top of this page
- Send an email notification to all registered traders
- Show an in-app notification on your next login
Continued use of KitHQ after changes take effect constitutes acceptance of the updated policy.
Contact Us
For any privacy-related questions, data requests, or concerns:
Email: hello@kithq.co.uk
Website: kithq.co.uk
Response time: We aim to respond to all privacy requests within 5 business days and within 30 days as required by UK GDPR.
KitHQ is operated as a sole trader business in the United Kingdom. As data controller, we are responsible for the personal data processed through the KitHQ platform.