Skip to Main Content
Pipework HQ Legal

Privacy Policy

Last Updated: June 9, 2026

1. Introduction

Pipework HQ ("we", "our", or "us") is operated by **ADAIDigital Ltd**. We are committed to protecting the privacy of heating engineers, plumbers, and business users ("Tenants"), as well as their customers ("End-Users"). This Privacy Policy explains how we collect, store, process, and protect personal data in compliance with the **UK GDPR** and the **Data Protection Act 2018 (DPA 2018)**.

2. Data We Collect

For Tenants (Heating & Plumbing Professionals):

  • **Account Information:** Name, email address, phone number, company name, company registration numbers, VAT registration details, Gas Safe / OFTEC accreditation IDs, and credentials.
  • **Payment Details:** Payment cards and bank details processed securely via our payments partner, Stripe. We do not store raw card numbers on our servers.

For End-Users (Customers of our Tenants):

  • **Customer & Property Records:** Name, physical property address, billing address, contact phone number, and email.
  • **Compliance & Service History:** Boiler manufacturer, model, appliance location, safety test records, combustion analyzer readings (CO/CO₂ ratios), and service logs.

3. How We Use Your Data

We process personal data strictly under the following lawful bases:

  • **Contractual Performance:** To manage user accounts, coordinate job diaries, issue sequential compliant invoices, and route Stripe Connect payments.
  • **Legal Obligation:** To preserve tax archives and sequential billing registries in accordance with HMRC VAT notice 700/22 guidelines.
  • **Consent:** To dispatch automated annual service reminders or outreach notices on behalf of our Tenants (which can be toggled off at any time).

4. Data Storage & Residency

All application data, customer databases, and files are hosted securely on Google Cloud and Firebase. In compliance with UK data protection regulations, all servers and data storage facilities are restricted exclusively to the **London region (europe-west2)**.

5. Cookies, Analytics & Tracking

Essential cookies. We use essential session cookies to authenticate accounts, keep you signed in, and maintain offline local caches for mobile / PWA support. These are always on, because the service cannot function without them.

Product analytics (with your consent). With your consent, we use PostHog — a privacy-friendly product-analytics tool hosted in the EU — to understand how Pipework HQ is used (for example, which pages and features are visited) so we can improve it. Analytics are switched off until you choose “Accept” on our cookie banner, and you can decline, or change your mind, at any time. We collect usage events such as page views and interactions; we do not create profiles of anonymous visitors, we do not use this for advertising, we do nottrack you across other websites, and we never sell your data. This includes interactions captured automatically (such as clicks and page navigation) and your IP address, which PostHog uses only to estimate approximate location — never to identify you.

Lawful basis & control. Analytics rely on your consent (under PECR and the UK GDPR). Declining does not affect your use of the service. Analytics data is processed and stored in the EU(PostHog EU Cloud); the EU is an approved (“adequate”) destination under UK data-protection law, so this transfer is lawful. Once you accept, analytics use cookies and local storage on your device; either way we remember your consent choice in your browser. Withdrawing stops any further analytics — to request deletion of analytics already collected, email office@adaidigital.co.uk.

Checking your analytics choice…

Change your choice at any time — it takes effect immediately.

6. Your Rights

Under the UK GDPR, you have the right to access, rectify, or request erasure of your personal data, as well as the right to restrict processing and data portability. To exercise these rights, please contact our data team at **office@adaidigital.co.uk**.

7. Data Retention

We keep personal data only for as long as we need it. The main retention periods are set out below.

  • **Customer data during your subscription:** While a Tenant has an active subscription, we retain their account data and their customers' records so the service can function.
  • **After cancellation (30-day grace period):** When a subscription is cancelled, we keep the Tenant's data for a further **30 days**. This grace period lets us resolve any billing disputes and gives the Tenant a final window to export their records. After those 30 days, the data is **deleted or anonymised**.
  • **Backups:** Personal data held in our routine backups is purged within **35 days** of deletion from the live system, in line with our backup rotation cycle.
  • **Audit and financial logs:** Some records, such as invoicing, tax, and security audit logs, are retained for longer where the law requires it (for example, HMRC record-keeping rules). These are kept only for as long as the relevant legal obligation lasts, and then deleted.

8. Data Controllers, Processors & Sub-processors

It is important to be clear about who is responsible for what.

  • **The Tenant is the Data Controller.** Each Tenant (the heating or plumbing business) decides why and how their customers' personal data is used. They are the **Data Controller** for that data.
  • **Pipework HQ is a Data Processor.** We process customer personal data on the Tenant's behalf, and only on their instructions, under a **Data Processing Agreement (DPA)**.

Our sub-processors

To deliver the service, we use a small number of trusted sub-processors. Each one has its own data protection commitments. They are:

  • **Google Cloud / Firebase** — application hosting and database storage. Data is held in the **UK (London region, europe-west2)**.
  • **Google Vertex AI (Gemini)** — text recognition (OCR) on uploaded documents and AI content generation. Processing runs on **EU-region** models only.
  • **Stripe** — secure processing of payments and card details.
  • **Postmark** — sending transactional emails, such as account notices and service reminders.
  • **PostHog (EU Cloud)** — privacy-friendly product analytics (usage and page-view data), used **only with your consent**. Data is held in the **EU**.

Any AI processing that involves personal data is carried out **only by EU-region models**, in keeping with our data residency commitments.

9. Lawful Basis & Tenant Responsibilities

When a Tenant uploads or enters their customers' personal data into Pipework HQ, the **Tenant remains responsible** for having a valid lawful basis to use that data.

  • **Establishing a lawful basis:** The Tenant must establish the correct lawful basis for their customers' data, such as **legitimate interest** for managing service records, or **consent** where it is required (for example, before sending marketing).
  • **Our role:** As a processor, Pipework HQ processes this data **only on the Tenant's documented instructions**, and only to provide the service. We do not use a Tenant's customer data for our own purposes.