SITE VERIFIED
Privacy policy

How we handle your data.

UK GDPR and the Data Protection Act 2018 form the baseline. This sets out what we collect, why, and the rights you have.

1. Data controller

Addaeus Ltd is the data controller for personal data processed by SiteVerified. Our data-protection lead is Joel Addai (Director); a formal Data Protection Officer is not required at our scale. Reach the data-protection inbox at dpo@siteverified.co.uk.

2. What we collect

  • Account data: name, email, hashed password, MFA secrets.
  • Operator profile data: trades, certifications, right-to-work documents, addresses for site travel radius.
  • Employer data: company name, Companies House number, billing address, team membership.
  • Platform activity: jobs posted, applications, reveals, ratings, messages, audit-log events.
  • Technical data: IP address, user-agent, session metadata for security purposes.

3. Lawful basis

We rely on (a) contract performance to deliver the Service you requested, (b) legitimate interest to operate the platform securely and prevent abuse, (c) legal obligation for tax, accounting, and right-to-work record-keeping, and (d) consent for any optional processing (e.g. preference cookies).

4. Transparency commitments

Under §LAW-013 (our internal data-handling standard) and Article 12 UK GDPR we commit to:

  • Telling you what we collect and why, in plain English.
  • Giving you machine-readable export of your data on request.
  • Honouring deletion requests within the statutory window, keeping only what we're legally required to retain.
  • Logging every read or write of your personal data in our audit trail.

5. Where data lives

Production data is stored on Neon Postgres in EU-west-2 (London). Document files are stored on Cloudflare R2 in an EU bucket. No transfers outside the UK/EU. See the data-handling policy for retention windows.

6. Sub-processors

We use a small number of specialist sub-processors (Stripe for payments, Resend for email, etc). The full list with purposes and regions is on the sub-processors page.

7. Your rights

  • Access: request a copy of the personal data we hold on you.
  • Rectification: correct inaccurate data.
  • Erasure: request deletion, subject to legal retention.
  • Portability: receive your data in a structured format.
  • Objection: object to certain processing on legitimate-interest grounds.
  • Complaint: lodge a complaint with the Information Commissioner's Office (ico.org.uk).

8. Verification & identity

See the trust & verification page for exactly what we verify and how. Verification documents are stored encrypted at rest and accessed only by the admin verification queue (audited per access).

9. Contact

Data-protection inbox: dpo@siteverified.co.uk. General support: support@siteverified.co.uk.

Powered byAddaeus