Privacy Policy
Last updated: 14 May 2026
Trustnest ("we", "us", "our") is the data controller for personal data processed through this website and service. We are committed to protecting your privacy and comply with UK GDPR and the Data Protection Act 2018.
1. Data we collect
- Account data: name, email, password (hashed), and authentication tokens.
- Plan data: answers you provide about your or your relative's home, health, mobility, postcode, and any photos you upload.
- Pro data: business name, contact details, services, service area, insurance documents.
- Communications: messages, quotes and reviews exchanged through the platform.
- Technical data: IP address, device, browser, pages visited, and cookies (see our Cookie Policy).
2. How we use your data
- To deliver the Service — generate plans, match you with Pros, send messages and quotes.
- To verify Pros and operate trust & safety features.
- To send transactional emails (sign-up confirmations, quotes, password resets).
- To improve the Service through analytics and aggregated reporting.
- To comply with legal obligations and prevent fraud.
3. Lawful bases
We rely on the following lawful bases under UK GDPR:
- Contract — to provide the Service you've signed up for.
- Legitimate interests — for fraud prevention, service improvement and security.
- Consent — for non-essential cookies and marketing emails (where applicable).
- Legal obligation — to comply with tax, accounting and other laws.
4. Sharing your data
We share your plan summary and necessary contact details with Pros you choose to engage with. We share data with the following processors who help us run the Service:
- Supabase / Lovable Cloud — secure database, authentication and file storage (EU region where available).
- Email delivery providers — to send transactional and authentication emails.
- AI model providers — to generate your personalised plan from your answers (no data is used to train third-party models).
We do not sell your personal data.
5. International transfers
Where data is transferred outside the UK, we rely on adequacy decisions or Standard Contractual Clauses approved by the UK Information Commissioner.
6. Retention
We retain account and plan data for as long as you have an active account. After deletion or 36 months of inactivity, personal data is deleted or anonymised, except where we must keep it for legal reasons (e.g. tax records — typically 6 years).
7. Your rights
Under UK GDPR you have the right to:
- Access a copy of your data
- Rectify inaccurate data
- Erase your data ("right to be forgotten")
- Restrict or object to processing
- Port your data to another service
- Withdraw consent at any time
To exercise these rights, email privacy@trustnest.co.uk. You also have the right to complain to the UK Information Commissioner's Office (ico.org.uk).
8. Security
We use industry-standard encryption in transit (TLS) and at rest, role-based access control, and row-level security on our database. No system is perfectly secure — please report any suspected vulnerability to security@trustnest.co.uk.
9. Children
Trustnest is not intended for use by anyone under 18. We do not knowingly collect data from children. If you believe we have, contact us and we will delete it.
10. Changes
We may update this policy. Material changes will be notified by email or in-app banner before they take effect.
11. Contact
Data Controller: Trustnest. Email privacy@trustnest.co.uk for any privacy questions or to exercise your rights.