Privacy Policy

Menu

Home How It Works Why Renofy Common Questions About

Privacy Policy

How we protect your personal information

Last updated: 03/06/2026

Your Privacy Matters

At Renofy, we take your privacy seriously. This policy explains what information we collect, how we use it, how long we keep it, and how we protect it.

Renofy Ltd ("Renofy", "we", "us", or "our") is the data controller for the personal data processed through this Platform. We are registered in England and Wales (Company No. 16288740).

Renofy is a digital agreement platform and marketplace for the trades and home improvement market. We provide tools for creating shared digital job agreements and connecting Customers with Tradespeople. Renofy operates as a neutral facilitator and does not supervise or guarantee any work between users. Agreements are made directly between Customers and Tradespeople. Payments are made directly between the parties or, where they choose to use it, through our payment provider, Stripe — Renofy does not hold or control these funds.

What's Public, What's Private

Public Information

Your user profile is publicly visible to anyone, including:

  • Your name and bio
  • Your profile picture (if uploaded)
  • Your skills (for Tradespeople)
  • Your work history (completed jobs, descriptions, and photos)

When you post a job, the following information is also publicly visible and may be indexed by search engines:

  • Job title and description
  • Approximate location (obfuscated within a 250m radius)
  • Project photos you upload
  • Required skills for the job

Shared with the Other Party

When you enter into a digital job agreement on the Platform, the other party to that agreement can see:

  • Your name and profile information
  • All agreement content (scope, pricing, milestones, invoices)
  • All variations, messages, and photos within that agreement
  • The timestamped audit trail of agreement events

Private Information

The following information remains strictly private unless you choose to share it:

  • Your full street address
  • Your phone number
  • Your email address
  • Your private messages (visible only to participants)
Protected Communication: We recommend communicating through the in-app messaging system. Your phone number and email address will not be shared with other users unless you explicitly choose to share them.

When Information is Shared

Information Type When It's Shared Who Can See It
Full Address Never automatically shared Only if you choose to share manually
Phone/Email Never automatically shared Only if you choose to share manually
Messages When you send them The specific user you're messaging
Profile Information When you create your account Anyone (profiles are public)
Agreement Content When you create or accept an agreement Both parties to the agreement
Work History When a job is completed Anyone (work history is public)
Posted Jobs When you post a job Anyone (job pages are public and indexed by search engines)

In-App Messaging

All communication between Customers and Tradespeople happens through the secure messaging system. This ensures:

  • Your contact details remain private until you choose to share them
  • Messages are stored securely and only visible to participants
  • You have a permanent record of all communications
  • You can report inappropriate messages to Renofy

AI Assistant

Renofy includes an AI-powered assistant to help you describe your job and, for Tradespeople, draft quotes. When you use the AI assistant, we store the content of your conversations - including any information you choose to share during the chat.

What We Collect

  • The text of messages you send and the responses you receive during AI assistant sessions
  • The date and time of each message
  • Your account identifier (if you are logged in)

How We Use It

We use AI assistant conversation data to:

  • Provide and maintain the AI assistant feature
  • Improve the quality and accuracy of responses
  • Identify and fix technical issues

We do not use your conversations to train third-party AI models.

Third-Party Processing

Your messages are sent to our AI provider (currently OpenAI) to generate responses. OpenAI processes this data on our behalf under a data processing agreement and does not use it to train its models. See the "Third-Party Services" section below for more details.

Tip: Avoid sharing sensitive personal information (such as financial details, passwords, or full addresses) in the AI assistant chat. The assistant does not need this information to help you describe your job.

Location Privacy

We show your general area only (town and approximate location) in job listings. Your exact street address is only shared if you choose to share it manually. This protects your privacy while allowing Tradespeople to determine if the job is in their service area.

Example: Instead of showing "123 Bloodworth Street, Wigan WN1 5LN", we show "Wigan*" and an obfuscated location to all Tradespeople browsing jobs.

Information We Collect

Information You Provide

  • Account details (name, email, phone number, password)
  • Profile information (location, bio, profile picture, skills)
  • Job details (descriptions, photos, location)
  • Agreement content (scope, pricing, milestones, invoices, variations)
  • Messages and communications
  • AI Assistant conversations (see "AI Assistant" section below)
  • Insurance and qualification information (Tradespeople)

Information We Collect Automatically

  • Device and browser information
  • IP address and general location
  • Usage patterns and interactions
  • Cookies and similar technologies
  • Agreement event data (acceptance timestamps, variation history, milestone completions)

Information We Receive from Third Parties

  • Social sign-in providers (Google, Facebook, Apple): your name, email address, and profile picture
  • Identity verification provider (OneID Limited): confirmation that an identity check has been completed, and/or limited results of the check
  • Payment provider (Stripe): confirmation of connected account and onboarding status, payout and transaction data, and limited verification results

How We Use Your Information

We use your information for the following purposes:

  • Provide and operate the Platform, including the marketplace and digital job agreements
  • Maintain Agreement records and audit trails as evidence of what was agreed and delivered
  • Send important account, service, and job-related notifications (including by SMS)
  • Display your profile, work history, and public job pages
  • Connect you with Tradespeople or Customers
  • Facilitate optional card payments through our payment provider, Stripe
  • Prevent fraud and ensure platform security
  • Improve the Platform and develop new features
  • Comply with legal obligations

Lawful Basis for Processing (UK GDPR)

Under the UK General Data Protection Regulation, we process your data on the following bases:

Purpose Lawful Basis
Providing the Platform and your account Contractual necessity (Art 6(1)(b))
Maintaining Agreement records and audit trails Contractual necessity and legitimate interest (Art 6(1)(b) and (f))
Sharing Agreement data with the other party Contractual necessity (Art 6(1)(b))
Retaining Agreement records after account deletion (up to 6 years) Legitimate interest and legal obligation (Art 6(1)(f) and (c))
Displaying public profiles, job pages, and work history Legitimate interest (Art 6(1)(f))
Sending service notifications (email and SMS) Contractual necessity (Art 6(1)(b))
Facilitating payments through Stripe Contractual necessity (Art 6(1)(b))
Storing AI Assistant conversations to improve the service Legitimate interest (Art 6(1)(f))
Fraud prevention and platform security Legitimate interest (Art 6(1)(f))
Complying with legal obligations Legal obligation (Art 6(1)(c))

Where we rely on legitimate interest, we have assessed that the processing is necessary for the purpose, is proportionate, and does not override your rights and freedoms. Our primary legitimate interest is maintaining the integrity and evidential value of Agreement records for the benefit of both parties.

Cookies

We use cookies to improve your experience on Renofy. Cookies help us remember your preferences, keep you logged in, and understand how you use the Platform.

Cookies We Use

  • Essential cookies: Required for the Platform to function (authentication, session management, security). This includes fraud-prevention cookies set by our payment provider, Stripe, where card payments are used. These cannot be disabled.
  • Functional cookies: Remember your preferences and settings to improve your experience.
  • Marketing and analytics cookies: Help us measure how visitors find and use the Platform, and the effectiveness of our advertising. These are only set if you accept them via the cookie banner. We use Google Analytics, Google Ads, Meta (Facebook) Pixel, and Reddit Pixel for this purpose, delivered via Google Tag Manager.

Marketing and analytics cookies are off by default and are only set after you explicitly enable them via the cookie banner — for example by clicking "Accept all", or by enabling marketing cookies in the preferences panel. You can change your choice at any time by selecting "Cookie preferences" in the footer, or by clearing your browser's site data for renofy.io. Disabling essential cookies through your browser may prevent you from using the Platform.

Third-Party Services

We share limited information with trusted third-party services to operate the Platform:

  • Cloud Hosting & Database: To store and protect your data securely. All data is hosted within the UK/EU.
  • Email Service: To send you important notifications and service updates.
  • SMS Service (Twilio): To deliver transactional SMS notifications. Your phone number is transmitted to Twilio for delivery purposes only.
  • Error Monitoring (Sentry): To detect and resolve technical issues. Sentry may receive device information and technical context when errors occur. We take steps to minimise the personal data included in error reports.
  • Identity Verification (OneID Limited): Tradespeople may be required to complete an identity check using a third-party provider. The provider may collect and process information directly from you and may act as an independent controller of that data under its own privacy notice. Renofy may receive confirmation and/or limited results of the check.
  • Payment Processing (Stripe): Card payments on the Platform are optional and processed by Stripe, Inc. ("Stripe"). To accept card payments, a Tradesperson connects a Stripe account and provides identity, business, and bank details directly to Stripe during onboarding. Stripe processes this data as an independent controller under its own privacy policy. Renofy shares limited account information (such as name and email) with Stripe to create and manage the connection, and receives confirmation of account and payment status and related transaction data. Renofy does not receive or store full card details.
  • Social Sign-In Providers (Google, Facebook, Apple): When you sign in using a social login provider, we may receive your name, email address, and profile picture from that provider. This data is stored as part of your Renofy account.
  • In-App Messaging (CometChat): Our in-app messaging is powered by CometChat. Your display name, link to public profile picture, and a link to your Renofy profile are shared with CometChat. Messages you send through the messenger are transmitted and stored by CometChat to deliver them to the recipient.
  • AI Assistant (OpenAI): When you use the AI assistant, your messages are sent to OpenAI to generate responses. OpenAI processes this data under a data processing agreement and does not use it to train its models. Renofy also stores a copy of AI assistant conversations to improve the service. See the "AI Assistant" section above for details.
  • Marketing Analytics (Google, Meta, Reddit): If you accept marketing cookies, we share visit and conversion event data (such as which page you visited and whether you signed up or posted a job) with Google Analytics, Google Ads, Meta (Facebook), and Reddit so we can measure ad campaign performance. These platforms may set their own cookies and link the data to your account with them where applicable. You can opt out at any time by selecting "Cookie preferences" in the footer.

These partners are contractually obligated to protect your data and use it only for specified purposes. Where a third party acts as an independent controller (such as an identity verification provider or payment processor), their processing is governed by their own privacy notice.

Operational data — your account, agreements, messages, profile and job content — is stored within the UK and EU. Some of our marketing analytics partners (Google, Meta, Reddit) are based outside the UK and may process limited data internationally. Where this happens, we rely on UK-approved transfer mechanisms (the UK Addendum to the Standard Contractual Clauses, the International Data Transfer Agreement, or adequacy decisions). You can prevent any transfer to these advertising platforms by rejecting marketing cookies in our cookie banner or via "Cookie preferences" in the footer.

Where you use the optional card payment facility, our payment provider Stripe may process payment-related data internationally under its own UK-approved transfer safeguards and privacy policy. This processing is necessary to provide the payment facility and cannot be opted out of separately while using it.

Data Retention

We retain different types of data for different periods, depending on the purpose:

Data Type Retention Period
Account and profile data For as long as your account is active, then deleted or anonymised within 30 days of account deletion
Agreement records and audit trails Minimum 6 years after the completion or termination of the relevant Agreement, regardless of account status — in line with the Limitation Act 1980
Messages For as long as your account is active, then deleted within 30 days of account deletion (unless they form part of an Agreement record)
Public work history and job pages May be retained after account deletion where the law allows, to support transparency and informed decision-making
Payment and transaction data (via Stripe) Stripe retains payment data in accordance with its own legal, tax, and regulatory obligations and privacy policy. Renofy retains related transaction records only as needed for accounting and legal compliance.
AI Assistant conversation data Retained while needed to improve the service, then deleted. Conversations from anonymous (non-logged-in) users are not linked to any account.
Data received from social login providers For as long as your account is active, then deleted within 30 days of account deletion

Identity verification providers may retain data in accordance with their own legal and regulatory obligations and privacy notices.

Your Rights and Control

Under the UK GDPR, you have the following rights over your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Update or correct your personal data at any time through your profile settings, or by contacting us.
  • Erasure: Delete your account directly from Account Settings, or by emailing [email protected] with the subject line "Data Deletion Request" and we will action that manual request within 30 days. Please note that Agreement records and audit trails are retained for a minimum of 6 years after completion, as described in the Data Retention section above.
  • Restriction: Request that we restrict how we process your data in certain circumstances.
  • Portability: Request a copy of your data in a structured, commonly used format.
  • Objection: Object to processing based on legitimate interest. We will stop processing unless we can demonstrate compelling legitimate grounds.

If your request relates to personal data processed by a third-party identity provider during an identity check, you may need to contact that provider directly (see "Third-Party Services" above).

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you.

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Changes to This Policy

We may update this Privacy Policy from time to time. We'll notify you of any significant changes by email or through a notice on the Platform. Your continued use of Renofy after changes indicates acceptance of the updated policy.

Questions About Privacy?

If you have questions about our privacy practices or want to exercise your rights, please contact us:

Email: [email protected]
Response Time: We aim to respond within 48 hours