FittersMateBack to home

Privacy Policy

Last updated: April 2026

1. Who We Are

FittersMate is a business-to-business software-as-a-service (SaaS) platform operated by FittersMate Ltd, a company registered in England and Wales. Our platform provides customer relationship management (CRM) tools designed specifically for window installation and home improvement companies.

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, FittersMate Ltd is the data controller in respect of the personal data we collect about our customers (the businesses that use our platform). Our customers are data controllers in respect of any personal data they store about their own clients using our platform, and we act as a data processor on their behalf.

2. What Data We Collect

We collect and process the following categories of personal data:

  • Account information: Your name, email address, password (hashed), and role within your organisation when you create an account.
  • Company information: Your business name, address, branding preferences, and team member details.
  • Customer data: Information you enter about your leads, deals, installations, and clients, including names, addresses, telephone numbers, and email addresses.
  • Email content: When you connect your email account (Gmail, Outlook, or custom IMAP/SMTP), we sync and store email communications between you and your clients.
  • SMS and voice data: If you use our Business Phone feature, we process SMS messages and call records (including recordings where enabled) sent and received through the platform.
  • Facebook messages: If you connect your Facebook Page, we receive and store inbound Messenger conversations from your page visitors.
  • Payment information: We do not store your credit card details directly. All payment processing is handled securely by Stripe. We store your Stripe customer ID and subscription status.
  • Usage data: We collect information about how you use the platform, including pages visited, features used, and general interaction patterns, to improve our service.

3. How We Use Your Data

We use your personal data for the following purposes:

  • Providing the service: To operate and maintain your CRM account, including managing leads, deals, installations, clients, and communications.
  • Billing and payments: To process subscription payments, manage your billing cycle, and issue invoices through Stripe.
  • Communications: To send and receive emails, SMS messages, voice calls, and Facebook messages on your behalf through integrated third-party services.
  • Support: To respond to your enquiries and provide technical assistance.
  • Improvement: To analyse usage patterns and improve the platform's features and performance.
  • Legal obligations: To comply with applicable laws, regulations, and legal processes.

Our lawful bases for processing under UK GDPR are: performance of a contract (providing the service you have subscribed to), legitimate interests (improving our platform and preventing fraud), and compliance with legal obligations.

4. Data Storage and Security

Your data is stored securely using Supabase, with databases hosted on servers located within the European Union. We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction.

These measures include encryption of data in transit (TLS/SSL), encryption of data at rest, row-level security policies ensuring multi-tenant data isolation, and regular security reviews.

5. Third-Party Services

We use the following third-party services to deliver our platform:

  • Supabase (EU) — Database hosting, authentication, and real-time data services.
  • Stripe (US/EU) — Payment processing and subscription management. See Stripe's Privacy Policy.
  • Resend (US) — Transactional email delivery for system notifications.
  • Twilio (US) — SMS messaging, voice calling, and phone number provisioning for the Business Phone feature.
  • Meta / Facebook (US) — Facebook Messenger integration for receiving inbound messages from your Facebook Page.
  • Google (US) — Gmail integration for email sync when you connect a Google account.
  • Microsoft (US) — Outlook/Microsoft 365 integration for email sync when you connect a Microsoft account.

Where these services are located outside the UK/EU, data transfers are protected by appropriate safeguards including Standard Contractual Clauses (SCCs) or the service provider's participation in recognised adequacy frameworks.

6. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

  • Right of access: You can request a copy of the personal data we hold about you.
  • Right to rectification: You can request that we correct any inaccurate or incomplete data.
  • Right to erasure: You can request that we delete your personal data, subject to our legal obligations.
  • Right to data portability: You can request your data in a structured, commonly used, machine-readable format.
  • Right to object: You can object to processing based on legitimate interests.
  • Right to restrict processing: You can request that we limit how we use your data in certain circumstances.

To exercise any of these rights, please contact us at privacy@fittersmate.co.uk. We will respond to your request within one month.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide our services. When you cancel your subscription and request account deletion, we will delete your data within 30 days, except where we are required to retain it for legal, tax, or regulatory purposes.

Customer data (leads, deals, installations, client records, and communications) entered by you into the platform will be permanently deleted upon account cancellation and confirmation of data deletion.

8. Cookies

We use minimal cookies, limited to those strictly necessary for the functioning of the platform. These include session cookies for authentication purposes. We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

9. Children

FittersMate is a business-to-business platform and is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from anyone under 18 years of age. If we become aware that we have collected data from a person under 18, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through a notice on our platform at least 30 days before the changes take effect. Your continued use of the platform after the effective date constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@fittersmate.co.uk

FittersMate Ltd

United Kingdom