Privacy Policy

Last Updated: May 2026

1. Introduction

Scout The Area ("we", "us", "our") is committed to protecting your privacy. This policy explains how we collect, use, store, and protect your personal data in accordance with the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018.

2. Data We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address - for account access and communications
  • Role - buyer, scout, or admin
  • Profile data - scout location, bio (scouts only)
  • Stripe Connect ID - for scout payouts (scouts only)

2.2 Job & Transaction Data

When you use our platform, we collect:

  • Property addresses - for neighbourhood reports (buyers)
  • Custom check requests - specific instructions for scouts
  • Photos and videos - uploaded work submissions (scouts)
  • Payment information - processed securely by Stripe (not stored by us)
  • Ratings and reviews - feedback on completed jobs
  • Safety reports - descriptions and optional photos
  • Buyer flags - internal scout feedback on buyers

2.3 Technical Data

We automatically collect:

  • IP address - for security and fraud prevention
  • Browser type and device - for platform optimization
  • Usage data - pages visited, features used
  • Authentication tokens - for secure session management

3. How We Use Your Data

We use your data to:

  • Provide the service - match buyers with scouts, process payments, deliver reports
  • Communicate with you - job updates, payment confirmations, support responses
  • Improve the platform - analyze usage patterns, fix bugs, add features
  • Ensure safety - monitor for fraud, abuse, and policy violations
  • Comply with law - respond to legal requests, enforce terms

4. Legal Basis for Processing

Under GDPR, we process your data based on:

  • Contract - necessary to provide our marketplace service
  • Legitimate interests - fraud prevention, platform improvement, customer support
  • Consent - for marketing emails (you can opt out anytime)
  • Legal obligation - compliance with UK tax and financial regulations

5. Data Storage & Security

5.1 Where We Store Data

Your data is stored using:

  • Supabase - database and file storage (hosted in EU/UK data centers)
  • Stripe - payment processing and scout payout data
  • Vercel - application hosting (may use global CDN for performance)

5.2 Data Security

We protect your data with:

  • Encryption - HTTPS/TLS for data in transit, encrypted storage at rest
  • Access controls - database-level access controls ensure users only see their own data
  • Authentication - secure password hashing, session management
  • Regular backups - daily automated backups for disaster recovery

5.3 Data Retention

We retain your data for:

  • Active accounts - as long as your account remains active
  • Deleted accounts - up to 30 days for recovery, then permanently deleted
  • Transaction records - up to 7 years for tax and legal compliance
  • Completed job submissions (all scout-submitted content including photos, videos, audio, noise readings, notes, and reports) - retained for up to 7 years for evidence, legal, regulatory, and insurance purposes
  • Safety reports - retained indefinitely for platform safety

6. Data Sharing

We share your data with:

  • Other users - buyers see scout profiles, scouts see job details
  • Stripe - for payment processing and scout payouts
  • Service providers - Supabase (database), Vercel (hosting), Resend (transactional emails)
  • Law enforcement - if legally required or to prevent harm

We do NOT sell your data to third parties for marketing purposes.

7. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access - request a copy of your personal data
  • Rectification - correct inaccurate data
  • Erasure - request deletion of your data ("right to be forgotten")
  • Portability - receive your data in a portable format
  • Restriction - limit how we process your data
  • Objection - object to processing based on legitimate interests
  • Withdraw consent - opt out of marketing emails anytime

To exercise these rights, please contact us through our Contact page. We will respond within 30 days as required under UK GDPR.

8. Cookies

We only use essential cookies that are strictly necessary for the platform to function. These cookies do not require your consent under GDPR as they are needed to provide the service you've requested.

8.1 Essential Cookies We Use

  • Authentication cookies - Keep you securely logged in to your account
  • Session cookies - Remember your preferences during your visit
  • Payment cookies - Process transactions securely
  • Security cookies - Prevent CSRF attacks and unauthorized access

8.2 Analytics (Cookieless)

We use Vercel Analytics to understand how visitors use our platform. This service is privacy-friendly:

  • No cookies - Vercel Analytics does not use cookies
  • No personal data - Does not collect personally identifiable information
  • Aggregated data only - We see page views and visitor counts, not individual users
  • GDPR compliant - No consent banner required as no tracking cookies are used

8.3 What We Don't Use

We do NOT use:

  • Tracking cookies - No Google Analytics, Facebook Pixel, or similar tracking
  • Marketing cookies - No retargeting or advertising cookies
  • Third-party tracking - No social media widgets or embeds that track you

8.4 Managing Cookies

You can disable cookies in your browser settings, but this will prevent you from logging in or using the platform. Since we only use essential cookies, there is no "opt-out" option - they are required for the service to work.

Future changes: If we ever add tracking or marketing cookies, we will update this policy and add a cookie consent banner to request your permission first.

9. Children's Privacy

Our platform is not intended for users under 18. We do not knowingly collect data from children. If you believe we have collected data from a minor, please contact us immediately through our Contact page.

10. Changes to This Policy

We may update this policy to reflect changes in law or our practices. We will notify you of significant changes via email or platform notice. Continued use after changes constitutes acceptance.

11. Contact & Complaints

For privacy questions or to exercise your data rights, please contact us through our Contact page.

If you're not satisfied with our response, you have the right to complain to the UK Information Commissioner's Office (ICO). Our ICO registration number is ZC117566. Visit ico.org.uk for more information.