Privacy Policy

Last Updated: December 2025

Simpler Recycling Audit ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our service located at simplerecyclingaudit.co.uk.

1. Legal Information

Simpler Recycling Audit is a trading name of Ramnik Dahiya, operating as a Sole Trader in the United Kingdom. For the purposes of the UK Data Protection Act 2018 and UK GDPR, Ramnik Dahiya is the Data Controller.

2. Data We Collect

We only collect the minimum amount of data necessary to provide our compliance audit services:

  • Account Data: Your business name, contact name, and email address (processed via Supabase Auth).
  • Business Information: Employee count (FTE), waste carrier details (name and registration number) for compliance tracking purposes.
  • Audit Data: Waste Transfer Note metadata (dates, waste streams, carrier information) and uploaded compliance documents (WTNs, photos) that you input into the system to maintain your digital audit trail.
  • Compliance Records: Contamination logs, collection schedules, and compliance reports generated within the platform.
  • Billing Data: We use Stripe for payment processing. We do not store your credit card details on our servers; these are handled entirely by Stripe in accordance with PCI-DSS standards.

3. How We Use Your Data

We use your information to:

  • Provide and maintain your digital compliance audit trail for the UK Simpler Recycling regulations.
  • Generate compliance reports for Environment Agency inspections.
  • Track waste stream compliance status and alert you to missing documentation.
  • Notify you of upcoming compliance deadlines (e.g., the 31 March 2025 or 31 March 2027 deadlines for micro-firms).
  • Manage collection schedules and send reminders for upcoming collections.
  • Process your subscription payments securely.
  • Prevent fraudulent activity and ensure the security of our platform.
  • Improve our service based on usage patterns (in aggregate, anonymized form).

4. Third-Party Service Providers

To run our service, we share data with the following essential "Data Processors":

  • Supabase: For secure database storage, user authentication, and file storage of uploaded documents.
  • Vercel: For hosting our web application.
  • Stripe: For secure payment processing and subscription management.
  • Cloudflare: For website security, DDoS protection, and email routing.

All third-party processors are GDPR-compliant and process data on our behalf under appropriate data processing agreements.

5. Your Rights (UK GDPR)

Under UK law, you have the following rights regarding your personal data:

  • The right to access: You can request a copy of the data we hold about you.
  • The right to rectification: You can ask us to correct inaccurate information through your profile settings or by contacting us.
  • The right to erasure: You can request that we delete your account and associated data.
  • The right to data portability: You can request your data in a structured, machine-readable format.
  • The right to withdraw consent: You can cancel your subscription and data processing at any time.
  • The right to object: You can object to processing of your data for certain purposes.

To exercise any of these rights, please contact us at support@simplerecyclingaudit.co.uk.

6. Data Retention

We retain your audit data for as long as your account is active. If you cancel your subscription, we will retain your compliance records for a period of 2 years to ensure you have access to historical audit trails in the event of an Environment Agency inspection or local authority inquiry, unless you explicitly request immediate deletion.

Deleted data is permanently removed from our systems within 30 days of the retention period ending.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • All data transmission is encrypted using SSL/TLS.
  • Passwords are hashed and securely stored.
  • Access to personal data is restricted to authorized personnel only.
  • Regular security updates and monitoring are maintained.
  • Uploaded documents are stored securely in Supabase storage with access controls.

8. Cookies and Tracking

Our service uses essential cookies for:

  • Authentication: To keep you logged in securely.
  • Session management: To maintain your session state across pages.

We do not use tracking cookies or third-party advertising cookies.

9. International Data Transfers

Your data is primarily stored within the EU/UK through our service providers. Where data is processed outside the UK/EU, appropriate safeguards are in place (such as Standard Contractual Clauses) to ensure your data remains protected to UK GDPR standards.

10. Children's Privacy

Our service is not intended for businesses operated by individuals under 18 years of age. We do not knowingly collect personal data from children.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by email or through a notice on our platform. The "Last Updated" date at the top of this policy indicates when it was last revised.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact:

Email: support@simplerecyclingaudit.co.uk
Address: [INSERT YOUR PHYSICAL/MAILING ADDRESS OR VIRTUAL OFFICE ADDRESS HERE]

For data protection concerns, you also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at https://ico.org.uk/make-a-complaint/.