Privacy Policy
Last updated: 3 May 2026 ยท UK GDPR compliant
1. Who We Are
Sorted BNB ("we", "us") is committed to protecting your personal data. This policy explains what we collect, why we collect it, how we use it and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We act as the data controller for personal data processed through sortedbnb.online and the Sorted BNB apps.
2. What Data We Collect
Account & profile
- Name, email address, phone number (optional)
- Role within your organisation (admin, supervisor, cleaner, etc.)
- Profile photo (optional)
Usage data
- Tasks created, completed and assigned
- Checklist items and photo attachments uploaded by your team
- GPS check-in/out timestamps and approximate location (mobile app, only when you grant permission)
- Login timestamps and device information
Payment data
- Billing email and subscription status
- We do not store card details โ payments are handled directly by Stripe
Technical data
- IP address, browser type, pages visited (server logs)
- Push notification tokens (mobile app only, to deliver task alerts)
3. How We Use Your Data
| Purpose | Legal basis (UK GDPR) |
|---|---|
| Provide and operate the Service | Contract performance (Art. 6(1)(b)) |
| Authenticate you and keep your account secure | Contract / Legitimate interests |
| Process payments and manage subscriptions | Contract performance |
| Send transactional emails (OTP codes, task alerts) | Contract performance |
| Send product update emails | Legitimate interests (opt-out available) |
| Improve and develop the Service | Legitimate interests |
| Comply with legal obligations | Legal obligation (Art. 6(1)(c)) |
5. Data Retention
- Active account data is retained for as long as your account is open.
- On account deletion, we retain your data for 30 days so you can export it, then delete it.
- Billing records are kept for 7 years to comply with UK tax law.
- Server logs are retained for 90 days.
6. Your Rights
Under UK GDPR you have the right to:
- Access โ request a copy of the personal data we hold about you
- Rectification โ ask us to correct inaccurate data
- Erasure โ ask us to delete your data (subject to legal retention requirements)
- Restriction โ ask us to restrict processing in certain circumstances
- Portability โ receive your data in a machine-readable format
- Object โ object to processing based on legitimate interests
To exercise any right email hello@sortedbnb.online. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).
8. Security
We use TLS encryption in transit, encrypted storage at rest, hashed OTP codes, JWT authentication with short-lived tokens, and role-based access controls. In the event of a data breach we will notify affected users and the ICO as required by law.
9. Children
The Service is not directed at individuals under 18. We do not knowingly collect data from minors.
10. Changes to This Policy
We may update this policy from time to time. We will notify you of material changes by email or in-app notice. The "last updated" date at the top of this page always reflects the current version.