← Go Back

Privacy Policy

Last Updated: June 2026

1. Introduction

Grafters Market is committed to protecting your personal data and respecting your privacy. This Privacy Policy outlines how we collect, use, process, and protect your personal information when you use our platform, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data We Collect

We may collect and process the following data about you:

  • Identity Data: First name, last name, business name, and profile pictures.
  • Contact Data: Email address, phone number, and physical postcode/address.
  • Professional Data (Grafters): Trade categories, qualifications, Gas Safe certificates, Electrical certificates, and Public Liability Insurance documents.
  • Financial Data: We do not store full credit card details. Payment processing is handled securely via Stripe. We only store billing history and wallet balances.
  • Technical Data: IP addresses, browser types, and login logs (including 2FA verification records).

3. How We Use Your Data

We use your personal data primarily to operate the marketplace effectively:

  • To verify your identity and professional credentials.
  • To connect Homeowners with local Grafters (Homeowner contact details are only shared when a Grafter explicitly pays to unlock a lead).
  • To process payments and manage subscriptions.
  • To send platform notifications, lead alerts, and marketing communications (which you can opt out of).
  • To facilitate the dispute resolution process.

4. Data Sharing & Security

We do not sell your personal data to third parties. We may share your data with:

  • Other Platform Users: As required to fulfill the marketplace function (e.g., displaying public profiles, sharing unlocked contact info).
  • Service Providers: Secure third-party processors like Stripe (payments), Google/Facebook (authentication), and email delivery services.
  • Legal Authorities: If required by law to prevent fraud or protect the safety of our users.

We use robust security measures, including database encryption, secure SSL certificates, and Two-Factor Authentication (2FA) for our staff, to prevent unauthorized access to your data.

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including satisfying any legal, accounting, or reporting requirements. Professional documents (insurance/certificates) are retained to prove compliance for the duration of your active account.

6. Your Legal Rights

Under UK GDPR, you have the right to:

  • Request access to your personal data.
  • Request correction of incomplete or inaccurate data.
  • Request erasure of your personal data (the "Right to be Forgotten"), subject to legal hold requirements.
  • Withdraw consent for marketing communications at any time.

7. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact our Data Protection Officer via our Support Page or email us at info@graftersmarket.co.uk.