Legal
Privacy Policy
Last updated: 26 May 2026
WTNcloud (“we”, “us”) is the data controller for personal data processed via our website, dashboard, and iOS/Android apps. We process data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Contact: [email protected].
1. Data We Collect
- Account & company — name, email, hashed password, business name and address, waste carrier licence number.
- WTN data — waste descriptions, EWC codes, quantities, addresses, vehicle registration, signatures, optional photos, and date/time.
- Customer data — names, addresses, and contact details of waste producers that you enter.
- Billing — subscription history. Card details are handled by Stripe and never stored on our servers.
- Technical — IP address, browser/device info, and basic usage data.
- Free WTN Generator — email (required) plus the form data you submit; used to verify your address and deliver your PDF.
2. Legal Basis for Processing
Under UK GDPR Article 6 we rely on:
- Legal obligation — for storing WTN records, GPS coordinates, and signatures required by the Environmental Protection Act 1990 and the Waste (England and Wales) Regulations 2011.
- Contract performance — for running your account, processing payments, and delivering the Service.
- Consent — for mobile permissions, SMS notifications, Free WTN Generator submissions, and marketing emails.
- Legitimate interests — for security, fraud prevention, and service improvement.
3. Mobile App Permissions
Each permission is requested only when needed and used solely as described:
- Precise location (GPS) — captured only at the moment you create or sign a WTN, as audit-trail evidence. No background tracking.
- Camera & photo library — only to attach waste-load photos to a WTN.
- Biometric unlock — handled by your device’s secure enclave. Biometric data never reaches our servers.
- Push notifications — for signing requests, reminders, and sync status.
Drafts and pending records are held in an encrypted SQLite database on your device so the apps work offline, and sync to our servers when connectivity returns.
4. Data Sharing
To run the Service we share data with carefully selected sub-processors providing payment processing, transactional email, PDF generation, file storage, crash monitoring, mobile push delivery, and SMS delivery. Personal data is stored on EU-based infrastructure. Where any processor transfers data outside the UK or EU, we rely on Standard Contractual Clauses and the UK IDTA.
Optional integrations with QuickBooks and Xero are opt-in: nothing is shared until you authorise the connection, and OAuth tokens are encrypted at rest. We do not sell your personal data.
5. Data Retention
- WTN records — minimum 2 years from the date of transfer (UK statutory requirement), longer where a legal or regulatory obligation applies.
- Account data — deleted within 90 days of account closure, except where retention is required by law.
- Billing records — 7 years (UK tax law).
- Free WTN Generator — lead data up to 12 months; generated PDFs auto-deleted after 90 days.
- Technical logs — up to 90 days.
6. Your Rights
Under UK GDPR you have rights of access, rectification, erasure, restriction, objection, and data portability. Most can be exercised directly via your account settings. For anything else, email [email protected] — we respond within 30 days. You can lodge a complaint with the Information Commissioner’s Office (ICO).
7. Cookies & Security
We use session cookies only — strictly necessary to keep you signed in. No tracking, analytics, or advertising cookies. Data is encrypted in transit (TLS) and at rest; passwords are hashed; access to personal data is restricted and logged.
8. Changes & Children
We may update this policy and will notify you of significant changes by email or in-app notice. WTNcloud is a B2B service and is not directed at individuals under 18.
Contact
WTNcloud — Data ProtectionEmail: [email protected]