Legal

Privacy Policy

Last updated: 29 March 2026

WTNcloud (“we”, “us”, or “our”) is committed to protecting your personal data and processing it in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy explains what data we collect, why we collect it, and your rights.

1. Data Controller

The data controller is:

WTNcloud
Email: [email protected]

2. Data We Collect

We collect and process the following categories of personal data:

2.1 Account Data

  • Name and email address — used to create and manage your account.
  • Password (hashed) — we never store your password in plain text; it is stored as a one-way cryptographic hash.

2.2 Company Data

  • Business name, address, and waste carrier licence number, which appear on Waste Transfer Notes (WTNs) as required by law.

2.3 Waste Transfer Note Data

  • Details of each waste collection including: waste description, EWC codes, quantity, collection address, disposal station, vehicle registration, and date/time.
  • Signatures — electronic signatures of the waste producer and carrier, captured at the point of collection.
  • Photographs — optional photos of waste loads attached to WTN records.

2.4 Customer Data

  • Names, addresses, and contact details of your customers (waste producers) that you enter into the platform.

2.5 Billing Data

  • Payment card details are handled directly by Stripe and are not stored on our servers. We retain billing history (amounts, dates, subscription tier) for accounting purposes.

2.6 Technical and Usage Data

  • IP address, browser type, and session information collected automatically when you use the service.

2.7 Free WTN Generator Tool

Our Free WTN Generator is a publicly available tool that does not require an account. When you use this tool, we collect:

  • Email address — used to verify your identity and deliver your generated WTN PDF.
  • Contact name, company name, and phone number — optional fields used to personalise your WTN and for lead-generation purposes.
  • Waste transfer details — all form data you enter (carrier details, waste producer details, waste type, EWC code, quantity, transfer address, etc.) is stored as a JSON record for the purpose of generating your WTN PDF.
  • IP address, user agent, and referrer URL — collected automatically for fraud prevention and analytics.

Your WTN PDF is only generated and emailed to you after you verify your email address by clicking a confirmation link. Verification tokens expire after 24 hours.

3. Legal Bases for Processing

We rely on the following lawful bases under UK GDPR Article 6:

PurposeLegal Basis
Generating and storing WTN recordsLegal obligation — Environmental Protection Act 1990 and the Environmental Permitting (England and Wales) Regulations 2016; Controlled Waste (Registration of Carriers and Seizure of Vehicles) Regulations 1991; Waste (England and Wales) Regulations 2011
Providing the platform and managing your accountContract performance — processing is necessary to deliver the service you have subscribed to
PDF generation and email delivery of WTNsContract performance
Processing paymentsContract performance
Free WTN Generator — email verification and PDF deliveryConsent — by submitting the form and verifying your email, you consent to us processing your data for the purpose of generating and delivering your WTN
Free WTN Generator — lead generation and marketing communicationsLegitimate interests — we have a legitimate interest in contacting users of our free tool about our paid services
Service security, fraud prevention, and platform improvementsLegitimate interests — we have a legitimate interest in keeping the service secure and improving it for all users

SMS Communications

WTNcloud may send SMS messages to your customers on your behalf for the purpose of WTN signing requests, signing reminders, and completion confirmations. SMS sending requires your explicit consent, which you can provide or withdraw at any time via Settings → Notifications.

Customer phone numbers used for SMS delivery are processed solely for the purpose of delivering WTN-related notifications. Customers can opt out of future SMS by contacting the waste carrier or by emailing [email protected]. We maintain an SMS suppression list to ensure opted-out numbers are not contacted again.

4. Data Retention

We retain your data for the following periods:

  • Waste Transfer Note records — a minimum of 2 years from the date of transfer, as required by UK waste regulations. We may retain records for longer where there is an ongoing legal or regulatory obligation.
  • Account data — held for the duration of your subscription. On account closure, account data is deleted within 90 days unless retention is required by law (for example, where WTN records must be kept).
  • Billing records — retained for 7 years for UK accounting and tax purposes.
  • Technical logs — retained for up to 90 days.
  • Free WTN Generator data — lead records (email, contact details, and form data) are retained for up to 12 months from the date of submission. Generated PDFs are stored for 90 days and then automatically deleted.

5. Sub-processors and International Transfers

We use the following third-party sub-processors to operate the service. Each has been assessed for GDPR compliance and, where applicable, appropriate safeguards (Standard Contractual Clauses or UK IDTA) are in place:

Sub-processorPurposeLocation / Safeguard
Mega S4File storage (photos, signed PDFs)EU / GDPR-compliant
Postmark (ActiveCampaign)Transactional email deliveryUS / SCCs & UK IDTA
api2pdfPDF generation from WTN dataUS / GDPR-compliant
StripePayment processing and subscription managementUS / SCCs & UK IDTA
Self-hosted SMS GatewaySMS delivery for signing requests, reminders, and notifications to customersUK / Self-hosted infrastructure

We do not sell or share your personal data with third parties for marketing purposes.

6. Third-Party Integrations (QuickBooks, Xero)

WTNcloud offers optional integrations with third-party accounting software including Intuit QuickBooks and Xero. These integrations are entirely opt-in — no data is shared with these services unless you explicitly connect your account.

6.1 What happens when you connect

When you choose to connect QuickBooks or Xero, you are redirected to the provider's website to authorise access. WTNcloud requests access to:

  • Contacts / Customers — to import your existing customer list into WTNcloud and to create new contacts when generating invoices.
  • Invoices / Transactions — to create draft invoices in your accounting software linked to completed Waste Transfer Notes.

6.2 Data we store

  • OAuth tokens — encrypted at rest using AES-256-GCM. These tokens allow WTNcloud to access your accounting data on your behalf. We never store your accounting software password.
  • External IDs — we store the QuickBooks Customer ID or Xero Contact ID alongside your WTNcloud customer records to maintain the link between systems.
  • Invoice IDs — when an invoice is created via the integration, we store the external invoice ID on the WTN record.

6.3 Data sent to the provider

When you import customers or create invoices, the following data may be sent to your connected accounting provider:

  • Customer name, company, address, postcode, email, and phone number
  • Invoice line items (descriptions and amounts you enter)
  • WTN reference number (stored as a private note on the invoice)

No waste classification data (EWC codes), signatures, photos, or GPS coordinates are shared with accounting providers.

6.4 Disconnecting

You can disconnect an integration at any time from Settings > Integrations. When you disconnect:

  • OAuth tokens are revoked with the provider and permanently deleted from our database.
  • Previously imported customers and created invoices remain in both systems.
  • No further data is exchanged with the provider.

For more information about how these providers handle your data, please refer to Intuit's Privacy Statement and Xero's Privacy Policy.

7. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

  • Right of access — you can request a copy of the personal data we hold about you.
  • Right to rectification — you can ask us to correct inaccurate or incomplete data.
  • Right to erasure — you can request deletion of your data, subject to our legal retention obligations (for example, WTN records that must be kept for 2 years cannot be deleted before the retention period expires).
  • Right to data portability — you can export your WTN records at any time via the dashboard. We provide data in machine-readable formats where possible.
  • Right to restriction — you can ask us to restrict processing of your data in certain circumstances.
  • Right to object — you can object to processing based on legitimate interests.
  • Rights related to automated decision-making — we do not make solely automated decisions that produce legal or similarly significant effects.

How to Exercise Your Rights

You can exercise most rights directly via your account settings. For requests that cannot be fulfilled via the dashboard, or if you have any data protection queries, please contact us at [email protected]. We will respond within 30 days.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

8. Cookies

WTNcloud uses session cookies only. These are strictly necessary for you to remain logged in while using the service. We do not use tracking, analytics, or advertising cookies.

Under the Privacy and Electronic Communications Regulations 2003 (PECR), strictly necessary cookies do not require your consent as they are essential for the service to function.

9. Security

We take appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, and unlawful processing. These include:

  • Encryption of data in transit (TLS) and at rest.
  • Password hashing using industry-standard algorithms.
  • Access controls limiting who can access personal data.
  • Regular security reviews.

10. Children

WTNcloud is a business-to-business service and is not directed at individuals under the age of 18. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by email or via an in-app notice. The “Last updated” date at the top of this page indicates when the policy was last revised.

12. Contact Us

For any questions or concerns about this privacy policy or our data practices, please contact:

WTNcloud — Data Protection
Email: [email protected]
← Back to home

Try WTNcloud free

7-day trial · No card required

Start Free