ShineByGrace

Privacy Policy

Last updated: 11 February 2026

1. Who We Are

ShineByGrace is a cleaning services management platform operated in Wellingborough, Northamptonshire, England. For any questions about this policy or your personal data, please contact us at [email protected].

2. What Data We Collect

We collect and process the following personal data:

  • Account information: name, email address, and password (stored securely using bcrypt hashing)
  • Customer details: name, address, town, phone number, email address, and property access information
  • Scheduling data: job dates, times, assigned cleaning agents, and job completion status
  • GPS location: collected from cleaning agents during active jobs for service verification purposes
  • Photos: property photos uploaded for job reference
  • Technical data: session cookies, push notification subscription data, and email verification tokens

3. Why We Collect It

We use your data for the following purposes:

  • Delivering and managing cleaning services, including scheduling and agent assignment
  • Verifying service delivery through location tracking and job completion records
  • Sending job reminders, completion notifications, and account verification emails
  • Authenticating your identity and securing your account
  • Communicating with you about your bookings and account

4. Data Sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes. Your data may be shared with:

  • Cleaning agents assigned to your jobs (limited to the information needed to carry out the service)
  • Resend (our email delivery provider) for sending transactional emails such as verification and reminders
  • Law enforcement or regulators if required by law

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Session data expires automatically (24 hours for standard sessions, 30 days for "remember me" sessions). Email verification tokens and rate limiting data are automatically deleted after their expiry period. If you request account deletion, we will remove your data within 30 days.

6. Cookies

We use essential cookies only. A session cookie is set when you log in to keep you authenticated. We do not use analytics, advertising, or tracking cookies. The session cookie is httpOnly and cannot be accessed by client-side scripts.

7. Your Rights

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the right to:

  • Access the personal data we hold about you
  • Correct any inaccurate or incomplete data
  • Delete your personal data (right to erasure)
  • Port your data to another service (data portability)
  • Object to or restrict certain processing of your data
  • Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please email us at [email protected]. We will respond within one month.

8. Data Security

We take reasonable measures to protect your personal data, including password hashing with bcrypt, httpOnly session cookies, rate limiting on login attempts, and bot protection via Cloudflare Turnstile. However, no method of transmission over the internet is 100% secure.

9. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated "last updated" date.

10. Contact

If you have questions or complaints about this policy or how we handle your data, please contact us at [email protected]. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.