Privacy Policy

FRASafe is operated by [YOUR COMPANY NAME] (“we”, “us”, “our”), trading as FRASafe. We are the data controller for personal data collected through this website and service at www.frasafe.co.uk.

To contact us about data protection matters, email hello@frasafe.co.uk.

ICO registration number: [to be added]

Account data

• Email address and hashed password (collected when you register)

Assessment data

• Property address (entered during assessment setup)
• Your answers to fire risk assessment questionnaire questions
• Legal declarations you sign prior to report generation
• Generated PDF report (stored securely in our systems)

Payment data

• Transaction records (assessment ID, amount, timestamp). We do not store card numbers or payment credentials — these are handled entirely by Stripe.

Usage and analytics data

• Pages visited, clicks, and navigation events
• Session recordings (screen interactions, with form inputs masked)
• Device type, browser, operating system, and approximate location (country/city)
• IP address

Address lookup data

• When you use the address autocomplete field, your partial address input is sent to Google's Places API to return suggestions.

We use the following sub-processors to deliver the service:

We do not sell your personal data to third parties.

• Assessment records — retained for 7 years from the date of the assessment in accordance with fire safety legislation and GDPR Article 5(1)(e).
• Account data — retained while your account is active. If you request account deletion, we will delete your account data within 30 days, subject to retaining any assessment records required by law.
• Analytics data — retained according to PostHog's standard retention policy (up to 7 years for event data).
• Payment records — retained for 7 years for financial and tax compliance.

We use PostHog for analytics. PostHog sets cookies to identify unique visitors and sessions. No advertising or third-party tracking cookies are used. Session recordings are captured to help us improve the service — all form inputs (including passwords and addresses) are masked and never recorded.

By using FRASafe you consent to these analytics cookies. You can opt out by enabling the “Do Not Track” setting in your browser.

Under UK GDPR you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — ask us to correct inaccurate data
• Erasure — ask us to delete your data (subject to legal retention obligations)
• Restriction — ask us to restrict processing in certain circumstances
• Portability — receive your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interests

To exercise any of these rights, email hello@frasafe.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the ICO at ico.org.uk.

All data is stored in Supabase's EU-West-2 (London) region and protected by row-level security policies. Passwords are hashed and never stored in plain text. All connections are encrypted in transit via TLS.

We may update this policy from time to time. The date at the top of this page reflects when it was last updated. Continued use of FRASafe after changes constitutes acceptance of the updated policy.