Privacy policy

FRASafe is a trading name of Safe Compliance Limited, a company registered in the United Kingdom. For the purposes of UK data protection law (the UK GDPR and the Data Protection Act 2018), Safe Compliance Limited is the data controller for the personal data described in this policy.

You can reach us any time at hello@frasafe.co.uk.

We only collect what we need to provide the service:

• Account & contact details — your email address when you register or sign up for a resource.
• Assessment content — the property address and answers you enter to build your fire risk assessment, and legal declarations you sign prior to report generation.
• Payment information — transaction records (assessment ID, amount, timestamp). Payment is handled by Stripe; we do not store card numbers or payment credentials.
• Usage & analytics data — pages visited, session interactions (with form inputs masked), device type, browser, and approximate location.
• Address lookup data — partial address input sent to Google's Places API to return suggestions.

We use your data to create and store your fire risk assessments, generate your downloadable PDF, take payment, send you the resources and updates you ask for, respond to your enquiries, and keep the service secure and working. We do not sell your personal data to anyone.

We share data only with the service providers that help us run FRASafe — including our hosting (Vercel), database and auth (Supabase), payment (Stripe), analytics (PostHog), and email (Resend) providers — and only so far as they need it to do that job. Any provider acting on our behalf does so under a contract that protects your data.

We do not share or sell any other personal data to third parties.

• Assessment records — retained for 7 years from the date of the assessment in accordance with fire safety legislation and GDPR Article 5(1)(e).
• Account data — retained while your account is active. If you request account deletion, we delete your account data within 30 days, subject to retaining assessment records required by law.
• Payment records — retained for 7 years for financial and tax compliance.
• Analytics data — retained according to PostHog's standard retention policy.

We use PostHog for analytics. PostHog sets cookies to identify unique visitors and sessions. No advertising or third-party tracking cookies are used. Session recordings are captured to help us improve the service — all form inputs are masked and never recorded.

By using FRASafe you consent to these analytics cookies. You can opt out by enabling the “Do Not Track” setting in your browser. See our Cookie Policy for full details.

Under UK data protection law you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate data.
• Erasure — ask us to delete your data (subject to legal retention obligations).
• Restriction — ask us to restrict processing in certain circumstances.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interests.

To exercise any of these rights, email hello@frasafe.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the ICO at ico.org.uk.

All data is stored in Supabase's EU-West-2 (London) region and protected by row-level security policies. Passwords are hashed and never stored in plain text. All connections are encrypted in transit via TLS.

We may update this policy from time to time. The date at the top of this page reflects when it was last updated. Continued use of FRASafe after changes constitutes acceptance of the updated policy.