Legal — Service Providers

Privacy Policy for Service Providers

How we handle your personal data. Effective 29 May 2026.

This policy explains what personal data we collect from cleaners who register at carpetcleaning.co.uk/professionals, why we collect it, how we use it, and what rights you have over it.

This is the Service Provider privacy policy. The separate Customer Privacy Policy covers how we handle the personal data of the customers we book on your behalf.

1. Who we are

We are Clean Sheep Ltd, trading as Breeze Carpet Cleaners, of 196A High Street, Epping, Essex, CM16 4AQ. We are the data controller for the personal data described in this policy. We are registered in England and Wales.

2. What we collect about you

When you register and use the cleaner portal, we collect and process:

  • Identity and contact data — first name, last name, mobile number, WhatsApp number (if you provide one), email address, password (stored as a one-way bcrypt hash), business type and trading name.
  • OAuth identifiers — if you sign in with Google or Microsoft, the email address and basic profile (first name, last name) returned by the provider.
  • Stripe Connect onboarding data — when you complete Stripe Connect Express onboarding, Stripe collects the identity, address, date-of-birth and bank-account details required to verify your account. We receive only the Stripe account identifier and account status. Refer to Stripe’s Privacy Policy for how Stripe processes that data.
  • Insurance certificate — the public liability cover document you upload, its filename, the date it was uploaded, and our verification decision.
  • Vehicle details — registration plate, make, colour, fuel/type for each vehicle you operate.
  • Coverage and availability — the postcode districts and counties you cover, the unavailability blocks you mark in the portal calendar, and (if you opt in) the busy-time entries pulled from a personal ICS calendar feed you share with us.
  • Notification preferences — your choices around WhatsApp / email / SMS notifications and quiet hours.
  • Push subscriptions — when you enable push notifications on a device, the push service endpoint (provided by Apple, Google or Mozilla) and the keys needed to encrypt notifications to your device.
  • Consent records— to evidence your agreement to these Terms and this Privacy Policy, we record the version you accepted, the date and time, your IP address, and your browser’s user-agent string.
  • Activity — the bookings you have been offered and completed, your earnings and payouts, the notes you and our office add to a job.

3. Why we process it

  • To deliver the service — matching you to suitable jobs, sending you offers, processing payment, and providing the dashboards you use day-to-day. Lawful basis: performance of our agreement with you.
  • To verify your eligibility — checking that the insurance certificate you upload is valid and in date. Lawful basis: performance of contract; legal obligation (where the underlying requirement is regulatory).
  • To prevent fraud and resolve disputes — investigating customer complaints, chargebacks, and disputed payouts. Lawful basis: our legitimate interest in running our business and the legitimate interests of customers.
  • To meet our tax and accounting obligations — retaining records of payments made and received. Lawful basis: legal obligation.
  • To send you operational notifications — new-job offers, cancellations, and payment confirmations via the channels you have opted in to. Lawful basis: performance of contract.

4. Who we share your data with

  • Stripe, Inc. — for payment processing and Connect Express onboarding.
  • Push notification services — Apple Push Notification service, Google FCM, Mozilla autopush. These services see only the encrypted payload we send; they cannot read the body of a notification.
  • HMRC and other UK tax authorities — where we are legally required to report a payment or provide records.
  • Our hosting and infrastructure providers — including Vercel (web hosting), Microsoft Azure (database and application hosting), and Twilio (telephony and WhatsApp delivery). These act as our data processors and only handle your data on our instructions.
  • Solicitors, debt-collectors, accountants, and insurers — only where a specific dispute or claim requires it.

We do not sell your data and do not share it with third parties for marketing.

5. International transfers

Some of our processors (notably Stripe, Vercel and the push notification services) are based in or transfer data to the United States. Where this happens, we rely on the relevant UK GDPR transfer mechanisms (UK International Data Transfer Agreement or the EU Standard Contractual Clauses with the UK Addendum) to ensure your data has equivalent protection.

6. How long we keep your data

  • Account and contact data — for as long as your cleaner account is open, plus 6 years afterwards (limitation period for contract claims).
  • Payment records — at least 7 years, as required by HMRC.
  • Insurance certificates— until 6 years after the certificate’s expiry.
  • Consent records — as long as we may reasonably need to evidence consent (typically 6 years after the agreement ends).
  • Push subscriptions — until the device unsubscribes or the push service reports the subscription as expired.

7. Your rights under UK GDPR

You have the following rights over the personal data we hold about you:

  • The right to access the data we hold about you.
  • The right to have inaccurate data rectified.
  • The right to have your data erased in certain circumstances (note: we cannot erase records we need to keep for tax or legal reasons).
  • The right to restrict processing in certain circumstances.
  • The right to object to processing based on legitimate interests.
  • The right to data portability — receive a machine-readable copy of the data you have provided to us.

To exercise any of these rights, email info@carpetcleaning.co.uk. If you are not satisfied with how we have handled your data, you can complain to the UK Information Commissioner’s Office at ico.org.uk.

8. Cookies on the cleaner portal

The cleaner portal (carpetcleaning.co.uk/professionals) uses cookies only for essential session management:

  • tech_session — keeps you signed in. HttpOnly, Secure, SameSite=Lax, 30-day expiry.
  • tech_oauth_* — short-lived (10-minute) cookies used during the Google / Microsoft sign-in handshake. Deleted as soon as the sign-in completes.
  • reCAPTCHA— Google sets cookies during the registration form’s bot-protection check. See Google’s Privacy Policy.

We do not use marketing or advertising cookies on the cleaner portal.

9. Changes to this policy

We may update this policy from time to time. When we make material changes we will notify you through the portal and ask you to re-accept the updated policy before continuing to receive bookings.

10. How to contact us

If you have any questions about this policy or about your personal data, contact:

Clean Sheep Ltd
196A High Street
Epping
Essex CM16 4AQ
Email: info@carpetcleaning.co.uk
Telephone: 0203 322 2389

Effective Date: 29 May 2026