Privacy Policy

This privacy policy explains how Service That Boiler handles personal data when heating and plumbing engineers use our platform, when their customers sign up to care plans, and when homeowners use reminder or enquiry forms.

Service That Boiler is operated by Andreassen Technologies. You can contact us at max@andreassentech.com about privacy questions or data requests.

The data we collect depends on how you use the service. It may include:

• Account details such as name, email address, company name, login status, and dashboard access records.
• Engineer profile information such as trading name, legal business name, address, phone number, email address, logo, service areas, Gas Safe registration number, company number, VAT number, and branding preferences.
• Care plan data such as plan names, prices, service variables, agreement templates, signed agreements, customer plan references, and customer status.
• Customer signup information such as customer name, email address, covered property address, e-signature name, signed timestamp, Stripe customer/subscription references, and payment journey status.
• Homeowner reminder and enquiry data such as email address, postcode, mobile number where provided, service dates, reminder preferences, and enquiry messages.
• Technical information such as IP address, browser details, pages visited, timestamps, analytics events, and logs needed to keep the service secure and reliable.

We use personal data to provide and improve the platform. In practice, this means we use data to:

• Create and manage engineer accounts.
• Create care plans, customer signup pages, and service agreement documents.
• Allow customers to review, sign, download, and reference their care plan agreements.
• Power recurring payments and payout flows through Stripe Connect.
• Send transactional emails such as magic links, confirmations, customer references, enquiry alerts, and plan notifications.
• Help engineers manage customers, plans, branding, and customer documents.
• Respond to support, privacy, and operational requests.
• Monitor performance, diagnose bugs, prevent fraud, and protect the security of the platform.
• Understand how the website and app are used so we can improve the product.

Where UK GDPR applies, we rely on different legal bases depending on the context:

• Contract: to provide the platform, accounts, customer signup flows, documents, and payment-related functionality.
• Legitimate interests: to operate, secure, improve, and support the service, and to communicate with business users about their use of the platform.
• Consent: where we ask for optional marketing, analytics, or similar permissions.
• Legal obligation: where we need to retain or disclose data to comply with legal, tax, accounting, regulatory, or dispute-related requirements.

Payments are handled by Stripe. We do not store full bank account details, full card details, or payment credentials on our own systems.

When an engineer connects Stripe, Stripe may collect business, identity, bank account, payout, verification, and compliance information. Stripe acts under its own privacy terms for parts of that processing.

We store Stripe identifiers such as connected account IDs, customer IDs, subscription IDs, checkout session IDs, payment status, and capability status so the platform can reconcile plans, customers, subscriptions, and payouts.

The platform generates service agreement PDFs and may store logos, templates, signed agreements, and other uploaded or generated files in cloud storage. These files are used to provide customer-facing records and downloads.

Engineers should avoid uploading unnecessary personal data, sensitive personal data, or documents unrelated to operating their care plan service.

We share data only where needed to run the service, comply with the law, or protect the platform. This may include:

• Stripe, for payments, subscriptions, verification, Direct Debit setup, and connected account payouts.
• Email delivery providers such as Resend, for transactional emails.
• Cloud hosting, database, logging, storage, and monitoring providers.
• Analytics providers where enabled on the website or app.
• Professional advisers, insurers, authorities, or dispute resolution bodies where reasonably necessary.
• Engineers and their customers, where data relates to a care plan, enquiry, service agreement, or customer relationship between them.

We keep personal data only for as long as reasonably needed for the purposes described in this policy. Account, customer, payment reference, agreement, and operational records may be retained while an account is active and for a reasonable period afterwards for legal, accounting, fraud prevention, support, and dispute reasons.

You can ask us to delete data, but we may need to keep some information where required for legal obligations, audit trails, payment records, safety, dispute handling, or legitimate business operations.

Depending on where you live and the context of the data, you may have rights to access, correct, delete, restrict, object to, or receive a copy of your personal data.

To make a request, contact max@andreassentech.com. We may need to verify your identity before acting on a request. If your data is controlled by an engineer using the platform, we may direct your request to that engineer or support them in responding.

We use reasonable technical and organisational measures to protect data, including access controls, hosted infrastructure, HTTPS, third-party payment handling, and operational monitoring.

No online service can be guaranteed to be completely secure, so users should protect account access, avoid sharing login links, and tell us quickly if they suspect unauthorised access.

Some providers we use may process data outside the UK or EEA. Where this happens, we rely on appropriate safeguards such as provider terms, contractual protections, adequacy decisions, or standard contractual clauses where required.

We may update this policy as the product, providers, or legal requirements change. The latest version will be posted on this page with an updated date.