Privacy Policy

RenoCommand Privacy Policy

Last Modified: 14 December 2025

1. Introduction

RenoCommand is operated by RenoCommand Limited (“we”, “us”, “our”, or “Company”). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use RenoCommand (including our website and related applications). We are the data controller of your personal data.

RenoCommand is an online platform designed to help homeowners and self‑builders plan and deliver their renovation projects through integrated project management and financial management tools.

If you have any questions about how we process your data, please contact: support@renocommand.co.uk.

We are committed to compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all applicable data protection laws.

2. Data Controller and Contact Information

RenoCommand Limited is the data controller responsible for your personal data.

Email (privacy contact): support@renocommand.co.uk

Address: RenoCommand Limited, Unit A, 82 James Carter Road, Mildenhall, IP28 7DE

You have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at www.ico.org.uk.

3. Personal Data We Collect

We collect personal data that you provide to us and data we collect automatically when you use RenoCommand.

3.1 Data You Provide to Us

When you register for an account, use our services, or contact us, we collect:

  • Account Registration: Full name, email address, encrypted password, phone number (optional), billing address, and payment identifiers as processed by Stripe (we do not see or store full card numbers).

  • Project Management Data: Project names and descriptions, timelines, tasks, attachments (including photos and other media), and collaborator details you choose to add.

  • Financial Management Data: Budgets, expenses, receipts, supplier and contractor details, and project financial summaries.

  • Permitted Development Checker Data: Property information, description of proposed works, and local authority information you input.

  • Communication Data: Emails, in‑app messages, support tickets, and feedback.

You confirm that any personal data you provide is accurate and, where it relates to other individuals (e.g. collaborators, contractors), that you have informed them and obtained consent where required.

You may browse public content without registering, but an account is required for core RenoCommand features.

3.2 Data We Collect Automatically

When you access RenoCommand, we automatically collect:

  • Device and Technical Information: Device type, operating system, browser type and version, IP address, and language/time‑zone settings.

  • Usage and Activity Data: Pages and features used, time spent, clicks, searches, uploads, and performance metrics (e.g. errors and load times).

  • Location Information: Approximate geographic location derived from IP address and any address you provide in project data.

4. Analytics and PostHog (Cookieless)

We use PostHog for product analytics to help us understand how RenoCommand is used and to improve the platform.

We run PostHog in a cookieless, privacy‑preserving mode. In this configuration, PostHog does not store data in cookies, localStorage, or sessionStorage in your browser, and we do not use browser‑stored identifiers for analytics.

PostHog measures usage using privacy‑preserving techniques (e.g. short‑lived, server‑side hashes and aggregated metrics) so that we see trends (such as active users, popular pages, and feature usage) but do not build individual behavioural profiles.

We use this analytics data to:

  • Monitor performance and reliability of the platform.

  • Prioritise features and improvements based on aggregated usage patterns.

Because this analytics configuration does not rely on cookies or persistent browser identifiers, it typically does not require cookie consent under PECR, but it remains personal data to the extent IP addresses or similar are processed and is therefore handled under UK GDPR principles.

5. Cookies and Similar Technologies

5.1 Essential Authentication Cookies Only

RenoCommand currently uses only essential cookies that are strictly necessary for the service to function.

These cookies are used to authenticate you, keep you logged in, and protect your account (e.g. Supabase auth/session cookies and security‑related flags).

They are first‑party cookies controlled by RenoCommand and are set when you log in or interact with secure parts of the platform.

We do not currently use functional, analytical, or marketing cookies (such as advertising trackers, A/B testing cookies, or cookie‑based analytics).

Because our cookies are strictly necessary for providing the service you request (secure login and session management), they fall within the “strictly necessary” exemption under UK PECR and do not require opt‑in consent. You cannot use RenoCommand without these essential cookies because they are required to authenticate and protect your account.

5.2 Transparency About Cookies

Even though consent is not required for these essential cookies, we provide this information so you understand:

  • What cookies are used (authentication and session management only).

  • Why they are necessary (secure access to your account and data).

If we later introduce non‑essential cookies (for example, cookie‑based analytics or marketing tags), we will update this policy and implement a cookie consent mechanism where required.

6. Lawful Bases for Processing

We process your personal data on the following legal bases under UK GDPR:

  • Performance of Contract: To create and manage your account, provide RenoCommand features, process payments and subscriptions, and deliver customer support.

  • Legal Obligation: To comply with tax, accounting, and regulatory requirements, and to respond to lawful requests from authorities.

  • Legitimate Interests: To maintain and improve our platform, perform security monitoring, detect fraud or misuse, and run cookieless analytics as described above. We balance these interests against your rights and freedoms and only process data where our interests are not overridden.

  • Consent: For activities such as email marketing or optional communications where consent is explicitly requested. You can withdraw consent at any time.

7. How We Use Your Data

We use your personal data to:

  • Provide and operate RenoCommand, including project and financial management functionality.

  • Communicate with you about your account, billing, platform updates, and support requests.

  • Improve and secure the platform, including through aggregated analytics using PostHog in cookieless mode.

  • Enforce our terms and comply with legal obligations.

8. Sharing Your Data (Third‑Party Processors)

We share data with carefully selected processors that act on our instructions:

  • Supabase (EU): Database and hosting for project and customer data.

  • Stripe (US): Secure payment processing for subscriptions and billing.

  • PostHog (EU): Cookieless product analytics as described above.

  • Zoho Mail (UK or EU region): Email delivery and support communications.

Each provider is bound by a Data Processing Agreement and appropriate safeguards.

We may also share data:

  • Where required by law or to protect our rights, users, or the public.

  • In aggregated or anonymised form that does not identify individuals.

9. International Transfers

Where data is transferred outside the UK or EU (for example, to Stripe in the US), we use appropriate safeguards such as the UK International Data Transfer Agreement, UK Addendum to the EU Standard Contractual Clauses, or transfers to countries with adequacy decisions.

You may contact us for details of current safeguards for specific services.

10. Data Security

We implement technical and organisational measures to protect your data, including encryption in transit, encrypted storage of sensitive data (such as passwords), access controls, and security monitoring. Payment card details are processed by Stripe and are not stored by us.

You are responsible for keeping your password confidential and notifying us if you suspect unauthorised access to your account.

11. Your Rights

Under UK GDPR you have rights including:

  • Access to your personal data.

  • Rectification of inaccurate data.

  • Erasure (“right to be forgotten”) in certain circumstances.

  • Restriction of processing in certain circumstances.

  • Data portability for information you provided to us.

  • Objection to processing based on legitimate interests or direct marketing.

  • Rights relating to automated decision‑making, where applicable.

To exercise any of these rights, contact support@renocommand.co.uk. We will respond within one month, subject to legal extensions where permitted.

12. Data Retention

We retain data only as long as necessary for the purposes described:

  • Account and Profile Data: Kept while your account is active, then deleted or anonymised within a short period after closure, subject to legal retention requirements.

  • Project and Financial Data: Retained while your account is active; certain financial records (e.g. invoices, transaction records) may be kept for up to 6 years to meet tax and accounting obligations.

  • Support and Communication Data: Retained for a limited period after resolution to help with audits, disputes, or service improvement.

  • Analytics Data (PostHog, cookieless): Stored in aggregated form and retained only as long as needed for trend analysis and service improvement, after which it is anonymised or deleted in accordance with our internal retention policies and PostHog’s configuration.

13. Children’s Privacy

RenoCommand is not intended for individuals under 18. We do not knowingly collect personal data from children under 18. If you believe a child has provided data to us, please contact us so we can delete it.

14. Changes to This Policy

We may update this Privacy Policy to reflect changes in our services, technology, or legal requirements. Material changes will be communicated by email or a prominent notice within RenoCommand, and the “Last Modified” date will be updated.

15. Contact

If you have questions about this Privacy Policy or our data practices, contact:

Email: support@renocommand.co.uk

Address: RenoCommand Limited, Unit A, 82 James Carter Road, Mildenhall, IP28 7DE