Privacy Policy & Data Protection

Your Privacy Matters

At WecareHC, we are committed to protecting your personal data and respecting your privacy rights. This Privacy Policy explains how we collect, use, store, and protect your information in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Information We Collect

Personal Information You Provide:

Contact Details: Name, email address, phone number, address

Service Information: Cleaning preferences, property details, special requirements

Account Information: Username, password (encrypted), profile preferences

Communication Data: Messages, inquiries, discussion requests, customer reviews

Automatically Collected Information:

Technical Data: IP address, browser type, device information

Usage Data: Pages visited, time spent, interaction patterns

Security Data: Login attempts, device fingerprints, session information

2. How We Use Your Information

Primary Purposes:

Service Delivery: Scheduling appointments, providing cleaning services, customer support

Communication: Responding to inquiries, sending service updates, appointment reminders

Account Management: Creating and maintaining your account, authentication, security

Business Operations: Processing payments, managing bookings, quality improvement

Legal Basis for Processing:

Contract Performance: Providing services you've requested

Legitimate Interest: Business operations, security, fraud prevention

Consent: Marketing communications, optional features

Legal Obligation: Compliance with applicable laws and regulations

3. Data Sharing and Disclosure

We Never Share Your Data Except:

Service Providers: Trusted partners who help deliver our services (Twilio for SMS, SendGrid for emails, Stripe for payments)

Legal Requirements: When required by law, court order, or regulatory authority

Business Protection: To protect our rights, property, safety, or that of our users

With Your Consent: When you explicitly authorize data sharing

Third-Party Services:

Twilio: SMS notifications and verification codes

SendGrid: Email communications and notifications

Stripe: Secure payment processing (Phase 2)

All third-party services are GDPR-compliant and process data under strict security standards.

4. Data Security Measures

Technical Safeguards:

Encryption: All data encrypted in transit (TLS 1.3) and at rest

Authentication: Multi-factor authentication with email and SMS verification

Access Controls: Role-based access, device fingerprinting, session management

Monitoring: Real-time security monitoring, intrusion detection, audit logging

Organizational Measures:

Staff Training: Regular privacy and security training for all personnel

Data Minimization: We only collect data necessary for service delivery

Regular Audits: Quarterly security assessments and compliance reviews

Incident Response: Comprehensive procedures for data breach response

5. Data Retention

Retention Periods:

Active Accounts: Data retained while account is active and for 2 years after last activity

Discussion Requests: Retained for 2 years, then anonymized for business analysis

Security Logs: Retained for 1 year for security monitoring purposes

Financial Records: Retained for 7 years to comply with tax and accounting requirements

Automatic Deletion:

Verification Codes: Deleted immediately after use or expiration

Session Data: Cleared upon logout or timeout

Expired Bookings: Archived after 1 year, deleted after retention period

6. Your Rights Under GDPR

You Have the Right To:

**Access:** Request a copy of all personal data we hold about you

Contact us to receive a comprehensive report of your data

Includes data sources, processing purposes, and sharing details

**Rectification:** Correct inaccurate or incomplete personal data

Update your profile information at any time

Request correction of any errors in your data

**Erasure (Right to be Forgotten):** Request deletion of your personal data

Available when data is no longer necessary for original purpose

Exceptions apply for legal obligations and legitimate interests

**Portability:** Receive your data in a structured, machine-readable format

Transfer your data to another service provider

Available for data processed based on consent or contract

**Restriction:** Limit how we process your personal data

While we verify accuracy of disputed data

When processing is unlawful but you prefer restriction to erasure

**Objection:** Object to processing based on legitimate interest

Including direct marketing communications

We will stop processing unless we have compelling legitimate grounds

**Withdraw Consent:** Revoke consent for consent-based processing

Does not affect lawfulness of processing before withdrawal

Easy opt-out available for all marketing communications

7. Data Protection Officer

Contact Information:

Email: privacy@wecareHC.com

Response Time: We respond to all privacy requests within 30 days

Escalation: If unsatisfied with our response, you may contact your local data protection authority

8. Cookies and Tracking Technology

What Are Cookies:

Cookies are small text files stored on your device when you visit our website. They help us provide you with a better experience and keep your information secure.

Essential Cookies (Always Active):

Session Management: Keep you logged in securely and maintain your session

Security Cookies: Prevent fraud, CSRF attacks, and protect your account

Functionality Cookies: Remember your language preferences and accessibility settings

Authentication Cookies: Verify your identity and maintain secure access

Performance Cookies (With Your Consent):

Analytics Cookies: Help us understand how visitors use our website

Performance Monitoring: Track website speed and functionality

Error Tracking: Identify and fix technical issues quickly

Marketing Cookies (With Your Consent):

Personalization: Customize content based on your interests

Communication Preferences: Remember your contact preferences

Service Recommendations: Suggest relevant cleaning services

Third-Party Cookies:

Twilio: For SMS delivery functionality

SendGrid: For email communication services

Stripe: For secure payment processing (Phase 2)

Cookie Management:

Browser Controls: You can manage cookies through your browser settings

Consent Withdrawal: You can withdraw consent for non-essential cookies at any time

Cookie Deletion: Essential cookies are deleted when you close your browser session

Opt-Out: You can opt out of analytics and marketing cookies without affecting core functionality

Cookie Retention Periods:

Session Cookies: Deleted when you close your browser

Security Cookies: Retained for 30 days for fraud prevention

Preference Cookies: Retained for 1 year or until you change them

Analytics Cookies: Retained for 2 years for statistical analysis

9. International Data Transfers

Data Location:

Primary Storage: Data stored in secure facilities within the EU/EEA

Third-Party Services: Some services may process data outside EU/EEA with appropriate safeguards

Protection Measures: Adequacy decisions, Standard Contractual Clauses, or other approved mechanisms

10. Changes to This Policy

Updates:

We may update this policy to reflect changes in our practices or legal requirements

Notification: You will be informed of significant changes via email or website notice

Effective Date: Changes become effective 30 days after notification

Historical Versions: Previous versions available upon request

11. Contact Us

Privacy Inquiries:

Email: privacy@wecareHC.com

Phone: [Your phone number]

Address: [Your business address]

Data Protection Rights:

Access Requests: Submit via contact form or email

Complaints: Contact your local supervisory authority if concerns are not resolved

Emergency: For urgent security concerns, contact us immediately

12. Children's Privacy

We do not knowingly collect personal data from children under 16 years of age. If you believe we have collected data from a child, please contact us immediately for removal.

13. Legal Protection and Liability

Service Limitations and Disclaimers:

Service Availability: We strive for 99.9% uptime but cannot guarantee uninterrupted service

Data Accuracy: While we implement robust security measures, we cannot guarantee absolute data security

Third-Party Services: We are not liable for issues arising from third-party service providers

Force Majeure: We are not liable for service interruptions due to circumstances beyond our control

Limitation of Liability:

Direct Damages: Our liability is limited to the amount you paid for services in the preceding 12 months

Indirect Damages: We are not liable for consequential, incidental, or punitive damages

Data Loss: While we maintain secure backups, we recommend you keep copies of important information

Business Interruption: We are not liable for lost profits or business interruption

Indemnification:

User Responsibilities: You agree to use our services in compliance with applicable laws

Prohibited Activities: You will not use our services for illegal activities or to violate others' rights

Content Liability: You are responsible for the accuracy of information you provide

Third-Party Claims: You agree to indemnify us against claims arising from your misuse of our services

Insurance and Bonding:

Professional Liability: We maintain professional liability insurance for cleaning services

General Liability: Comprehensive general liability coverage for property damage and personal injury

Workers' Compensation: All employees are covered under workers' compensation insurance

Bonding: Our cleaning staff is bonded and background-checked for your protection

Dispute Resolution:

Negotiation: We encourage direct communication to resolve any disputes

Mediation: Unresolved disputes will be subject to mediation before litigation

Jurisdiction: Any legal proceedings will be conducted under UK law in London courts

Class Action Waiver: Disputes must be resolved individually, not as part of class actions

14. Supervisory Authority

If you have concerns about our data processing practices, you may lodge a complaint with your local data protection authority:

For EU Residents:

Find your local authority at: https://edpb.europa.eu/about-edpb/board/members_en

Right to Complain: You have the right to complain to a supervisory authority

No Prejudice: Lodging a complaint does not affect your right to judicial remedy

For UK Residents:

Information Commissioner's Office (ICO): https://ico.org.uk/make-a-complaint/

Phone: 0303 123 1113

Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

---

Summary

We are committed to:

✅ Transparent data collection and use

✅ Strong security measures protecting your information

✅ Respecting your privacy rights and choices

✅ GDPR compliance in all our data processing activities

✅ Quick response to your privacy requests and concerns

Your trust is essential to our business. We will continue to earn it every day through responsible data handling and transparent privacy practices.

---

This policy is written in plain language to ensure you understand how we protect your privacy. If you have any questions, please don't hesitate to contact us.