CompliancePack

Last updated: 26 May 2026

Privacy Policy

This Privacy Policy describes how CompliancePack (“we”, “us”, “our”) handles personal data when you use https://www.compliancepack.co.uk and our installer software (the “Service”). We process data under UK GDPR and the Data Protection Act 2018. Please read this together with our Terms of Service.

1. Who we are and how to contact us

CompliancePack provides compliance document automation for MCS-certified renewable energy installers in the United Kingdom. ICO Registration No: ZC159737. Data protection enquiries and requests: hello@compliancepack.co.uk. Website: https://www.compliancepack.co.uk.

2. Who this policy applies to

  • Installer users: businesses and individuals who register for an account.
  • Homeowners: individuals whose details installers enter into the Service (e.g. for portals, declarations, and generated documents).
  • Website visitors: anyone who browses our marketing pages or contacts us.

3. Data we collect

  • Account data: email, password (stored securely by our auth provider), company name, MCS number, certification details, phone, address, and billing identifiers.
  • Job data: property addresses, installation details, compliance checklist status, and documents you generate (MCS compliance packs, handover packs, etc.).
  • Homeowner data: names, email, phone, signatures, and documents uploaded or collected via the homeowner portal.
  • Technical data: IP address, browser type, device information, and logs needed to operate and secure the Service.
  • Payment data: handled by Stripe; we do not store full card numbers.

4. How we use data and lawful bases

We use personal data to provide and improve the Service, manage accounts and subscriptions, send transactional emails (verification, password reset, portal links, trial reminders), generate documents (including AI-assisted content), prevent abuse, and comply with law. Lawful bases include contract (delivering the Service), legitimate interests (security and improvement, balanced against your rights), consent where required, and legal obligation.

5. Homeowner data: installer as controller

When an installer adds homeowner information to CompliancePack, the installer is the data controller and we act as a data processor processing that data on the installer’s instructions to run the Service. Installers must have a lawful basis to collect homeowner data, provide appropriate privacy information to homeowners, and respond to homeowner rights requests for that data. Homeowners seeking access, correction, or deletion of data held about them in a job should contact their installer in the first instance; we will assist installers where required.

6. Subprocessors

We use the following categories of providers who may process personal data on our behalf:

  • Supabase: authentication, database, and document storage.
  • Stripe: subscription payments.
  • Resend: transactional email.
  • Anthropic: AI generation of document text from job details you submit.
  • Vercel: application hosting.

We do not sell personal data. We may disclose data if required by law or to protect rights, safety, and the integrity of the Service.

7. International transfers

Some providers may process data outside the UK. Where they do, we rely on appropriate safeguards (such as UK adequacy decisions or standard contractual clauses) as required by applicable law.

8. Retention

We keep account and job data while you have an active account or as needed to provide the Service, then for a reasonable period to allow export, resolve disputes, and meet legal obligations. You may request deletion of your account data subject to limits in our Terms and applicable law. Backups may retain deleted data for a limited time.

9. Security

We use measures such as encryption in transit, access controls, and database row-level security. No online service is completely secure; protect your account credentials.

10. Your rights (installer and website users)

Depending on circumstances, you may have rights to access, rectify, erase, restrict, object, and port your personal data, and to withdraw consent where processing is based on consent. You may complain to the UK Information Commissioner’s Office (ico.org.uk). To exercise rights relating to your CompliancePack account, email us at the address in section 1.

11. Cookies

We use essential cookies and similar technologies to keep you signed in and operate the Service securely. We do not use non-essential analytics or advertising cookies at launch.

12. Changes

We may update this policy. The “Last updated” date at the top will change when we do. Continued use of the Service after material changes may constitute notice where permitted by law.