Data Protection Policy

1 Data Controller

TownSwap is the data controller for personal data collected through this platform. We are responsible for deciding how your personal data is used and for ensuring it is handled lawfully.

📧 Data Controller contact: info@townswap.uk — mark your message "Data Protection Enquiry"

2 Data We Collect

We collect the following categories of personal data:

Tenant accounts & listings

Name and email address (account registration)
Property details: address (general area shown publicly, exact address hidden), number of bedrooms, property type, and features such as garden, parking, and pet suitability
Swap preferences: desired location, bedroom count, property type
Messages exchanged between matched tenants

Business directory

Business name, contact details, and category
Town and service area information

Usage and analytics

Anonymised page view data (no personally identifiable information)
Hashed IP addresses for fraud prevention (not linkable to individuals)
Browser type and referrer source

Swap Alerts

Email address and town preference (submitted voluntarily via the alerts form)

3 Lawful Basis for Processing

We process your personal data on the following lawful bases:

Contract performance: Processing your account data to deliver the swap matching service you have signed up for
Legitimate interests: Anonymised analytics to improve the platform; fraud and abuse prevention
Consent: Swap Alert email notifications (you can withdraw consent at any time by contacting us)
Legal obligation: Retaining records where required by law

4 How We Use Your Data

To create and manage your account and property listing
To match you with tenants whose swap preferences align with yours
To enable direct messaging between mutual matches
To send Swap Alert notifications where you have signed up
To display business listings in the local directory
To maintain platform security and prevent fraudulent activity
To improve our service through anonymised usage analytics

We do not sell your personal data to third parties. We do not use your data for targeted advertising.

5 Data Storage & Security

Your data is stored on secure servers hosted within the UK/EEA. We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction, including:

Encrypted data transmission (HTTPS/TLS)
Secure database access controls
Regular security reviews
Hashed passwords — we do not store passwords in plain text

We retain account data for as long as your account is active. If you delete your account, your data will be removed within 30 days, except where retention is required by law.

6 Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right of Access Request a copy of the personal data we hold about you

Right to Rectification Ask us to correct inaccurate or incomplete data

Right to Erasure Request deletion of your personal data ("right to be forgotten")

Right to Portability Receive your data in a machine-readable format

Right to Object Object to processing based on legitimate interests

Right to Restrict Ask us to restrict processing of your data in certain circumstances

To exercise any of these rights, contact us at info@townswap.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

7 Cookies

TownSwap uses minimal, essential cookies only:

Authentication tokens: Stored in browser localStorage to keep you signed in (not a cookie, but local browser storage)
Visitor ID: An anonymised identifier used for aggregate analytics — not linked to your identity

We do not use third-party advertising cookies or tracking pixels. You can clear browser localStorage at any time through your browser settings, which will sign you out of your account.

8 Third Parties

We use a small number of trusted third-party services to operate the platform:

Hosting provider: Your data is stored on secure cloud infrastructure
Email delivery: Used to send account notifications and Swap Alerts

All third-party processors are contractually bound to handle your data securely and in accordance with UK data protection law. We do not share your data with any third party for their own marketing purposes.

9 Contact & Complaints

For any data protection queries, subject access requests, or complaints, contact our Data Controller:

📧 info@townswap.uk — Subject line: "Data Protection Enquiry"

If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.