Privacy & GDPR Policy
Version 1 | 27 February 2026
Send It is operated by Send It App LTD, registered in England and Wales (company number 16849069). We are the data controller for personal data processed through the Send It platform. All founding directors take joint responsibility for data protection.
Account data: Name, email address, phone number, and password (stored securely via Firebase Auth). Couriers also provide company name.
Courier documents: Driving licence, insurance certificates (images). These are reviewed by our admin team and then automatically wiped from our systems. Only document metadata is retained: approval status, expiry date, and upload date.
Job data: Item descriptions, photographs, pickup and delivery addresses and postcodes, bid amounts, job status, and completion records.
Communications: In-app messages between senders and couriers.
Financial data: Payment is processed by Stripe — we do not store card details. We retain transaction references and amounts.
Ratings: Star ratings, written reviews, and timestamps.
Usage data: Device information, browser type, operating system, IP address, approximate location (derived from postcode, not GPS), and app version. We do not use GPS or precise location tracking.
Account creation & authentication — Legal basis: Contract performance — Name, email, phone, password
Courier verification — Legal basis: Contract performance — Documents, expiry dates
Facilitating deliveries — Legal basis: Contract performance — Job details, addresses, messages
Collecting Platform Fees — Legal basis: Contract performance — Transaction references via Stripe
Content moderation — Legal basis: Legitimate interest — Messages, reviews, descriptions
Platform safety & security — Legal basis: Legitimate interest — Usage data, IP, login activity
Transactional emails — Legal basis: Contract performance — Email, name, job details
Wind-down notifications — Legal basis: Legitimate interest — Email, name
Senders see Courier usernames, ratings, and company names when reviewing bids. Couriers see Sender usernames and job details. Neither party sees the other's email, phone, or full address until a bid is accepted.
We use: Firebase (Google) for authentication, database, storage, and hosting; Stripe for Platform Fee collection; EmailJS for transactional emails.
We do not sell your personal data to third parties. We may disclose data if required by law.
Courier documents (driving licence, insurance certificates) are uploaded for verification purposes only. Document files are automatically wiped from our systems after admin review. Only document metadata is retained: approval status, expiry date, and upload date.
Photos uploaded by senders as part of job listings are automatically wiped when a job is marked as delivered, completed, or deleted.
Active account data: Retained while your account is active
Courier document files: Wiped automatically after admin review
Item photos: Until job completion or deletion
Job & transaction records: 6 years after completion (HMRC requirements)
Messages: Job completion + 12 months (dispute resolution)
Ratings and reviews: Account lifetime + 12 months
Deleted accounts: Anonymised after 30 days
Archive mode data: Minimum 6 years from last transaction (legal obligation)
If the Platform enters Archive Mode, all data is retained in read-only form. Your rights under this policy continue to apply in full.
Under UK GDPR, you have the right to:
• Access — Request a copy of your personal data
• Rectification — Correct inaccurate data
• Erasure — Request deletion (subject to legal retention obligations)
• Restriction — Restrict how we process your data
• Portability — Receive your data in a portable format
• Objection — Object to processing based on legitimate interest
To exercise any of these rights, contact us at send.it.app.uk@gmail.com. We will respond within one month.
If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.
Your rights continue to apply in full during Wind-Down and Archive Mode.
All data is transmitted over HTTPS (encrypted in transit). User authentication is handled by Firebase Auth with rate limiting on login attempts. Firestore security rules restrict data access based on authentication and role. Stripe is PCI-DSS compliant and handles all card data. Admin actions are logged to an audit trail. In Archive Mode, all write operations are disabled, reducing the attack surface.
The Platform uses essential cookies and local storage only, required for functionality (authentication tokens, session data, offline caching). Firebase uses local storage for account authentication. We do not use advertising, tracking, or analytics cookies. As we use only strictly necessary cookies, separate cookie consent is not required under UK law.
Firebase and Stripe may process data outside the UK. Both operate under Standard Contractual Clauses (SCCs) or equivalent safeguards to ensure adequate data protection.
We may update this policy from time to time. Material changes will be communicated via the app or email. Continued use after changes constitutes acceptance.
For data protection enquiries, all founding directors take joint responsibility.
Email: send.it.app.uk@gmail.com
Address: 69 Bridge Street, Coton, Nuneaton, CV11 5UE