Privacy Policy

24Plumb Ltd  ·  Last updated: 19 May 2026  ·  Effective: 19 May 2026

1. Who We Are

24Plumb Ltd ("24Plumb", "we", "us", "our") operates the 24Plumb emergency plumber booking platform at 24plumb.com. We are the data controller for personal data collected through this website.

We are registered in England and Wales. For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we are the data controller for the personal data we process about you.

We are registered with the Information Commissioner's Office (ICO). Our ICO registration number is available on request.

2. Data We Collect

From customers making a booking

• Identity data: full name
• Contact data: phone number, email address
• Location data: full service address including postcode
• Job data: description of the plumbing problem, urgency level
• Financial data: payment amount, Stripe payment intent ID (your card number is processed directly by Stripe and is never transmitted to or stored by 24Plumb)
• Technical data: IP address, browser type, and referring page (collected automatically by Firebase Hosting)

From plumbers applying to join the platform

• Identity data: full name
• Contact data: phone number, email address
• Professional data: Gas Safe registration number, public liability insurance status, areas of operation, home postcode
• Account data: Google account ID (used for authentication)

Data we do not collect

We do not collect card numbers, sort codes, or bank account details. We do not collect special category data (health, ethnicity, religion, etc.). We do not knowingly collect data from anyone under 18.

3. How We Use Your Data

For customers

• To process your booking and dispatch a verified plumber to your address
• To process payment and issue a payment confirmation
• To send you SMS or email updates about your booking status
• To share your name, address, and phone number with the assigned plumber so they can attend the job
• To handle disputes, complaints, and refund requests
• To detect and prevent fraud
• To comply with our legal and regulatory obligations

For plumbers

• To verify your Gas Safe registration and professional credentials
• To create and manage your plumber account
• To dispatch jobs to you and share customer contact details for confirmed bookings
• To calculate and record your earnings and platform fees
• To communicate platform updates, policy changes, and support

4. Legal Basis for Processing

Under UK GDPR, we must have a lawful basis for processing personal data. We rely on the following:

• Contract performance (Article 6(1)(b)): Processing your name, address, phone, and email is necessary to provide the booking service you have requested.
• Legal obligation (Article 6(1)(c)): We are required to maintain financial records for HMRC purposes and to verify plumber credentials under applicable regulations.
• Legitimate interests (Article 6(1)(f)): We process technical data (IP addresses, usage logs) to maintain the security and performance of our platform, prevent fraud, and improve our service. We have assessed that these interests do not override your rights.
• Consent (Article 6(1)(a)): Where we send marketing communications (if applicable), we will obtain your explicit consent first.

5. Third-Party Services and Data Processors

We share your data only with trusted processors who are contractually bound to handle it securely and only for the purposes we specify:

Stripe Inc. (Payment Processing)

We use Stripe to process payments. When you enter payment card details, they go directly to Stripe's servers and are never seen or stored by 24Plumb. Stripe is PCI-DSS Level 1 certified. Stripe's privacy policy is available at stripe.com/gb/privacy.

Google Firebase / Firestore (Cloud Infrastructure)

We store booking data, account data, and job records in Google Firebase Firestore. Google acts as our data processor under a Data Processing Agreement. Firebase infrastructure is operated by Google LLC, with EU/UK data stored in servers located in Belgium (europe-west1) or equivalent EU/EEA regions.

SMS / Notification Provider

We may use a third-party SMS provider to send booking confirmations and status updates to customers and plumbers. We share only your name and phone number for this purpose.

Google Maps (Geocoding and Mapping)

We use the Google Maps API to convert postcodes to map coordinates and to display job locations. Your address data may be transmitted to Google's servers for this purpose. Google's privacy policy applies: policies.google.com/privacy.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

6. International Data Transfers

Some of our processors (including Google and Stripe) are based in the United States. Where data is transferred outside the UK, we ensure appropriate safeguards are in place, including:

• UK adequacy decisions where applicable
• Standard Contractual Clauses (SCCs) approved by the ICO
• The UK–US Data Bridge where available

7. Data Retention

We keep your data only as long as necessary for the purposes for which it was collected:

• Booking records and payment information: 7 years from the date of transaction, as required by HMRC financial record-keeping rules.
• Customer contact data: 2 years after your last booking, then deleted or anonymised.
• Plumber account data: For the duration of the plumber's active account, plus 2 years after account closure.
• Technical logs: 90 days.

When data is no longer required, we securely delete or anonymise it.

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data. To exercise any of them, please contact us using the details in Section 11.

• Right of access: You may request a copy of the personal data we hold about you (a Subject Access Request). We will respond within one month.
• Right to rectification: You may ask us to correct inaccurate data.
• Right to erasure: You may ask us to delete your data. We will comply unless we are required to retain it for legal reasons (e.g. financial records).
• Right to restrict processing: You may ask us to pause processing of your data in certain circumstances.
• Right to data portability: You may request your data in a structured, machine-readable format.
• Right to object: You may object to processing based on our legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds.
• Rights related to automated decision-making: We do not make solely automated decisions that significantly affect you.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

9. Cookies and Tracking

We use the following cookies and browser storage:

• Session storage: We temporarily store your booking reference in your browser's session storage to populate the confirmation page. This is deleted when you close your browser tab.
• Local storage: For plumber portal users, we store your login state and PWA installation preferences in local storage.
• Firebase Authentication cookies: Firebase sets a session cookie to maintain your authenticated state in the admin and plumber portals.
• Google Maps: Google Maps may set cookies when the tracking page is loaded. These are governed by Google's cookie policy.

We do not use advertising cookies, tracking pixels, or third-party analytics beyond Google Firebase Analytics (if enabled).

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will update the "Last updated" date at the top of this page. For material changes, we may notify you by email if you have an account. We encourage you to review this page periodically.

11. Contact Us