Privacy Policy

πŸ”’ Your data. Your control.

Privacy policy

How Findfitter collects, uses, shares, and protects your personal data β€” written in plain English. Last updated: 20 April 2026. Version 1.1.

πŸ“‹ The short version

  • We only collect data you give us through our quote form, plus basic technical data (IP, browser) to keep the site running and safe.
  • We share your name, postcode, phone and email with up to 4 FENSA/Certass-registered installers so they can send you a quote β€” and with our lead-matching partner Leads 2 Trade, who connects us to those installers.
  • We never sell your data to general marketing lists, unrelated businesses, or overseas data brokers.
  • You can ask us to delete your data at any time by emailing privacy@findfitter.co.uk.
  • You have full rights under UK GDPR, including access, correction, deletion, and complaint to the ICO.

1. Who we are

Findfitter is a trading name operating in the United Kingdom. We are the data controller for the personal data you provide through this website. That means we decide what data is collected and how it’s used.

Contact for privacy matters: privacy@findfitter.co.uk
General enquiries: hello@findfitter.co.uk
ICO registration: Registration in progress. Once issued, our ICO reference number will be published here. In the meantime we comply with UK GDPR, the Data Protection Act 2018, and PECR.

2. What data we collect

Information you give us

  • Contact details: first name, last name, email address, UK mobile number.
  • Property details: full postcode, address line, property type (flat, terrace, semi, detached), tenure (owner, buying, landlord), and the number of windows or doors you want quoted.
  • Project details: product (windows, doors, conservatory, glass only), material preference, rough timeline.
  • Anything you add to the message field of our contact or quote forms.

Information we collect automatically

  • Technical data: IP address, device type, browser, operating system, referring URL β€” used to detect spam and diagnose site errors.
  • Local storage (your browser only): we save an incomplete quote-form draft to your device’s localStorage so you don’t lose progress if you navigate away. This draft never leaves your device until you submit the form.
  • Essential cookies: a minimal WordPress session cookie if you log in (most visitors don’t). See our Cookie policy.

What we don’t collect: we do not collect payment card data, date of birth, National Insurance numbers, or any special category data (health, religion, political opinion, etc.). Our forms never ask for these.

3. How we use your data β€” and our legal basis

Under UK GDPR we must have a lawful reason to process your data. Here’s exactly what we do and why:

What we doWhyLegal basis
Pass your contact and project details to up to 4 vetted installersTo fulfil your request for free quotes β€” the whole reason you filled the formConsent (given when you submit the form) + contract performance
Share matching data with our partner Leads 2 Trade (lead distribution network)So they can route you to the most relevant FENSA/Certass-registered local installersConsent + legitimate interest in matching you accurately
Send you a confirmation email and occasional updates about your quoteKeep you informed about the process you’ve asked us to startContract performance
Store your submission for up to 24 monthsDeal with complaints, warranty questions, and fraud checksLegitimate interest + legal obligations
Detect and block spam, bots, and fake submissionsKeep the service useful for real UK homeownersLegitimate interest in security
Improve the website (aggregated and anonymous)Fix bugs, improve content, remove friction from the formLegitimate interest

We do not use your data for unrelated marketing, political profiling, credit scoring, or automated decision-making that produces legal effects on you.

4. Who we share your data with

We share the minimum data needed with carefully chosen partners. Each is bound by a written data-processing agreement and operates under UK or EU data protection law.

Installers (up to 4 per enquiry)

When you submit a quote form, we share your first name, last name, email, phone number, postcode, address, property type, and project details with up to four FENSA or Certass-registered installers who operate in your postcode. Each installer becomes an independent data controller the moment they receive your details and handles your data under their own privacy policy. If you’d like any installer’s privacy policy before speaking to them, email us β€” we’ll send it.

Lead-matching partner β€” Leads 2 Trade

Leads 2 Trade Ltd (company no. 05987351, registered in England and Wales) operates a vetted UK installer network we use to distribute quote requests. Their privacy policy is at leads2trade.co.uk/privacy-policy. We may also use secondary networks (LeadsDoWork, Bark, or similar) for overflow capacity β€” if used, they operate under equivalent UK GDPR-compliant terms.

Service providers (processors, not controllers)

  • Hetzner Online GmbH (Germany) β€” hosts our website and database. Hetzner is GDPR-compliant and certified under ISO 27001.
  • Cloudflare, Inc. (US/UK) β€” DNS, DDoS protection, and Turnstile anti-bot (when enabled). Cloudflare operates under UK-approved Standard Contractual Clauses.
  • Email delivery β€” transactional confirmation emails sent via our server; we do not currently use Mailchimp, SendGrid, or similar third-party email services.

Legal sharing: we may disclose your data to police, regulators, or courts if required by UK law (for example, an ICO investigation or a valid court order).

What we never do: we do not sell your details to general marketing databases, solar cold-callers, insurance resellers, energy switching brands, or any business unrelated to your quote request.

5. International data transfers

Most of your data stays in the UK. Some processors (Hetzner in Germany, Cloudflare in the US) may process data outside the UK. Where this happens, transfers are protected by the UK’s adequacy decision for the EEA, or by the UK International Data Transfer Agreement (IDTA) / Standard Contractual Clauses.

6. How long we keep your data

Type of dataRetention period
Quote form submissions24 months from submission (then deleted or anonymised)
Email enquiries24 months from last contact
Spam / blocked submissions90 days (for abuse pattern analysis)
Server access logs30 days
localStorage drafts (on your device)Cleared automatically on submission, or when you clear your browser storage

You can ask for earlier deletion at any time. We’ll only refuse if we have a legal obligation to keep specific data (e.g. proof of consent during an ICO investigation).

7. How we keep your data safe

  • TLS encryption on every page and form submission (the padlock in your browser bar).
  • Cloudflare protects the site against DDoS and injection attacks.
  • Restricted access β€” only the Findfitter founder can access the submissions database.
  • Cloudflare Turnstile (bot-protection challenge, when enabled) verifies you’re a real person without tracking you.
  • Spam filters block disposable email addresses, obviously fake names, and placeholder phone numbers before they reach installers.
  • We do not store payment data, because we never take payment from homeowners β€” all transactions happen directly with your chosen installer.

If we ever suffer a data breach likely to risk your rights, we’ll notify the ICO within 72 hours and contact affected users by email.

8. Your rights

Under UK GDPR you have the following rights. To exercise any of them, email privacy@findfitter.co.uk β€” we’ll respond within 30 days, free of charge.

  • Right to be informed β€” this policy covers it.
  • Right of access β€” request a copy of the personal data we hold about you.
  • Right to rectification β€” ask us to correct inaccurate data.
  • Right to erasure (“right to be forgotten”) β€” ask us to delete your data.
  • Right to restrict processing β€” ask us to pause processing while we resolve a query.
  • Right to data portability β€” get a copy of your data in a machine-readable format.
  • Right to object β€” object to processing based on legitimate interest.
  • Rights relating to automated decision-making β€” not applicable here (we don’t use automated decisions that affect you).

Right to complain: you can complain to the Information Commissioner’s Office at ico.org.uk/make-a-complaint, call 0303 123 1113, or write to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. We’d appreciate a chance to put things right first, but you’re not obliged to contact us before the ICO.

9. Installer calls, marketing, and TPS

When you submit the quote form, you give specific consent for up to 4 installers to contact you about the job you requested. This consent overrides a standing Telephone Preference Service (TPS) or Mailing Preference Service (MPS) registration for the purpose of that enquiry β€” because you’ve actively asked for the calls.

To stop installer contact:

  • Tell the installer directly β€” they’re legally required to stop contacting you about anything else.
  • Email privacy@findfitter.co.uk and we’ll relay a stop request to all matched installers within 24 hours.
  • Register or renew with the Telephone Preference Service at tpsonline.org.uk (free) for protection against unrelated unsolicited marketing calls.

Findfitter itself does not send marketing emails, newsletters, or promotional SMS. Any email from us will only be about a quote request you’ve made.

10. Cookies and tracking

We keep cookies to an absolute minimum. See our full Cookie policy for details. In short:

  • Strictly necessary cookies (WordPress session, Cloudflare security) β€” used; no consent needed under PECR.
  • Analytics cookies β€” not in use.
  • Advertising cookies β€” not in use. We do not retarget visitors on Facebook, Google, or anywhere else.
  • localStorage β€” used only for your incomplete form draft on your device; never sent to us.

11. Children

Findfitter is a service for UK homeowners. It’s not intended for people under 18 and we don’t knowingly collect data from minors. If you believe a child has submitted data, email us and we’ll delete it.

12. Automated decision-making and profiling

We use simple pattern checks to block obvious spam and bots (e.g. sequential phone numbers, disposable email domains, UK postcode validation). These checks affect only whether a form submission reaches a human β€” they don’t produce any legal effect or significant impact on you, and they’re reviewable on request.

We do not use your data for credit scoring, pricing decisions, or any automated profiling about you as a person.

13. Links to other websites

Our site links to FENSA, Certass, Energy Saving Trust, Which?, GOV.UK, and various local councils and installer websites. Each is a separate organisation with its own privacy policy. We have no control over how third-party sites handle your data β€” always check their policy before submitting anything on them.

14. Changes to this policy

We’ll update this page whenever our practices change. Material changes (new data sharing, new retention periods, changes to your rights) will be highlighted at the top of the page for at least 30 days. The “Last updated” date at the top tells you the version in force.

  • v1.1 β€” 20 April 2026: comprehensive rewrite; added retention schedule, TPS guidance, processor list, international transfers section, plain-English summary.
  • v1.0 β€” launch (April 2026): initial policy.

15. Contact us

For any question about this policy, your data, or your rights:

  • πŸ“§ Privacy enquiries: privacy@findfitter.co.uk
  • πŸ“§ General support: hello@findfitter.co.uk
  • πŸ• Hours: Monday to Friday, 9am–5pm UK time. We aim to respond within 2 working days and always within the 30-day UK GDPR deadline.

Related: Terms & conditions Β· Cookie policy Β· Contact us Β· How we vet installers

16. Legal sources & references

This privacy policy is written to comply with the following UK and EU legislation and published regulator guidance:

Compare Free Quotes