Privacy Policy

This policy explains what personal data TrustSolo collects, how we use it, who we share it with, and what your rights are under UK data protection law.

Last updated: 19 April 2026

1. Who we are

TrustSolo is the trading name of Edward Livingston, a UK sole trader (not a registered company). Edward Livingston, trading as TrustSolo (“we”, “us”, “our”), is the data controller for the personal data described in this policy. Our business address is:

Edward Livingston
trading as TrustSolo
20 North Row
Charlestown
FIFE, KY11 3EL
United Kingdom

You can reach us by email at hello@trustsolo.co.uk. For privacy-specific enquiries, use the subject line “Data request”.

ICO registration: TrustSolo is registered (or in the process of registering) with the UK Information Commissioner's Office. Our registration reference will be published here once confirmed.

2. What data we collect

a) Waitlist signups (pre-launch)

When you join the waitlist from our site, we collect:

  • Your email address
  • The consent wording you agreed to and the version of that wording (for our audit records)
  • Your IP address and browser user-agent at the time of signup
  • The page you signed up from
  • The timestamps of your signup and any updates to your record

b) Account holders

When you create a TrustSolo account, we (and our authentication provider Clerk) collect:

  • Your name and email address
  • A securely hashed password (we never see or store your plaintext password)
  • Profile information you provide: trading name, business address, discipline, day rate, payment terms, logo, and similar business setup information
  • If you use Stripe to accept payments: information needed to link your TrustSolo account to your Stripe Connect account. We never see or store your customers' card numbers — Stripe handles that directly
  • Information about your subscription with TrustSolo (plan, billing status, renewal dates), processed via Stripe Billing
  • Records of your use of the service: invoices and contracts you create, reminders you schedule, email templates you edit, activity on your account
  • Acceptance records for our Terms of Service and any updates to them

c) Your clients' information (data you enter)

When you use TrustSolo to send invoices and contracts, you enter information about your own clients — their names, email addresses, postal addresses, and invoice/contract content. In UK GDPR terms, you are the controller of that data and we process it on your behalf. Our Terms of Service set out the terms of that arrangement.

d) Visitors to the site

When you visit TrustSolo without signing up, our hosting provider and infrastructure services log standard technical information: IP address, request time, browser user-agent, and the page requested. These logs are used to operate the service, detect abuse, and investigate issues — not to build profiles of you.

3. Why we process your data (legal bases)

  • Consent — for joining the waitlist and receiving the one-off launch email. You can withdraw consent at any time (see “Your rights” below).
  • Performance of a contract — to provide the TrustSolo service once you create an account and agree to our Terms.
  • Legal obligation — to keep financial records, respond to lawful requests from authorities, and comply with tax and accounting rules.
  • Legitimate interests — to secure the service, prevent fraud, improve features, send service notifications (e.g. “your invoice was paid”), and run the business. We've assessed these uses as low-impact and balanced against your rights.

4. Who we share your data with

We use a small number of trusted third parties to run TrustSolo. Each one processes your data under a written agreement and only for the purposes we set. We do not sell your data or use it for advertising.

ProcessorWhat they doWhere they store data
ClerkAuthentication and account management.USA (under UK IDTA / SCCs)
StripeSubscription billing (TrustSolo) and payment processing (your clients paying you).USA / Ireland (under UK IDTA / SCCs)
SupabasePrimary database and file storage.EU region
ResendSending transactional emails.EU region (eu-west-1)
VercelHosting and request routing.USA with global edge (under UK IDTA / SCCs)
CloudflareDNS and network services.Global (under UK IDTA / SCCs)
UpstashRate limiting and background job scheduling.UK / EU regions

We may also share your data where we're legally required to (for example, in response to a valid court order or regulator request), or where necessary to establish, exercise, or defend legal claims.

5. International transfers

Some of our processors are based in the United States or operate on global infrastructure. When your data is transferred outside the UK, we rely on the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses (SCCs) to ensure it's protected to a standard equivalent to the UK GDPR.

6. How long we keep your data

  • Waitlist signups: until you unsubscribe. There's an unsubscribe link in every waitlist email; clicking it deletes your record.
  • Active accounts: for as long as your account is active, and for six months after cancellation so you can reactivate or export your records.
  • Financial records: we retain invoices, contracts, and payment records for the life of your account plus six months. UK tax law (HMRC) requires you to keep your own records for six years; we provide export tools so you can do this.
  • Aggregate, non-identifying usage data: may be retained indefinitely for service improvement.

Where you ask us to delete your account, we anonymise rather than hard-delete records that are tied to financial transactions (this is a legal requirement). Your personal identifiers are replaced with “REDACTED” and the data is no longer associated with you.

7. Your rights

Under the UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Rectify information that's inaccurate or incomplete
  • Erase your data (subject to legal retention obligations)
  • Restrict how we process your data
  • Port your data to another provider
  • Object to processing based on legitimate interests
  • Withdraw consent at any time (this won't affect the lawfulness of anything we did before you withdrew it)
  • Complain to the UK Information Commissioner's Office — see section 11 below

To exercise any of these rights, email hello@trustsolo.co.uk with the subject line “Data request”. We'll respond within one month, as required by law.

8. Security

We use industry-standard measures to protect your data: encryption in transit (HTTPS), encryption at rest (via our database and storage providers), hashed passwords, role-based access controls, and audit logging of sensitive operations. No system is perfectly secure, but we take security seriously and respond quickly to any issue.

9. Cookies

Our Cookie Policy lists every cookie and piece of browser storage we use, what it does, and how to manage it.

10. Children

TrustSolo is not intended for people under 18. We don't knowingly collect data about anyone under 18. If you believe we have, please contact us and we'll delete it.

11. Complaints

If you're not happy with how we handle your data, you can complain to the UK Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
United Kingdom
Helpline: 0303 123 1113
ico.org.uk/make-a-complaint

We'd appreciate the chance to address your concern directly first — email hello@trustsolo.co.uk — but it's your right to go to the ICO at any time.

12. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top reflects the most recent change. For significant changes (for example, a new type of data we collect or a new third-party processor), we'll notify account holders by email before the change takes effect.

Draft: This policy is an accurate reflection of our current processing practices. It has not yet been reviewed by a solicitor and will be replaced with a final version before we begin onboarding paying customers.
Privacy Policy — TrustSolo