Google Play Data & Permissions Policy
Last updated: 2 June 2026 · Version: 1.0
This document describes how the TradesFlow mobile apps (the customer app and the trader app) handle user data, device permissions, and account deletion, for the purposes of Google Play's Developer Program Policies, the User Data policy, and the Data safety section of the Google Play Console. It supplements our full Privacy Policy and Terms of Service.
The apps are published by GMHCO LTD, trading as "TradesFlow", a company registered in England & Wales (company number 16056150), registered office 5 Mallard Path, London, England, SE28 0EU.
1. Summary
TradesFlow is a UK marketplace connecting customers with tradespeople. The apps collect only the data needed to run that service — accounts, jobs, messages, payments, and (during active jobs) location — and process it as described in our Privacy Policy. We do not sell personal data. Data is encrypted in transit. Users can export their data and delete their account (see section 5).
2. Data the apps collect and why
| Data type | Examples | Purpose | Shared? |
|---|---|---|---|
| Account info | name, email, phone, password (hashed) | create and secure your account | Processors only |
| Identity & business (traders) | ID/verification, business, insurance, bank details | KYC/AML, payouts | Stripe |
| Location | approximate; precise during an active job | match jobs; live job tracking | Between the matched customer and trader for that job |
| Photos | job and evidence photos you upload | describe and evidence jobs | Between the matched parties |
| Messages | in-app chat | communicate about a job | Between the matched parties |
| Financial info | payments, escrow, payouts (card data handled by Stripe) | process payments | Stripe |
| App activity & diagnostics | usage, device identifiers/fingerprint, crash/logs | security, fraud prevention, improving the app | Processors only |
"Processors only" means service providers acting on our instructions (e.g. Google Firebase for auth/notifications/storage, PostHog for analytics, email/notification providers). See the Privacy Policy for the full list and lawful bases.
3. Permissions the apps request
- Location (precise/approximate) — used to match jobs to nearby traders and, **during an
active job**, to show the customer the trader's live location for that job. Location is used while you are using the relevant feature; you are told in-app before tracking starts, and it stops when the job ends. You can decline or revoke location in your device settings.
- Camera / Photos — to take or choose photos of a job and upload evidence (before / during
/ after). Used only when you add a photo.
- Notifications — to send job, payment, and message updates via push (Firebase Cloud
Messaging). You can turn notifications off in your device settings.
- Internet / network — required for the app to function.
We request each permission only for the purpose above, request it in context, and the app continues to work (with reduced functionality) if you decline a non-essential permission.
4. Google APIs and third parties
The apps use Google Firebase (Authentication, Firestore, Cloud Messaging, Storage) and Google Maps as infrastructure, and Stripe for payments. The apps do not use Google Sign-In or request OAuth access to your Google account data (such as Gmail, Drive, or Contacts), so Google's restricted/sensitive-scope "Limited Use" API requirements do not apply. If that ever changes, this document and our Data safety declaration will be updated first.
5. Account and data deletion
In line with Google Play's account-deletion requirement, users can request deletion of their account and associated data:
- In the app: Profile → Data & Privacy → Delete account.
- On the web (no app needed): see our Account & Data Deletion
page.
- By email: privacy@tradesflow.trade.
What is deleted, what is retained for legal reasons (e.g. payment and audit records kept for 7 years), and the timeframe are set out on the Account & Data Deletion page.
6. Children
The apps are intended for adults (18+) and are not directed at children. We do not knowingly collect data from children.
7. Ads and tracking
The apps do not show third-party advertising and do not use advertising IDs for ad targeting. Analytics is used to operate and improve the service as described in the Privacy Policy and Cookie Policy.
8. Security
Data is encrypted in transit; passwords are hashed; sensitive operations are backend-only (no secrets stored on the device); sessions are device-bound; and we run fraud, device-trust, and abuse monitoring. See the Privacy Policy, section 8.
9. Contact
GMHCO LTD (trading as TradesFlow), 5 Mallard Path, London, England, SE28 0EU. Privacy: privacy@tradesflow.trade · Support: info@tradesflow.trade.