Heads Above The Cloud
Legal

Privacy Policy

Last updated: March 2026

Contents
1. Who We Are2. What Data We Collect3. How We Use Your Data4. Lawful Basis5. Who We Share Data With6. How Long We Keep Data7. Your Rights8. Cookies9. Security10. Changes to This Policy

1. Who We Are

Heads Above The Cloud Ltd ("we", "us", "our") is a property surveying and inspection company registered in England and Wales, based in Croydon, United Kingdom (Company No. 9522675).

This privacy policy explains how we collect, use, store, and protect your personal data when you use our website at headsabovethecloud.co.uk and our surveying services.

Data protection queries: info@headsabovethecloud.co.uk

2. What Personal Data We Collect

We collect the following categories of personal data:

Account information
Name, email address, and company name, collected when you create an account via our authentication provider.
Booking information
Property address, postcode, property type, floor area, number of floors, year built, listed status, access notes, preferred survey date and time.
Contact information
Name, company, email address, and phone number, collected when you submit a booking request.
Payment information
Payment card details are processed securely by Stripe and are never stored on our servers. We retain only the transaction reference, payment status, and amount paid.
Technical data
IP address, browser type, device information, and pages visited, collected automatically by our hosting provider.
Communication data
Email correspondence related to your bookings, quotes, and surveys.

3. How We Use Your Data

We use your personal data for the following purposes:

1
To create and manage your account
2
To process and manage your survey bookings
3
To prepare and send quotes for our services
4
To schedule surveyors and coordinate access to properties
5
To generate and send invoices
6
To send transactional emails — booking confirmations, quote notifications, survey reminders, and payment receipts
7
To respond to your enquiries
8
To comply with our legal and regulatory obligations
9
To improve our services and website

We do not use your data for marketing, profiling, or automated decision-making. We do not sell or share your personal data with third parties for their marketing purposes.

4. Lawful Basis for Processing

Under UK GDPR, we process your personal data on the following lawful bases:

Contract
Processing is necessary to provide our surveying services to you, including managing bookings, scheduling surveys, issuing quotes, and processing payments.
Legitimate interests
We have a legitimate business interest in maintaining our platform, preventing fraud, and improving our services. We ensure this does not override your rights and freedoms.
Legal obligation
We may process data to comply with legal requirements such as tax, accounting, and regulatory obligations.

5. Who We Share Your Data With

We share your personal data only with the following service providers who process data on our behalf:

Authentication provider
account & login
Stores your account credentials and login data.
Database provider
data storage
Stores your booking, quote, and invoice data.
Payment processor
payments
Processes card payments securely. Card details never touch our servers.
Email service provider
email
Sends transactional emails on our behalf.
Hosting provider
hosting
Hosts our website and processes technical data.

We may also share data with RICS-regulated surveyors assigned to carry out your survey. These surveyors receive only the information necessary to perform the survey — property address, access notes, and scheduled date and time.

We do not transfer your data outside the UK or EEA except where our service providers maintain appropriate safeguards, such as Standard Contractual Clauses or UK adequacy decisions.

6. How Long We Keep Your Data

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected:

Account data
Retained for as long as your account is active. Deleted upon request, subject to any outstanding legal obligations.
Booking and survey data
Retained for 7 years after the booking is completed, in line with UK tax and accounting requirements.
Payment records
Retained for 7 years to comply with HMRC requirements.
Technical logs
Retained for up to 30 days by our hosting provider, Vercel.

7. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

Right of accessRequest a copy of the personal data we hold about you.
Right to rectificationRequest correction of inaccurate or incomplete data.
Right to erasureRequest deletion of your personal data, subject to legal retention requirements.
Right to restrict processingRequest that we limit how we use your data in certain circumstances.
Right to data portabilityRequest your data in a structured, machine-readable format.
Right to objectObject to processing based on legitimate interests.

To exercise any of these rights, contact us at info@headsabovethecloud.co.uk. We will respond within 30 days.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by phone on 0303 123 1113.

8. Cookies

Our website uses only essential cookies required for authentication and session management, provided by Clerk. These cookies are strictly necessary for the site to function and cannot be disabled without breaking core functionality.

We do not use analytics cookies, advertising cookies, or any third-party tracking cookies. As a result, no cookie consent banner is displayed — only strictly necessary cookies are set.

9. Security

We take the security of your personal data seriously. Our security measures include:

All data transmitted via HTTPS/TLS encryption
Authentication managed by Clerk with industry-standard security practices
Payment data processed by PCI DSS-compliant Stripe — card details never touch our servers
Access to admin functions restricted by role-based authentication
Security headers including Content Security Policy, HSTS, and X-Frame-Options
Regular security audits of our codebase and infrastructure

While we take all reasonable steps to protect your data, no method of transmission over the internet is 100% secure. If you have concerns about the security of your data, please contact us immediately.

10. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal requirements. Any changes will be posted on this page with an updated "Last updated" date at the top.

We encourage you to review this policy periodically. Continued use of our services after changes are posted constitutes your acceptance of the updated policy.

Questions? info@headsabovethecloud.co.uk
← Back to site