Privacy Policy

MyTrustList ("we", "us", "our") is a UK-based trust-ranked business directory. This privacy policy explains how we collect, use, store, and protect your personal data when you use our website and services.

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Account Information

When you create an account, we collect your name, email address, and optional profile information such as your location, bio, and profile photo.

Business Information

If you register or claim a business, we collect your business name, description, service categories, service locations (including coordinates for proximity search), contact details, accreditations, and any vacancy information you publish.

Trust and Connection Data

We record the trust relationships you create with businesses and the connections you make with other users. This data powers our trust-ranked search results.

Location Data

With your permission, we use your device's location to provide distance-based search results. We may also estimate your location from your IP address. We do not continuously track your location.

Usage Data

We collect standard web analytics data including pages visited, search queries, browser type, device type, and IP address. This helps us improve the service.

• To provide trust-ranked search results based on your network
• To display your profile and business listings to other users
• To facilitate connections and trust relationships between users and businesses
• To send service notifications (e.g. connection requests, trust notifications, claim verifications)
• To process subscription payments and vacancy billing via our payment provider, Paddle
• To verify business ownership through our claiming process
• To improve and maintain the service

We process your personal data on the following legal bases:

• Contract — processing necessary to provide you with the MyTrustList service, including account management, search, and business listings
• Consent — for optional features such as location-based search and marketing communications
• Legitimate interest — to improve our service, prevent fraud, and ensure platform security
• Legal obligation — to comply with UK tax and financial regulations (e.g. retaining billing records)

We do not sell your personal data. We share data only with the following third parties as necessary to provide the service:

• Paddle — our payment processor, for subscription and vacancy billing
• Linode (Akamai) — our hosting provider
• Cloudflare (R2) — our object storage provider, used to store uploaded files such as logos and profile images
• Forward Email — our email delivery provider
• Status Blocks — our analytics provider, which receives your user ID, name, and email address for event tracking and service improvement purposes

Your trust relationships and connections are visible to other MyTrustList users as part of the platform's core functionality. For example, if you trust a business, your connections may see that you've trusted it when it appears in their search results.

Your data is stored on servers located in the UK. We use encryption in transit (TLS) and at rest. Access to personal data is restricted to authorised personnel only. We conduct regular security reviews to protect your information.

• Account data is retained while your account is active and for a reasonable period afterwards
• Billing and financial records are retained for 7 years as required by HMRC
• Admin activity logs are retained for 2 years
• Anonymised data may be retained indefinitely for statistical purposes

Our automated data retention system runs daily to enforce these retention periods.

Under UK GDPR, you have the following rights:

• Access — you can request a copy of all personal data we hold about you. Use the Data Export feature in your account settings to download your data as a JSON file.
• Rectification — you can update your personal information at any time through your profile and account settings.
• Erasure — you can request deletion of your account. We will anonymise your personal data while retaining records required by law. Use the Delete Account feature in your account settings.
• Portability — you can export your data in a structured, machine-readable format via the Data Export feature.
• Objection — you can object to processing based on legitimate interest by contacting us.
• Withdraw consent — where processing is based on consent, you can withdraw it at any time.

We use essential cookies to maintain your session and remember your preferences. These are strictly necessary for the service to function and do not require consent. We do not use advertising or third-party tracking cookies.

MyTrustList is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.