Privacy Policy
Last updated: March 2026
1. Data controller
Heat Network Compliance Hub, contactable at support@heatnetwork-compliance.co.uk.
2. What data we collect
Purchases: name, email, organisation name. Payment cards processed by Stripe (never stored by us). Contact form: name, email, message content. Downloads: IP address, timestamp, user agent.
3. Lawful basis
Contract performance (order fulfilment), legitimate interests (security, fraud prevention), legal obligation (HMRC record keeping).
4. How we use your data
Order processing, document delivery, support, financial records. No marketing without opt-in. Data never sold or shared for third-party marketing.
5. Third-party processors
Stripe (payments) – stripe.com/gb/privacy. SendGrid/Twilio (email delivery) – twilio.com/legal/privacy. Both GDPR-compliant.
6. Data retention
Orders: 7 years (HMRC). Download logs: 12 months. Support correspondence: 24 months. Download links: expire after 7 days, files deleted after 30 days.
7. Cookies
Essential only. See Cookie Policy.
8. Your rights
Access, rectification, erasure, restrict processing, data portability, object. Contact support@heatnetwork-compliance.co.uk. Response within 30 days.
9. Data security
HTTPS encryption, secure password hashing, restricted access on need-to-know basis.
10. International transfers
Stripe and SendGrid may process data outside the UK under appropriate safeguards including Standard Contractual Clauses.
11. Complaints
Contact us first. You may also lodge a complaint with the ICO.
12. Customer documents submitted for regulatory update transfers
When you use our paid service to transfer data from a previous document version to an updated version, you send us your completed compliance document. We process this document solely for the purpose of performing the data transfer. We do not use the contents for any other purpose. Completed documents are deleted within 7 days of delivering the updated version to you. We recommend you retain your own copy before submission.