Legal

Privacy Policy

Effective date: 25 February 2026 · Last updated: 20 May 2026 · Version: 1.2

1. Who We Are

BoilerFix AI ("we", "us", "our") is a professional technical reference and field-tools platform for Gas Safe registered engineers operating in the United Kingdom. The service is accessible at boilerfix-ai.co.uk and via the BoilerFix AI mobile application (iOS and Android).

BoilerFix AI is operated by Stephen Bird, trading as BoilerFix AI (sole trader). The data controller for personal data collected through the service is Stephen Bird.

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, where it is stored, and your rights in relation to it. We are committed to protecting your privacy and handling your data in an open and transparent manner.

Data controller contact: boilerfixai@gmail.com

2. What Data We Collect

We collect only the data necessary to provide the service. Different features collect different data — see Section 3 for where each type of data is stored.

Account data (collected at signup):

First name and last name
Email address (used for authentication)
A self-certification tickbox confirming the user is a Gas Safe registered engineer

Gas Safe registration number:

The Gas Safe registration number is not collected at signup.
It is collected only when an engineer generates a gas safety certificate (CP12, CP6, CP17 and similar documents), where the number is required on the certificate by regulation.
The number is stored as part of the certificate record and is not verified against the Gas Safe Register (no public verification API is available).

Bookkeeping data (stored on your device only — see Section 3):

Invoices — invoice number, customer name, date, amount, status, payment method, paid date
Expenses — date, amount, category, description, VAT flag, receipt images
Receipt folders — folder names and associated receipts

Job Calendar and Customer Hub data (stored in our cloud database — see Section 3):

Jobs — date, time, job type, notes, price, completion status
Customers — name, address, postcode, phone, email, boiler make and model, last service date
Certificates generated through the app (including Gas Safe registration number as described above)

Boiler Passport data (stored in our cloud database):

Sticker codes, boiler make/model, install date, service dates and service log entries
Public-facing pages display the registering engineer's name, business name and Gas Safe registration number (mirroring information already shown on a Gas Safe ID card) but never customer names, addresses, phone numbers or emails — see Section 5

Job Portal customer submissions:

Customer name, email address, phone number, postcode and job description

Subscription and payment data:

Plan, status, billing source (Stripe / Apple / Google), subscription start and renewal dates
We do not see or store card numbers — these are handled by Stripe, Apple, or Google directly

Technical data:

Device type, operating system and browser type (for app compatibility)
Log data — IP address and access timestamps (for security and fraud prevention)

We do not collect payment card details — payments are handled entirely by Stripe (web/Android), Apple (iOS) or Google Play. We do not sell your data to third parties. We do not use your data for advertising purposes.

3. Where Your Data Lives

Different features of the app store data in different places. This is important for understanding what we hold on our servers versus what stays on your device.

Feature	Where stored	Notes
Account & login	Cloud (Supabase)	Email, name, authentication record
Subscription & payment status	Cloud (Supabase)	Synced via Stripe / RevenueCat webhooks
Job Calendar	Cloud (Supabase)	Synced across devices
Customer Hub	Cloud (Supabase)	Customer contact details and boiler info
Certificates (CP12, CP6, CP17)	Cloud (Supabase)	Includes Gas Safe reg number per certificate
Boiler Passport	Cloud (Supabase)	See Section 5 for access controls
Bookkeeping (invoices, expenses, receipts)	Device only	Stored in browser storage — manual export/restore

Bookkeeping is device-only. Invoices, expenses, receipts and folders are stored in your browser's local storage on your phone, tablet or computer. They are not sent to our servers. If you clear the app data, browser storage, or reinstall the app, this data will be lost unless you've used the in-app Backup feature to export a JSON file.

This is by design — to keep customer financial records off shared infrastructure and minimise the data we hold. We recommend exporting a backup at least once a month.

Everything else syncs across your devices. Sign in on any device and your Jobs, Customers, Certificates, Passport records and subscription will be available.

4. How We Use Your Data

We use the data we collect for the following purposes:

To create and manage your engineer account, including authenticating logins
To confirm self-certified eligibility as a Gas Safe registered engineer (subject to the limitations described in Section 2 — no live verification against the Gas Safe Register)
To operate and maintain the BoilerFix AI service
To securely sync your jobs, customers, certificates and Boiler Passport data across your devices when signed in
To process subscription payments via Stripe, Apple or Google Play, and to record subscription status
To match customer jobs with engineers in their area (Job Portal feature)
To send transactional emails (account verification, quote notifications, job acceptance, service reminders, important account notices)
To respond to support requests
To detect and prevent fraud, abuse, and account-sharing
To improve app features, fix bugs and enhance user experience
To comply with our legal obligations under UK law

We will never use your data for automated profiling or decision-making that produces legal or significant effects on you.

5. Data Security and Access Controls

Database security

All cloud data is stored in Supabase (Postgres), hosted within the European Union. Every user-data table has Row Level Security (RLS) enabled with policies scoped to your authenticated user ID. This means that even if an attacker obtained the application's public API key, they could not read another engineer's records.

Encryption

In transit: TLS 1.2+ via Cloudflare and Supabase
At rest: AES-256 encryption at the storage layer

Access controls

The Supabase service-role key (which bypasses RLS) is used only inside Cloudflare Workers as a secret environment variable. It is never present in the mobile app, web app, or browser.
Email verification is required before account access is granted.
Concurrent-session controls limit account sharing.
"Leaked password protection" is enabled (Supabase checks against HaveIBeenPwned at signup).

Boiler Passport access

Boiler Passport pages are accessible to anyone with the unique sticker code (typically the homeowner whose boiler the sticker is on). To be precise about what is visible and what is not:

Visible on the public passport page: the registering engineer's name, business or trading name, Gas Safe registration number, boiler make/model, install date, last and next service dates, and service history entries (dates and job type). This information mirrors what is already on the engineer's Gas Safe ID card and is the purpose of the passport.
Never visible on the public passport page: customer names, customer addresses, customer phone numbers, customer email addresses, financial details, invoices, or expenses.
Public passport pages are marked noindex to prevent indexing by search engines.
Stickers can be revoked by the registering engineer at any time from inside the app, after which the public page returns a "not active" state.
Booking requests submitted through a passport page are rate-limited and routed to the registering engineer by email — they are never exposed publicly.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. No method of transmission over the internet or method of electronic storage is 100% secure, however, and we cannot guarantee absolute security.

6. Legal Basis for Processing

Under the UK General Data Protection Regulation (UK GDPR), we process your personal data on the following legal bases:

Contract performance — to deliver the service you have registered for
Legitimate interests — to improve the service, prevent fraud, and ensure platform security
Legal obligation — to comply with applicable UK laws and tax regulations
Consent — where you have explicitly opted in to optional communications

7. Data Retention

We retain your personal data only for as long as necessary. Specifically:

Account and synced data is retained for the duration of your active account
On account deletion, your profile, jobs, customers, certificates and Boiler Passport records will be deleted within 30 days
Bookkeeping data on your device is removed when you uninstall the app or clear browser storage — it never leaves your device
Payment and subscription records may be retained for up to 7 years for HMRC tax compliance
Anonymised security logs may be kept for up to 12 months for abuse monitoring
Job Portal customer submissions are retained for 12 months after submission
Transactional email metadata held by Resend follows their own retention policy (typically short-window — message bodies purged after a brief period)

8. Sub-Processors

We do not sell, rent, or trade your personal data. We share data only with the following service providers ("sub-processors") who help us operate the platform. Each operates under a data processing agreement and processes data only as instructed by us.

Supabase — database, authentication and storage (EU-hosted). Stores account data and synced cloud records.
Stripe — subscription payment processing for web and Android (PCI DSS compliant). We never see or store your card details.
Apple App Store / In-App Purchases — subscription payment processing on iOS. Card details are held by Apple, not by us.
RevenueCat — iOS subscription event handling and entitlements sync. Receives Apple IAP events and updates our subscription records.
Google Play Billing — used for Play Store distribution and subscription events on Android (where applicable).
Resend — transactional email delivery (verification emails, certificate dispatch to customers, password reset, account notices). Resend's retention is governed by their privacy policy.
Cloudflare — hosting, content delivery, DDoS protection and serverless functions (Cloudflare Workers).

Certificate and invoice email delivery: When you send a CP12, CP6, CP17 or invoice to a customer, the PDF is generated server-side in a Cloudflare Worker, attached to a single transactional email and dispatched via Resend. We do not retain the PDF after dispatch beyond your own copy held in your account. The recipient customer's email is not added to any mailing list.

We may also share data where required by law, regulation, or court order, or to protect the safety and rights of our users.

9. Cookies and Tracking

BoilerFix AI uses minimal cookies and local storage — only those necessary for core functionality such as keeping you logged in (authentication session cookies via Supabase) and saving your app preferences. We do not use advertising cookies or third-party tracking technologies. You can control cookie settings through your browser, though disabling essential cookies will affect app functionality.

10. Your Rights Under UK GDPR

As a UK data subject you have the following rights:

Right of access — to request a copy of the personal data we hold about you
Right to rectification — to request correction of inaccurate data
Right to erasure — to request deletion of your personal data ("right to be forgotten")
Right to restriction — to request we limit processing of your data
Right to data portability — to receive your data in a structured, machine-readable format
Right to object — to object to processing based on legitimate interests
Right to withdraw consent — at any time where processing is based on consent

To exercise any of these rights, email boilerfixai@gmail.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

11. Vulnerability Disclosure

If you believe you have found a security vulnerability, weakness, or privacy issue in BoilerFix AI, please report it responsibly by emailing boilerfixai@gmail.com with the subject line "Security Disclosure".

We will:

Acknowledge receipt within 24 hours
Investigate the report promptly and keep you updated on progress
Credit you in a public acknowledgement after the issue is resolved, if you wish

Please do not publicly disclose the vulnerability before we have had a reasonable opportunity to address it.

12. AI and Diagnostic Disclaimer

Diagnostic, fault-code lookup, and AI-assisted outputs in BoilerFix AI are advisory only. Engineers must verify all information against current manufacturer instructions, Gas Safe Technical Bulletins, the Gas Safety (Installation and Use) Regulations 1998, and any applicable standards before carrying out any work.

BoilerFix AI does not replace professional judgement, the engineer's qualifications, or compliance with Gas Safe regulations. The platform is a reference and field-tools aid — it is not a substitute for trained, competent, registered gas work.

13. Children's Privacy

BoilerFix AI is a professional platform intended for adults aged 18 and over who are Gas Safe registered (or in approved training towards Gas Safe registration). We do not knowingly collect data from anyone under the age of 18. If you believe a minor has provided us with personal data, please contact us immediately at boilerfixai@gmail.com.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify registered users by email and display a notice within the app. The "Last updated" date at the top of this page will always reflect the most recent version. Continued use of the service after changes are posted constitutes acceptance of the updated policy.

15. Delete Your Account

You have the right to request deletion of your BoilerFix AI account and all associated personal data at any time. There are two ways to do this:

Option 1 — In the app (fastest):

Open BoilerFix AI → sign in → tap 👤 Account in the top header → scroll to the Danger Zone → tap Delete my account → confirm with your password and the DELETE MY ACCOUNT phrase.

Option 2 — By email: Send an email to boilerfixai@gmail.com with the subject line "Account Deletion Request" and include the email address associated with your account.

Backend data (jobs, customers, certificates, Boiler Passport records) is deleted within 30 days. Bookkeeping data stored on your device is removed when you uninstall the app or clear browser storage.

Some data may be retained for a period after deletion where required by law (e.g. payment records for HMRC tax compliance — up to 7 years). You will be informed of any such retention at the time of your request.

For full details of what is deleted, what is kept, and for how long, see our Data Deletion page.

16. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or the handling of your personal data, please contact us:

BoilerFix AI

Stephen Bird, sole trader

Email: boilerfixai@gmail.com

Response time: within 24 hours for most enquiries; 30 days maximum for formal subject-access requests