Privacy Policy

Last updated: April 2026

1. Introduction

ExpiredTrademarks.co.uk ("we", "us", "our") is a UK-based SaaS platform that helps users search for expired UK trade marks. We are the data controller responsible for your personal data.

We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy explains what personal data we collect, how we use it, and your rights in relation to that data.

2. Information We Collect

Account Data

• Email address
• Display name
• Password (stored only as a BCrypt hash — we never store your plain-text password)

Usage Data

• Search queries you perform on the platform
• Export history (e.g. trade mark lists you have downloaded)
• Saved searches and alert preferences

Payment Data

Payments are processed securely by Stripe. We do not store your card number, expiry date, or CVC on our servers. We retain only your Stripe customer ID so we can link your account to your subscription.

Technical Data

• IP address
• Browser type and version
• Operating system
• Pages visited and time spent on each page
• Referring URL

Cookies

We use an authentication cookie (etm_auth) to keep you signed in. For full details on the cookies we set and how to manage them, please see our Cookie Policy.

3. How We Use Your Information

We use the personal data we collect to:

• Provide and operate the ExpiredTrademarks.co.uk service, including search results, saved searches, and trade mark alerts
• Process subscription payments through Stripe
• Send you notifications about saved searches and trade mark alerts you have configured
• Improve and develop the service based on aggregated usage patterns
• Detect, prevent, and address fraud, abuse, or technical issues
• Comply with legal obligations

Lawful Bases for Processing

We rely on the following lawful bases under UK GDPR:

• Performance of a contract — processing necessary to provide the service you have signed up for and to manage your subscription
• Legitimate interests — improving the service, ensuring security, and preventing fraud, where those interests are not overridden by your rights
• Consent — for optional marketing emails. You can withdraw consent at any time by using the unsubscribe link in any marketing email or by contacting us

4. Data Sharing

We share personal data only in the following limited circumstances:

• Stripe — your email address and Stripe customer ID are shared with Stripe to process payments and manage your subscription
• Law enforcement or regulators — we may disclose personal data if required to do so by law, regulation, or valid legal process

We do not sell, rent, or trade your personal data to any third party.

5. Data Retention

• Account data — retained while your account is active and for 2 years after account deletion, to allow you to reactivate and to comply with legal obligations
• Usage logs (searches, page visits, exports) — retained for 12 months, then deleted or anonymised
• Payment records — retained for 7 years to meet UK tax and accounting requirements

6. Your Rights

Under UK GDPR you have the following rights in relation to your personal data:

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — ask us to correct inaccurate or incomplete data
• Right to erasure — ask us to delete your personal data (subject to legal retention requirements)
• Right to data portability — receive your data in a structured, commonly used, machine-readable format
• Right to restrict processing — ask us to limit how we use your data in certain circumstances
• Right to object — object to processing based on legitimate interests or for direct marketing purposes
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal

To exercise any of these rights, please email contact@expiredtrademarks.co.uk. We will respond within one month as required by UK GDPR.

7. International Transfers

Your personal data is primarily stored and processed within the United Kingdom and the European Economic Area (EEA).

Stripe, our payment processor, may transfer and process data in the United States. Stripe maintains appropriate safeguards for international transfers, including Standard Contractual Clauses and certification under relevant data protection frameworks. You can review Stripe's privacy policy at stripe.com/gb/privacy.

8. Security

We take the security of your data seriously and employ the following measures:

• Passwords are hashed using BCrypt with an appropriate work factor — we never store plain-text passwords
• All data transmitted between your browser and our servers is encrypted using HTTPS/TLS
• Access to personal data is restricted to authorised personnel on a need-to-know basis
• We regularly review and update our security practices

While we implement robust safeguards, no method of electronic transmission or storage is completely secure. If you become aware of any security issue, please contact us immediately at contact@expiredtrademarks.co.uk.

9. Children

ExpiredTrademarks.co.uk is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child under 16 has provided us with personal data, please contact us and we will take steps to delete that information.

10. Cookies

We use a small number of cookies to operate the service, including an authentication cookie (etm_auth) that keeps you signed in. We do not use third-party advertising or tracking cookies.

For full details on the cookies we use, their purpose, and how to manage your preferences, please read our Cookie Policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (sent to the address associated with your account) before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was most recently revised.

12. Contact and Complaints

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

• Email: contact@expiredtrademarks.co.uk

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection:

• Website: ico.org.uk
• Telephone: 0303 123 1113