Trailhead Holdings
← Back to home

Privacy Policy

Last updated: March 2026

Trailhead Holdings Ltd ("we", "us", "our") is committed to protecting your personal data. This policy explains how we collect, use, and protect information when you use our website at trailheadholdings.uk, submit enquiries, or engage with our services.

Data controller:
Trailhead Holdings Ltd
Brentwood, Essex, United Kingdom
info@trailheadholdings.uk

1. What data we collect

1.1 Website contact form

When you submit our contact form we collect your name, email address, company name (optional), and message. We use this to respond to your enquiry. This data is sent to us via Resend and stored securely.

1.2 Discovery form (project enquiries)

When you complete our project discovery form we collect your business name, contact name, email address, phone number, and information about your project requirements. We use this to prepare a proposal or quote for your project. This data is stored in our secure database and accessible only to Trailhead Holdings Ltd.

1.3 Client and account data

If you become a client we store your name, company name, email address, phone number, address, and records of our commercial relationship including quotes, invoices, and project notes. This is necessary to fulfil our contract with you.

1.4 Payment data

We use Stripe to process payments. When you pay an invoice online, your payment details are entered directly into Stripe's secure platform . We never see or store your card details. Stripe is PCI DSS compliant. You can read Stripe's privacy policy at stripe.com/gb/privacy.

1.5 Google Calendar

If we connect our Google account to manage calendar scheduling, event data may be processed through the Google Calendar API. We do not share your calendar data with any third parties beyond what is required to provide this functionality. You can read Google's privacy policy at policies.google.com/privacy.

1.6 Cookies and analytics

Our website uses only essential cookies required for it to function. We do not use advertising cookies or third-party tracking. We do not use Google Analytics or any other analytics platform that tracks individual users across sites.

1.7 Push notifications

If you opt in to push notifications on our platform, we store your browser's push subscription endpoint to send you notifications. You can revoke this permission at any time in your browser settings.

1.8 Blog

Our blog is publicly accessible. We do not require registration to read it and we do not track individual readers.

2. Legal basis for processing

We process your personal data under the following legal bases under UK GDPR:

  • Contract: processing necessary to fulfil a contract with you or take steps before entering one (client data, invoicing, quotes)
  • Legitimate interests: processing necessary for our legitimate business interests where these are not overridden by your rights (responding to enquiries, project scoping)
  • Consent: where you have given clear consent (push notifications)

3. How we use your data

We use your data only for the purposes it was collected for:

  • Responding to enquiries and preparing proposals
  • Delivering agreed services and managing our commercial relationship
  • Processing payments for services rendered
  • Communicating with you about your project or account
  • Sending notifications you have opted into

We do not sell your data. We do not use your data for advertising. We do not share your data with third parties except where necessary to deliver our services (Stripe for payments, Resend for email delivery, Supabase for secure data storage) or where required by law.

4. Data retention

We retain your data for as long as necessary to fulfil the purpose it was collected for, and as required by law:

  • Enquiry data: 2 years from the date of submission
  • Client and account data: 7 years from the end of our commercial relationship (required for UK tax and accounting purposes)
  • Invoice and payment records: 7 years (legal requirement)
  • Contact form submissions: 1 year
  • Push notification subscriptions: until you revoke permission

5. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Rectification of inaccurate data
  • Erasure ("right to be forgotten") where there is no legitimate reason for us to continue processing
  • Restriction of processing in certain circumstances
  • Data portability , receive your data in a machine-readable format
  • Object to processing based on legitimate interests
  • Withdraw consent at any time where consent is the legal basis

To exercise any of these rights, contact us at info@trailheadholdings.uk. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

6. Data security

We take reasonable technical and organisational measures to protect your personal data including:

  • Encrypted connections (HTTPS) across all our services
  • Database-level security with row-level access controls
  • Access to personal data restricted to authorised personnel only
  • Third-party processors selected for their security standards (Stripe PCI DSS, Supabase SOC 2)

7. International transfers

Our data is stored on servers in the European Economic Area via Supabase. Where data is transferred outside the EEA (for example via Stripe or Resend), we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

8. Third-party processors

ProcessorPurposePrivacy policy
SupabaseSecure database hostingsupabase.com/privacy
StripePayment processingstripe.com/gb/privacy
ResendEmail deliveryresend.com/legal/privacy-policy
GoogleGoogle Calendar APIpolicies.google.com/privacy
Vercel / NetlifyWebsite hostingvercel.com/legal/privacy-policy

9. Changes to this policy

We may update this policy from time to time. The "last updated" date at the top of this page will reflect any changes. We will notify active clients of significant changes by email.

10. Contact

For any privacy-related queries or to exercise your rights:

Trailhead Holdings Ltd
Brentwood, Essex, United Kingdom
info@trailheadholdings.uk