1. Who We Are
BackIn5 Ltd ("BackIn5", "we", "us", "our") operates the BackIn5 enquiry handling, dashboard and admin workflow service for trade businesses.
We are the data controller for personal data we collect about our business customers and website visitors. Where we collect and process personal data on behalf of a trade business customer (for example, the details of their end customers submitted through enquiry forms or widgets we operate), we act as a data processor on behalf of that trade business, who is the data controller for that data.
You can contact us about any privacy matter at: hello@backin5.org
2. Information We Collect
2.1 Business customers (trade firms)
When you sign up to or use BackIn5, we collect:
- Your name and the name of your business
- Your email address and phone number
- Your business address
- Payment information, processed securely by Stripe (we do not store card details)
- Information you provide during onboarding about your trade, typical jobs and preferred workflows
- Login credentials and account activity
- Communications you send to us (email, support requests)
2.2 End customers of trade businesses
When BackIn5 handles enquiries on behalf of a trade business (for example, via a live chat widget, missed-call text reply or enquiry form), we may collect personal data about the trade business's customers, including:
- Name, phone number and email address
- Property address or postcode
- Details of the job or enquiry
- Photos or images submitted as part of an enquiry
- Availability and preferred contact times
- Any other information the end customer provides during the enquiry flow
This data is collected and processed on behalf of the trade business (as their data processor). The trade business is responsible for having a lawful basis to collect this data and for providing their own customers with appropriate privacy information.
2.3 Website visitors
When you visit backin5.org, we may collect:
- Technical data such as IP address, browser type, device type and operating system
- Pages visited, referring URL and time spent on the site
- Cookie data (see Section 9 for details)
3. How We Use Your Information
We use the information we collect to:
- Set up, operate and deliver the BackIn5 service
- Manage your account and process payments via Stripe
- Handle and route enquiries on behalf of trade business customers
- Send service notifications, updates and administrative communications
- Respond to support requests and enquiries
- Improve and develop our service
- Meet our legal and regulatory obligations
- Detect, prevent and investigate fraud, abuse or misuse of the service
- Enforce our Terms and Conditions
We do not sell your personal data to third parties. We do not use your data for unsolicited marketing without your consent.
4. Legal Basis for Processing (UK GDPR)
We process personal data only where we have a lawful basis to do so under UK GDPR. The bases we rely on are:
- Contract performance: processing necessary to deliver the service you have agreed to, or to take steps at your request before entering into a contract.
- Legitimate interests: where processing is necessary for our legitimate business interests (such as fraud prevention, service improvement and security), provided those interests are not overridden by your rights.
- Legal obligation: where we are required to process data to comply with the law.
- Consent: where you have given clear consent for a specific purpose (such as optional marketing communications). You can withdraw consent at any time.
6. Data Retention
We retain personal data only for as long as necessary for the purpose it was collected, or as required by law.
- Customer account data: retained for the duration of the contract and for up to 6 years after termination, in line with UK limitation periods.
- Enquiry data processed on behalf of trade businesses: retained as agreed with the trade business, or deleted within a reasonable period following contract end.
- Financial and billing records: retained for at least 6 years as required by UK tax and accounting law.
- Website analytics data: retained in anonymised or aggregated form.
When data is no longer required, we securely delete or anonymise it.
7. Security
We take reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.
These measures include access controls, encrypted connections (HTTPS), use of reputable third-party infrastructure providers, and limiting access to personal data to staff and systems that need it.
No method of transmission over the internet or electronic storage is completely secure. While we take appropriate steps to protect your data, we cannot guarantee absolute security.
If we become aware of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority (the ICO) and, where required, affected individuals, in accordance with our legal obligations.
8. International Transfers
Some of the third-party tools and service providers we use may store or process data outside of the UK or European Economic Area (EEA).
Where personal data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, such as adequacy decisions, standard contractual clauses, or other transfer mechanisms recognised under UK data protection law.
10. Your Rights
Under UK GDPR, you have the following rights in relation to your personal data:
- Right of access: you can request a copy of the personal data we hold about you.
- Right to rectification: you can ask us to correct inaccurate or incomplete data.
- Right to erasure: you can ask us to delete your data where there is no longer a lawful reason to hold it.
- Right to restriction: you can ask us to restrict processing of your data in certain circumstances.
- Right to data portability: you can request your data in a structured, commonly used, machine-readable format where processing is based on consent or contract.
- Right to object: you can object to processing based on legitimate interests, including profiling.
- Rights related to automated decision-making: you have the right not to be subject to decisions made solely by automated means that have a significant effect on you, unless we have a lawful basis to do so.
To exercise any of these rights, please contact us at hello@backin5.org. We will respond within one month. We may need to verify your identity before processing your request.
These rights may be subject to limitations in certain circumstances, for example where we need to retain data to comply with a legal obligation.
11. Children
BackIn5 is a business-to-business service intended for use by trade businesses and their adult staff. We do not knowingly collect personal data from anyone under the age of 18.
If you believe we have inadvertently collected data from a minor, please contact us at hello@backin5.org and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology or legal requirements.
When we make significant changes, we will update the "Last updated" date at the top of this page. Where required, we will notify you directly.
We encourage you to review this policy periodically. Continued use of the service after changes are posted means you accept the updated policy.
13. Contact & Complaints
If you have any questions about this Privacy Policy, or wish to exercise any of your rights, please contact us:
If you are not satisfied with how we handle your data or respond to a request, you have the right to lodge a complaint with the UK supervisory authority:
We would always prefer the opportunity to address your concern directly before you approach the ICO, so please contact us first.