This Privacy Policy describes how GoFindPart Ltd ("GoFindPart", "we", "us", or "our") collects, uses, shares, and protects your personal information when you use our B2B industrial parts marketplace. We are committed to complying with the UK GDPR and the Data Protection Act 2018.
1. Information We Collect
Account Information
- Name, email address, and phone number
- Company name, registration number, and business address
- Role type (buyer, seller, or both)
- Password (stored as a secure hash — never in plain text)
Location & Delivery Data
- Pickup and delivery addresses associated with requests and offers
- Geolocation data when you use delivery tracking features
Transaction Data
- Part requests, offers, and order history
- Payment amounts, invoice records, and payout history
- Delivery confirmations and dispute records
Technical Data
- IP address and browser/device information
- Session tokens and access logs
- Analytics data (page views, feature usage) via Google Analytics 4
2. How We Use Your Information
- Provide and operate the GoFindPart marketplace
- Match buyers' part requests with relevant verified suppliers
- Process payments and manage escrow release
- Send order confirmations, payout notifications, and delivery updates
- Verify supplier companies against Companies House records
- Calculate and display seller priority scores and tier status
- Detect and prevent fraud, abuse, and unauthorised access
- Provide customer support and resolve disputes
- Improve platform features using aggregated, anonymised analytics
3. Information Sharing
With Other Users
- Buyer company name and general location are shared with suppliers when a request is posted
- Supplier name, tier, and review rating are visible to buyers
- Payment amounts are visible to both parties in a transaction
With Service Providers
- Stripe: payment processing, escrow management, and payouts
- AWS: secure storage of uploaded documents and images
- Render: cloud infrastructure and application hosting
- Sentry: anonymised error and performance monitoring
- Google Analytics 4: aggregated usage analytics
For Legal Reasons
- We may disclose data to comply with a legal obligation or court order
- We may share information to protect the rights, property, or safety of GoFindPart, our users, or the public
- We will notify you of legal disclosures where permitted to do so
4. Data Security
- All data is transmitted using TLS 1.2 or higher (HTTPS)
- Passwords are hashed using bcrypt with per-user salts — never stored in plain text
- Database access is restricted to authorised application services only
- QR-based delivery verification codes expire after use
- Payment data is handled entirely by Stripe — we do not store card numbers
- Regular automated security audits and dependency vulnerability scanning
- Incident response procedures are in place for data breach scenarios
5. Your Rights (GDPR)
- Access: Request a copy of the personal data we hold about you
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your personal data (subject to legal retention requirements)
- Portability: Receive your data in a structured, machine-readable format
- Objection: Object to processing your data for direct marketing
- Restriction: Request that we limit how we process your data
- Withdraw Consent: Withdraw any consent you have given at any time
6. Data Retention
We retain your account data for as long as your account is active or as needed to provide services.
Transaction records (including offers, orders, and payment records) are retained for 7 years to comply with UK financial regulations.
After account deletion, anonymised aggregate data may be retained for analytics purposes. All personally identifiable data is deleted within 30 days of an account deletion request.
8. Contact
If you have questions about this policy or wish to exercise your data rights, contact our privacy team: