Privacy Policy

1. Who We Are

BoundaryFinder is operated by ROCK MSP Limited. This privacy policy explains how we collect, use, and protect your personal data when you use our website and services.

2. Data We Collect

We collect minimal data. BoundaryFinder uses guest checkout — there are no user accounts, no passwords, and no profiles.

When you purchase a report:

• Email address — collected by Stripe during checkout, used to deliver your report
• Property address searched — the address you searched for, stored with your purchase
• Payment information — processed entirely by Stripe; we never see or store your card details

When you visit our website:

• Analytics data — anonymised usage data via Google Analytics (if you consent to cookies)
• Server logs — IP address and request data, retained for 30 days for security

3. How We Use Your Data

• To generate and deliver your boundary report
• To send your report download link by email
• To process your payment via Stripe
• To monitor and improve our service

We do not use your data for marketing, sell it to third parties, or share it with anyone except Stripe (payment processing) and MailerSend (email delivery).

4. Lawful Basis

• Contract — processing your purchase and delivering the report
• Legitimate interest — website security, analytics, and service improvement

5. Data Retention

• Purchase records (email, address, amount): retained for 2 years for accounting
• Generated PDF reports: retained for 120 days, then deleted
• Server logs: retained for 30 days

6. Your Rights

Under UK GDPR, you have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request deletion of your data (right to erasure)
• Object to processing of your data

To exercise any of these rights, email privacy@boundaryfinder.co.uk.

7. Cookies

We use essential cookies for site functionality and optional analytics cookies (Google Analytics) with your consent. You can manage cookie preferences at any time.

8. Third-Party Services

• Stripe — payment processing (stripe.com/gb/privacy)
• MailerSend — email delivery (mailersend.com/legal/privacy-policy)
• Google Analytics — anonymised website analytics (policies.google.com/privacy)

Data is shared with these services only as necessary to fulfil their stated purpose (processing payments, delivering emails, measuring site usage). Transmission to all third parties is via encrypted HTTPS/TLS connections and authenticated API keys.

9. Security

We take appropriate technical and organisational measures to protect your personal data:

• All data transmitted between your browser and our servers is encrypted using HTTPS (TLS 1.2+)
• Payment card details are processed entirely by Stripe, which is PCI DSS Level 1 certified — we never see, handle, or store your card information
• Our servers are hosted in the UK/EU with encrypted storage and firewall protection
• Access to purchase records and customer data is restricted to authorised personnel only
• Server access is secured with SSH key authentication and fail2ban intrusion prevention

10. Contact

For privacy enquiries: privacy@boundaryfinder.co.uk