WTN Digital Back to site
Legal

Privacy Policy

Last updated: 3 May 2026

This policy explains what personal data Lee Bliss t/a WTNDigital.com (“we”, “us”, “our”) collects when you use WTNDigital.com and how we handle it in accordance with the UK GDPR and Data Protection Act 2018.

1. Who we are

Lee Bliss t/a WTNDigital.com, operating as a sole trader in the United Kingdom, trading as WTNDigital.com. Registered business address: 3 Pulla Hill Drive, Storrington, West Sussex, RH20 3LS, United Kingdom. We are the data controller of personal data collected through our marketing site, signup flow, and billing system. When you create a haulier account, we act as data processor on your behalf for the waste-transfer records, signatures and customer contact details you upload — those are governed by our Data Processing Agreement.

2. What we collect

From visitors to the marketing site

  • IP address & coarse location (country/region) via Google Analytics
  • Device + browser type, referrer, page URLs visited
  • Cookie consent preferences

From haulier account holders

  • Admin name, email, password (hashed with bcrypt)
  • Company name, registered address, phone, email, website, carrier number
  • DEFRA Digital Waste Tracking API code & key (stored encrypted at rest)
  • Billing details via Stripe (we never see your card number)

From drivers using the app

  • Driver name & email
  • Device GPS coordinates captured at the moment a WTN is signed off
  • Digital signatures (driver and site operator) stored as base64 PNGs
  • Live location during shift hours (only if the driver has tapped I agree on the consent screen) — periodic latitude / longitude pings (every 2–10 minutes depending on movement), accuracy radius, optional speed and heading. Collected onlybetween the driver's Clock-In and Clock-Out. Stops immediately on Clock-Out, logout, or revocation of consent. Drivers can decline tracking entirely and continue using every other feature.
  • Team-chat messages the driver sends or receives, including optional photo attachments and any Job / WTN links attached for context.
  • Push notification endpoint if the driver chooses to install the app to their home screen and grant notification permission — used solely to deliver in-app messages.

From end-customers (waste producers) using the customer portal

  • Name, email, password (bcrypt)
  • Matching is done by email — you only see WTNs addressed to you

3. Why we process it (lawful basis)

  • Contract (Art. 6(1)(b)) — delivering the SaaS you signed up for (creating WTNs, generating PDFs, processing payments).
  • Legal obligation (Art. 6(1)(c)) — UK Waste (England & Wales) Regulations 2011 require Waste Transfer Notes to be retained for at least 2 years; hazardous-waste records for 3 years.
  • Legitimate interest (Art. 6(1)(f)) — product analytics, abuse prevention, and sending you service-critical emails. You can object at any time.
  • Consent (Art. 6(1)(a)) — non-essential cookies and marketing emails. You give this on first visit via the cookie banner and can withdraw it anytime.

4. How long we keep it

  • Waste Transfer Notes, signatures, GPS, audit trails: minimum 2 years from date of transfer (3 years for hazardous waste) — required by UK law. Voided notes are soft-deleted and also retained for 2 years.
  • Driver live-location breadcrumbs: 30 days, then automatically purged. The single "last known location" on an active shift is overwritten with every fresh ping and is deleted along with the breadcrumb trail.
  • Team-chat messages: per-tenant retention setting — 30 days, 90 days, or forever — chosen by the haulier admin. Default 90 days. Older messages are deleted automatically overnight.
  • Account & billing records: 7 years after the account is closed (HMRC).
  • Marketing-site analytics: 14 months (GA4 default), then auto-purged.
  • Support emails: 24 months.

4a. Driver live-location tracking — what, why, your choice

We collect a driver's live location only while they are clocked in for a shift, and only after they've tapped "I agree" on the consent screen we show on first login. This is a separate, explicit consent from the operational sign-on-glass GPS that's captured once per WTN.

  • Why: dispatching the closest driver to the next job, driver safety (knowing where the lorry is if something goes wrong), and supporting Duty-of-Care evidence for waste loads in transit.
  • Lawful basis: consent (Art. 6(1)(a)) — driver may decline, and may withdraw consent at any time from their profile or by emailing their haulier admin. Hauliers may have additional legitimate-interest basis under their own employment contract; please consult that contract for the full picture.
  • Who sees it: only authorised admins inside the driver's own haulier company. We never share location data with customers, third parties, advertisers, or other tenants.
  • Stops automatically when: the driver taps Clock-Out, signs out, deletes the app, or has been silent for 12 hours (we auto-end any forgotten shift).

4b. Offline data cache on driver devices

To support drivers working in signal blackspots (quarries, remote sites), the app caches a slim copy of their own tenant'soperational data — pending jobs, customers, vehicles, tip sites and EWC / SIC code lookups — locally in the device's IndexedDB. Notes the driver signs while offline are also stored locally with an idempotent UUID until the phone reconnects and the note syncs.

On logout, the entire offline cache is wiped from the device so a shared phone or a driver returning to personal use does not retain tenant data. We do not extract or transmit this local cache; it never leaves the driver's phone except as the note submission itself (TLS).

5. Who we share it with

  • Stripe — payment processing (Ireland / US, SCC-backed).
  • Resend — transactional email delivery (US, SCC-backed).
  • Google Analytics 4 — anonymised traffic stats; IP anonymised on ingest.
  • DEFRA Digital Waste Tracking — only the waste-movement data the law requires us to submit.
  • MongoDB Atlas — our database provider (eu-west-1).
  • OpenStreetMap / Nominatim — map tiles for the admin live-driver view and one-shot postcode lookups for tip sites and jobs. No personal data is sent — only the address string being geocoded.
  • Browser push services (Google FCM, Apple APNs, Mozilla autopush) — when a driver has installed the app to their home screen and opted into notifications, these vendors deliver the encrypted push payload to their device. They only see the routing endpoint, not the message body.

We never sell your data. We never share driver GPS, live location breadcrumbs, signatures, or chat messages with third parties outside the processors listed above.

6. International transfers

Where a processor is outside the UK/EEA, transfers are protected by Standard Contractual Clauses (UK SCCs or EU SCCs + UK Addendum) as appropriate.

7. Your rights

Under UK GDPR you can ask us to:

  • Access the personal data we hold about you
  • Rectify anything that’s inaccurate
  • Erase it (subject to the 2-year WTN retention obligation above)
  • Restrict or object to processing
  • Port your data to another provider
  • Withdraw consent at any time

Email support@wtndigital.com. We respond within 30 days. If you’re unhappy with our response you can complain to the UK ICO at ico.org.uk.

8. Security

  • TLS 1.2+ everywhere (HTTPS)
  • Passwords hashed with bcrypt (cost 12)
  • JWT auth with 12-hour expiry, httpOnly cookies + Bearer header
  • Strict per-tenant data isolation at the database layer
  • Stripe webhook signatures verified on every payment event
  • Encrypted backups, restricted admin access, audit logs

9. Cookies

See our Cookie Policy for the full list and how to opt out.

10. Changes

We’ll post any material changes to this policy on this page and, where appropriate, notify you by email. Continued use after a change indicates acceptance.