1. Who We Are
StandTool is operated by StandTool ("we", "us", "our"). We are the data controller for the personal data you provide when using this Service. For any privacy-related queries, contact us at info@standtool.co.uk.
2. What Data We Collect
When you register an account, we collect: your name, email address, password (hashed — never stored in plain text), phone number, company name, and location (town, county, postcode). When you register a tool, we collect: make, model, serial number, tool status, photos of the tool and serial number, proof of purchase, and warranty documents. We also collect technical data such as your IP address (used only for rate-limiting public searches) and usage information.
3. How We Use Your Data
We use your data to: operate the StandTool platform and maintain your tool registry; allow the public to search serial numbers and verify tool status; send you notifications when your tool is searched or when someone reports finding it; send location-based alerts when a stolen tool is searched near you (if you have enabled this); communicate with you about your account; and comply with legal obligations.
4. Legal Basis for Processing
We process your personal data on the following legal bases under UK GDPR: Contract — to provide the Service you have registered for; Legitimate Interests — to prevent tool theft and assist with recovery, and to maintain platform security; Consent — for location-based alerts, which you can withdraw at any time in your account settings; Legal Obligation — where we are required to process data by law.
5. What Is Publicly Visible
When a tool is searched by serial number, the following information is displayed publicly: make, model, serial number, and status (e.g. STOLEN, IN USE). No personal information — including your name, address, or contact details — is ever displayed in public search results. Photos are stored securely and linked to tool records, but are only displayed in tool result pages.
6. Data Sharing
We do not sell your personal data. We share data only with: Supabase (our database and authentication provider, hosted in the EU); Resend (our email notification provider); and law enforcement agencies if required by law or court order. We do not share your data with third parties for marketing purposes.
7. Data Retention
We retain your account data and tool records for as long as your account is active. If you delete your account, your personal data and tool records will be deleted within 30 days. Anonymised, aggregated statistics (e.g. total tools registered) may be retained indefinitely.
8. Your Rights
Under UK GDPR, you have the right to: access the personal data we hold about you; correct inaccurate data; request deletion of your data ("right to be forgotten"); restrict or object to processing; data portability; and withdraw consent at any time. To exercise any of these rights, contact us at info@standtool.co.uk. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
9. Location Data
If you enable location-based alerts, we store your approximate location (GPS coordinates) to notify you when a stolen tool is searched near you. This data is never shared publicly. You can update or remove your location at any time in your account settings, and you can disable location alerts without deleting your account.
10. Photos and Documents
Photos you upload (tool photos, serial number photos, proof of purchase, warranty documents) are stored securely in Supabase Storage. Tool photos and serial number photos may be displayed on tool result pages. Proof of purchase and warranty documents are stored privately and are accessible only to you. We do not share these documents with third parties.
11. Cookies
We use only essential cookies required for authentication and session management. We do not use advertising, analytics, or tracking cookies. No third-party cookies are used.
12. Security
We take the security of your data seriously. All data is transmitted over HTTPS. Passwords are hashed using industry-standard methods. Access to personal data is restricted to authorised personnel only. However, no system is completely secure and we cannot guarantee absolute security.
13. Children
The Service is not directed at children under the age of 18. We do not knowingly collect personal data from children. If you believe a child has registered, please contact us and we will delete the account.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. Continued use of the Service after changes are posted constitutes acceptance of the updated Policy.
15. Contact Us
For any privacy-related questions or to exercise your rights, contact: StandTool. Email: info@standtool.co.uk. You can also contact the ICO at ico.org.uk or by calling 0303 123 1113.
Questions about how we handle your data?
Contact Us