Launderly

GDPR / UK Data Protection

Lawful basis

Customer data is processed under contract (to deliver the booked cleaning service) and, where marketing consent is given, under consent. Marketing consent is captured per-channel and revocable from any email's footer or the customer portal.

Subject rights

  • Right of access — your customer data is exportable via Settings → GDPR → Export. Returns JSON with orders, payments, notifications, and profile.
  • Right of erasure — Settings → GDPR → Erase. Cascades through orders, memberships, notification preferences, and payments.
  • Right of rectification — edit any profile field directly.
  • Right to data portability — same as access; the export is JSON-structured.

Cross-border transfers

We use UK-Hosted infrastructure by default. Transfers to US sub-processors (Stripe, SendGrid) ride on Standard Contractual Clauses; see sub-processors.

Retention

  • Active customer data: lifetime of the account.
  • Closed accounts: 90 days, then anonymised.
  • Audit logs: 1 year (HIPAA mode: 6 years).