Privacy Policy

Last Updated: January 2026

1. Introduction

Chair Exchange ("we", "our", "us") is committed to protecting your privacy. This policy explains how we collect, use, and protect your personal data in compliance with UK GDPR.

2. Data Controller

Chair Exchange is the data controller responsible for your personal data. For privacy queries, contact us via our Contact Page.

3. Information We Collect

Account Information:

• Name
• Email address
• Password (encrypted)
• Account type (workspace provider or retailer)

Listing Information:

• Business/shop name
• Location (postcode)
• Contact details (phone/email)
• Listing description
• Images you upload
• Pricing information

Technical Information:

• IP address
• Browser type and version
• Device information
• Session data

4. How We Use Your Data

We use your personal data to:

• Create and manage your account
• Display your listings on the platform
• Process payments for featured listings
• Communicate with you about your account
• Improve our services
• Comply with legal obligations
• Prevent fraud and abuse

5. Legal Basis for Processing

We process your data based on:

• Contract: To provide our services to you
• Legitimate Interest: To improve and secure our platform
• Consent: For marketing communications (if opted in)
• Legal Obligation: To comply with UK laws

6. Data Sharing

We share your data with:

• Other Users: Your listing information is publicly visible
• AWS: Our hosting and database provider
• Stripe: Payment processing for featured listings
• Cognito: Authentication services

We do not sell your personal data to third parties.

7. Data Retention

• Active listings: Retained until expiry or deletion
• Expired listings: Retained for 3 months, then deleted
• Account data: Retained while account is active
• Images: Deleted 3 months after listing expiry
• Payment records: Retained for 7 years (legal requirement)

8. Your Rights (UK GDPR)

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data
• Restriction: Limit how we use your data
• Portability: Receive your data in a portable format
• Object: Object to processing of your data
• Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us via our Contact Page.

9. Cookies

We use cookies for:

• Authentication (essential)
• Session management (essential)
• User preferences (functional)

You can control cookies through your browser settings. Disabling essential cookies may affect functionality.

10. Data Security

We protect your data using:

• Encrypted connections (HTTPS)
• Secure authentication (AWS Cognito)
• Encrypted password storage
• Regular security updates
• Access controls and monitoring

11. International Transfers

Your data is stored on AWS servers in the EU (London region). We do not transfer data outside the UK/EU.

12. Children's Privacy

Our service is not intended for users under 18. We do not knowingly collect data from children.

13. Changes to This Policy

We may update this policy periodically. We will notify you of significant changes via email or platform notification.

14. Complaints

If you have concerns about how we handle your data, you can:

• Contact us via our Contact Page
• Lodge a complaint with the ICO (Information Commissioner's Office): ico.org.uk

15. Contact Us

For privacy-related questions: Contact Page