Last updated: May 2026
TradePay60 is a software platform operated as a sole trader business based in the UK. We provide expense tracking and workforce management tools to organisations ("clients") whose team members ("users") access the platform to submit and manage records.
For data protection purposes, your organisation is the data controller for your users' data. TradePay60 acts as the data processor on your organisation's behalf.
Contact for all data matters: fill in the form on our website at tradepay60.com.
From Organisation Administrators: We collect your name, email address, phone number, and login credentials. We also store business-level data including your organisation's name, physical address, logo, and team structure (staff and volunteer roles). To ensure security and system integrity, we maintain audit logs of administrative actions, device information, and IP addresses.
From Field Workers and Volunteers: We collect names, email addresses, and the specific records they submit — including expense amounts, descriptions, dates, and photographs of receipts.
Data is used solely to operate the platform — to allow users to submit records, allow administrators to review and approve them, and to generate reports and exports. We do not sell data. We do not share it with third parties except where required by law or to operate the service (see section 5).
Personal information collected via the app is initially hosted on our private web servers. Our servers are physically located in the United States and the European Union.
We host client data in the jurisdiction the client is physically located in. United Kingdom clients' data is hosted in the UK.
Active client data is held on our primary servers for a period of 3 to 6 months, after which it is transferred to third-party cloud infrastructure for the remainder of the client relationship.
After a client leaves the platform, their data is transferred to long-term secure cold storage and retained for seven years to meet financial record-keeping obligations, after which it is permanently deleted.
We do not retain personal data beyond what is necessary for these purposes.
Under UK GDPR and EU GDPR you have the right to: access your data, correct inaccuracies, request deletion, object to processing, and request a portable copy of your data.
Requests should be directed to your organisation administrator in the first instance, as they are the data controller. If you need to contact TradePay60 directly, use the form on our website at tradepay60.com. We will respond within 30 days.
We use HTTPS for all data in transit. Access to the platform requires authentication. Administrative functions require separate credentials. We apply reasonable technical and organisational measures to protect data against unauthorised access, loss, or disclosure.
We use only a session cookie to keep you logged in. We do not use advertising cookies, tracking cookies, or third-party analytics.
We will notify active clients of any material changes to this policy before they take effect.
If you have a question about this policy or want to make a data request, send us a message below. We will respond within 30 days.