Privacy Policy
This privacy policy explains how Slicker Recycling Ltd ("Slicker", "we", "us", "our") collects, uses, stores, and protects your personal data when you use the Slicker mobile application and related services.
Last updated: March 2025
1. Who we are
Slicker Recycling Ltd is the data controller responsible for your personal data.
- Company number: 08652156
- Registered address: Lombard House, Anchor Drive, Worcester Road, Stourport-On-Severn, Worcestershire, DY13 9BZ
- Data protection contact: privacy@slicker.com
2. What data we collect
We collect and process the following categories of personal data when you use the Slicker app:
Account information
- Name, email address, phone number, and job title
- Password (stored securely as a hash — we never store plain text passwords)
Company information
- Company name, type, SLX account number, and registered address
Collection data
- Collection addresses, product types, quantities, and scheduled dates
- Consignment notes and collection history
Payment information
- Payment method type (cash, card, cheque, account)
- Stripe transaction identifiers and pricing breakdowns
- We do not store full card numbers — card payments are processed securely by Stripe
Device and technical data
- Device type, operating system, and app version
- Firebase Cloud Messaging (FCM) push notification tokens
- OAuth tokens (for Google and Apple Sign In)
- Session tokens for authentication
Analytics data
- Anonymised, aggregated usage data to help us improve the app
- This data cannot be linked back to individual users
3. How we use your data
We use your personal data for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Creating and managing your account | Performance of a contract |
| Scheduling and managing waste oil and workshop waste collections | Performance of a contract |
| Processing payments and generating invoices | Performance of a contract |
| Sending push notifications about collection updates | Legitimate interest / Consent |
| Providing customer support | Legitimate interest |
| Improving our app and services through anonymised analytics | Legitimate interest |
| Complying with legal and financial record-keeping obligations | Legal obligation |
4. How we share your data
We do not sell your personal data. We may share your data with the following third parties only as necessary to provide our services:
- Stripe — for secure payment processing
- Google Firebase — for push notifications and authentication
- Apple — for Apple Sign In authentication
- GetAddress.io — for UK postcode address lookup
These providers process data on our behalf and are bound by data processing agreements. We may also disclose data where required by law or to protect our legal rights.
5. Data retention
We retain your data only for as long as necessary to provide our services or as required by law.
| Data Category | Retention Period |
|---|---|
| Account info (name, email, phone, job title) | Until account deletion, then deleted within 30 days |
| Company info (name, type, SLX account no., address) | Until account deletion, then deleted within 30 days |
| Collection data (addresses, products, schedules, consignment notes) | Until account deletion, then deleted within 30 days |
| Device & session tokens (FCM tokens, OAuth tokens, device info) | Deleted immediately upon logout or account deletion |
| Payment records (Stripe transaction IDs, pricing breakdowns) | 7 years after transaction — legal/financial obligation |
| Anonymised, aggregated analytics | Indefinitely — non-identifiable, cannot be linked to any user |
6. Data security
We take appropriate technical and organisational measures to protect your personal data, including:
- Encrypted storage of authentication tokens using platform-native secure storage (iOS Keychain / Android KeyStore)
- Secure HTTPS connections for all API communication
- Password hashing — we never store passwords in plain text
- Automatic session token refresh and expiry management
- Payment card data handled exclusively by Stripe (PCI DSS compliant) — we never see or store full card numbers
7. Your rights
Under UK data protection law (UK GDPR), you have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — request correction of inaccurate or incomplete data
- Right to erasure — request deletion of your personal data
- Right to restrict processing — request that we limit how we use your data
- Right to data portability — request your data in a machine-readable format
- Right to object — object to processing based on legitimate interest
- Right to withdraw consent — where processing is based on consent, withdraw it at any time
To exercise any of these rights, contact us at privacy@slicker.com. We will respond within 30 days.
To request account and data deletion, you can do so directly in the Slicker app via Settings → Account → Delete Account, or visit our account deletion page for full instructions.
8. Children's privacy
The Slicker app is designed for business use and is not intended for children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@slicker.com and we will delete it promptly.
9. Changes to this policy
We may update this privacy policy from time to time. When we make significant changes, we will notify you through the app or by email. The "Last updated" date at the top of this page indicates when the policy was last revised.
10. Contact us
If you have any questions about this privacy policy or how we handle your data, please get in touch.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been breached.