CertifiedEVInstaller logo

Privacy Policy

Last updated: 25 February 2026

1. Who we are

CertifiedEVInstaller (“we”, “our”, “us”) operates the website at certifiedevinstaller.com — an online directory connecting homeowners and businesses with certified EV charger installers. We are the data controller for personal data processed through this website.

For privacy-related questions contact us at privacy@certifiedevinstaller.com.

2. Data we collect

Customers (visitors)

  • No account or registration is required to browse the directory
  • Anonymous usage analytics (page views, referral source) via Umami — cookieless, no personal data collected
  • If you submit a contact form: your name, email address, and message

EV installers (claimed profiles)

  • Professional details: full name, credentials, specialty, company name and address
  • EVITP number (US installers) — sourced from the public EVITP registry
  • Email address used to verify identity and manage your listing
  • Profile photo (if uploaded voluntarily)
  • Bio, services offered, charger brands supported, and languages spoken
  • Billing information — processed directly by Stripe; we do not store card details
  • Subscription plan and status

3. How we use your data

  • To display and maintain your installer listing in our public directory
  • To verify your identity when you claim or access your profile management portal
  • To process and manage subscription payments via Stripe
  • To send transactional emails: verification codes, payment receipts, and account notices
  • To contact unclaimed installers about our service (outreach) — you may opt out at any time via the unsubscribe link in any email
  • To improve platform functionality and diagnose technical issues

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Third-party services

We use the following third-party processors:

  • Supabase — database hosting and file storage. Data is stored on AWS infrastructure in the EU (eu-west-1).
  • Stripe — payment processing and subscription management. Stripe is PCI-DSS compliant. View their privacy policy.
  • Resend — transactional email delivery.
  • Cloudflare Turnstile — bot protection on claim and verification forms. Privacy-friendly; no tracking cookies set.
  • Umami — privacy-first analytics. No cookies, no personal data, no cross-site tracking. Self-hosted.
  • Automated data tools — used internally to source publicly available contact information from installer websites for outreach purposes.

5. Cookies

We use a single strictly necessary cookie: ev_session — an httpOnly session token that keeps you logged in to the installer management portal. It expires after 24 hours and contains no personal data.

We do not use advertising cookies, third-party trackers, or marketing pixels. Our analytics (Umami) is cookieless and collects no personally identifiable information.

6. Data retention

  • Installer profile data is retained while your listing is active
  • On account deletion, profile data is removed within 30 days
  • Verification codes expire after 15 minutes and are deleted after use
  • Session tokens expire after 24 hours
  • Billing records are retained for 7 years as required by financial regulations
  • Outreach email suppression records (unsubscribes) are kept indefinitely to honour your opt-out

7. Your rights (UK & EU — GDPR)

If you are in the UK or European Union, you have the following rights:

  • Access — request a copy of personal data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your data (“right to be forgotten”)
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interest, including outreach emails
  • Restriction — request we limit processing of your data in certain circumstances

Submit requests to privacy@certifiedevinstaller.com. We will respond within 30 days. You also have the right to lodge a complaint with the ICO (UK) or your local supervisory authority.

8. Security

All data is transmitted over HTTPS/TLS. Provider data is stored with row-level security policies enforced at the database level. Payment data is handled exclusively by Stripe and never stored on our servers. Access to production infrastructure is restricted to authorised personnel only.

9. Changes to this policy

We may update this policy periodically. Material changes will be notified to active subscribers via email at least 14 days before taking effect. The “last updated” date at the top of this page reflects the most recent revision. Continued use of the platform after changes constitutes acceptance of the revised policy.