Legal
Last updated: 16 May 2026
Daro Home Ltd ("Daro") is the data controller. Company number SC889546. Registered office: 1C Simpson Parkway, Kirkton Campus, Livingston Village, Livingston, EH54 7BH. Data protection enquiries: support@getdaro.co.uk.
We are registered with the Information Commissioner's Office (ICO) under reference ZC149537.
When you sign up: name, email, phone number (optional), service address, bin-location instructions, marketing consent and doorstep-access flags. Bank account details are submitted directly to GoCardless and are not stored by Daro.
When you join the waitlist: email and postcode sector.
When we service you: two photos per visit (kerbside and post-return), time-stamps, route data, operative ID, service exceptions.
When you log into your dashboard (once available): authentication tokens, login timestamps, IP address of the session.
When you contact us: the content of your emails or messages, and any attachments.
Automatic, from the website: a session cookie to keep the signup flow working. We do not currently use analytics or advertising cookies. See our Cookie Policy.
| Purpose | Legal basis |
|---|---|
| Provide and bill the service | Performance of the contract with you |
| Take payment via Direct Debit / card | Performance of the contract |
| Send service notifications (reminders, missed-bin notices, receipts) | Performance of the contract |
| Operate your customer dashboard | Performance of the contract |
| Send marketing emails | Your consent, given at sign-up; withdraw any time |
| Prove service was delivered and resolve disputes | Legitimate interest |
| Train operatives and improve routes | Legitimate interest |
| Comply with tax, accounting, legal obligations | Legal obligation |
The two photos per visit are taken from public-facing positions: at the kerb and at your bin storage location. They will incidentally include the front of your property. We retain them for 12 months then delete them automatically. We do not use them for advertising or social media without separate written consent. Logged-in customers can view their own photos in the dashboard; no other customer can.
When you log into your dashboard you will see only your own account data: your subscription, your collections, your photos, your invoices. We enforce this with database-level row access controls. Daro staff with operational need (e.g. dispatch, support) can see your account when investigating a service issue; this access is logged. Photos in your dashboard are served over signed, expiring URLs.
We use the following processors, all bound by data-processing agreements:
We do not sell your data. We do not share it for advertising. We may share data with law enforcement, regulators, or HMRC where legally required.
Most processors store data in the UK or EU. Where data is transferred outside the UK (some Stripe and Twilio infrastructure), the transfer is covered by the UK International Data Transfer Agreement or equivalent safeguards.
| Type | Retention |
|---|---|
| Customer record (name, address, contact) | Lifetime of subscription + 7 years (HMRC) |
| Bank mandate / payment records | 7 years (HMRC) |
| Service photos | 12 months from date of visit |
| Marketing consent record | Until withdrawn + 1 year |
| Website session cookies | End of session |
| Waitlist sign-ups | Until you ask us to delete or 24 months of inactivity |
| Dashboard login logs | 12 months |
Under UK GDPR you have the right to access, correct, erase, restrict, object to processing, withdraw consent, port data you provided, and complain to the ICO (ico.org.uk, 0303 123 1113). To exercise any right, email support@getdaro.co.uk with "Data Request" in the subject line — we respond within one month.
We may update this policy. The "last updated" date will change. Material changes will be notified by email.