MEES Band C deadline confirmed for October 2030 — non-compliance fines up to £30,000 per property
EPCFix
Check Your EPC

Privacy Policy

Last updated: 17 February 2026

In brief: We collect the minimum data needed to generate your EPC report and process your payment. We don't sell your data. We don't send marketing emails unless you opt in. You can request deletion of your data at any time.

1. Data Controller

Anthony Johnson, trading as EPCFix (England).
Email: privacy@epcfix.co.uk

2. What We Collect

Property data: Postcode, address, EPC rating, property type, improvement recommendations — collected when you search or generate a report.

Payment data: Name, email address, billing details — collected when you purchase a report (processed by Stripe; we do not see or store your full card number).

Usage data: Pages visited, browser type, device type, IP address — collected automatically (subject to cookie consent).

Communication data: Email address, message content — collected when you contact us or subscribe to our newsletter.

We obtain EPC data from the publicly available Energy Performance of Buildings Register. This data is publicly accessible and is not collected directly from you.

3. Lawful Basis for Processing

Contract performance (Art. 6(1)(b)): Generating your report and processing payment.

Consent (Art. 6(1)(a)): Analytics cookies and marketing emails — only with your explicit opt-in.

Legal obligation (Art. 6(1)(c)): Retaining financial records for HMRC.

Legitimate interests (Art. 6(1)(f)): Fraud prevention, security monitoring, and dispute resolution.

4. How We Use Your Data

We use your data to generate and deliver your report, process payment, provide customer support, improve our cost models (using anonymised data), comply with legal obligations, and send newsletters if you opt in. We never sell, rent, or trade your personal data.

5. Who We Share Data With

Stripe — payment processing (privacy policy). Vercel — website hosting (privacy policy). Google Analytics — usage analysis, with your consent (privacy policy). Gov.uk EPC Register — EPC data retrieval.

We may share data with law enforcement if required by law.

6. International Transfers

Some providers process data outside the UK. Transfers are protected by Standard Contractual Clauses (SCCs) and relevant adequacy frameworks.

7. How Long We Keep Data

Purchase records: 6 years (HMRC). Generated reports: 2 years. Unpurchased lookups: 30 days. Analytics: 14 months. Newsletter: until you unsubscribe. Support correspondence: 2 years.

8. Cookies

We use essential cookies for the site to function and analytics cookies (with your consent) to understand usage. See our Cookie Policy for full details.

9. Your Rights

Under UK GDPR, you have the right to access, rectify, erase, restrict, port your data, object to processing, and withdraw consent at any time. Email privacy@epcfix.co.uk to exercise any right. We will respond within 30 days.

10. Children

Our service is not directed at anyone under 18. If you believe we have collected data from a child, please contact us.

11. Complaints

You have the right to complain to the Information Commissioner's Office (ICO): 0303 123 1113 or ico.org.uk/make-a-complaint. We would appreciate the opportunity to resolve concerns first.

12. Contact

Anthony Johnson, trading as EPCFix · Email: privacy@epcfix.co.uk