Onmain
Menu
HomeMainSearch AIContactAbout us
Onmain · London

Privacy Policy

Last updated: 20 April 2026

Quick summary
  • We primarily use personal data to respond to enquiries and deliver IT services, repairs, and quotes.
  • If you submit a form, call, email, or message us, we will process the details you provide.
  • MainSearch AI lists UK registered businesses using publicly available information from Companies House, Google Maps, and business websites to connect customers with local service providers.
  • Our website/hosting may log basic technical data for security and reliability.
  • We do not sell personal data. We may share it with service providers who help us run the website and communications, and with independent businesses when you send them an enquiry.
  • You can request access, correction, deletion, or object to certain processing.
  • Onmain Limited is registered with the UK Information Commissioner's Office (ICO) under reference ZC127665.

1. Who we are

ONMAIN LIMITED (“we”, “us”, “our”) is the data controller responsible for personal data processed through this website and related enquiry channels (the “Services”).

  • Legal entity: ONMAIN LIMITED (registered in England & Wales)
  • Company number: 14844512
  • ICO registration number: ZC127665
  • Trading names: Onmain Systems, MainSearch AI
  • General enquiries: support@onmain.co.uk
  • Privacy enquiries: privacy@onmain.co.uk
  • Location: London, United Kingdom

MainSearch AI (ai.onmain.co.uk) is a platform operated by ONMAIN LIMITED that connects customers with independent local repair and service businesses using artificial intelligence.

We have determined that we are not required to appoint a statutory Data Protection Officer (DPO) under UK GDPR. If you have data protection questions, please contact us at privacy@onmain.co.uk.

2. Scope

This policy applies when you:

  • browse this website;
  • contact us (forms, email, phone, messaging);
  • request a quote, repair, IT maintenance, or related support;
  • use any estimator, chat, or AI-assisted features on this site;
  • use MainSearch AI to find or contact local service businesses;
  • are a business listed on MainSearch AI, whether you have created an account or your business appears as an unclaimed listing based on publicly available information.

3. Personal data we collect

3.1 Information you provide
  • Contact details: name, email address, phone number.
  • Enquiry/service details: device type, brand/model, symptoms, issue description, preferred appointment times, and any information you choose to share.
  • Communications: messages you send us and our replies (including call notes where relevant).
  • Account information: where you create a MainSearch AI account (as a customer or business), we collect the registration details you provide, including email address, password (stored securely as a hash), business name, and postcode.
  • Photos and attachments: where you upload images of a device or issue through MainSearch AI, we process those files to include them in your enquiry.
  • Payment information: where you subscribe to a paid MainSearch AI tier, payment card details are handled by our payment processor (Stripe) ; we do not store full card details on our systems.
3.2 Information collected automatically

Our hosting/infrastructure and analytics tools may automatically collect basic technical data for security, reliability, and product improvement, such as IP address, device/browser type, requested pages, timestamps, error logs, and click/interaction data.

If you do not contact us, this type of technical data may be the only data processed when you browse the site.

3.3 Publicly available business information

MainSearch AI lists UK businesses to help customers find local service providers. For businesses that have not created an account on the platform (“unclaimed listings”), we collect and display business information from the following publicly available sources:

  • Companies House (public statutory register): company name, registration number, registered office address, company status, SIC codes.
  • Google Maps: trading name, trading address, phone number, website URL, aggregate Google review rating and review count.
  • Business websites: services offered, contact details, opening hours.
  • Trustpilot (where publicly available): aggregate review rating and review count.

This data predominantly relates to UK limited companies (legal entities). We recognise that some business contact information (such as a business email address that identifies an individual, e.g. john.smith@example.co.uk) may qualify as personal data under UK GDPR. In such cases, we rely on legitimate interests as our lawful basis and respect the right of individuals to object (see section 10).

We do not list sole traders or unincorporated businesses where this would amount to processing an individual's personal data without a clear lawful basis.

3.4 Special category (sensitive) data

We do not intentionally collect special category data (for example: health information, ethnicity, religious or political beliefs). Please avoid sharing sensitive information in free-text fields unless it is strictly necessary.

4. Cookies and similar technologies

Cookies are small files stored on your device. Some cookies are essential for the website to function. Others (like analytics/marketing cookies) are optional.

  • Strictly necessary cookies: used to make the site work, keep it secure, and maintain your login/session.
  • Analytics cookies: we use analytics tools (such as Microsoft Clarity) to understand how visitors interact with the site, identify technical issues, and improve the user experience. These tools may record aggregated interaction data, including mouse movements, clicks, scrolls, and page views.
  • Authentication cookies: used to keep you logged in across sessions.

Where consent is required under UK law, we will ask for your consent before setting non-essential cookies. You can also control cookies through your browser settings (blocking or deleting cookies may impact site functionality).

5. How we use your data and lawful bases

We process personal data only where permitted under UK data protection law. Depending on the context, our lawful bases may include: legitimate interests, steps prior to entering a contract, performance of a contract, legal obligations, and consent (where applicable).

5.1 Responding to enquiries and providing quotes
  • Purpose: reply, troubleshoot, quote, and arrange next steps.
  • Lawful basis: legitimate interests and/or steps prior to contract.
5.2 Delivering services
  • Purpose: bookings, repairs/maintenance, updates, completion and aftercare.
  • Lawful basis: performance of a contract.
5.3 Operating, securing, and improving the site
  • Purpose: security monitoring, preventing abuse, diagnostics, reliability, and product improvement.
  • Lawful basis: legitimate interests and/or legal obligations.
5.4 Estimator / AI-assisted features
  • Purpose: understand your enquiry, provide a guidance estimate, and route your case to a human technician or matched business where needed.
  • Lawful basis: legitimate interests and/or steps prior to contract.
  • Important: estimates are guidance only; final pricing may require inspection/diagnosis by the business.
5.5 MainSearch AI: connecting customers with businesses
  • Purpose: match customers with relevant local service businesses based on their enquiry, location, and the services the business offers. For businesses with an account, the AI may generate instant quote estimates using pricing the business has provided. For unclaimed listings, customer enquiry details are forwarded to the business so they can respond directly.
  • Lawful basis: legitimate interests (for both customers seeking services and businesses receiving leads) and/or steps prior to contract.
5.6 MainSearch AI: listing businesses using publicly available data
  • Purpose: list UK registered businesses on MainSearch AI so that customers can discover and contact local service providers, even where the business has not yet created an account on the platform.
  • Lawful basis: legitimate interests (Article 6(1)(f) UK GDPR). We have conducted a Legitimate Interest Assessment and concluded that this processing is necessary and proportionate, and that the interests of the listed businesses do not override our legitimate interests or those of our customers. A copy of this assessment is available on request.
  • Data sources: Companies House, Google Maps, business websites, and Trustpilot (see section 3.3).
5.7 MainSearch AI: forwarding customer enquiries to businesses
  • Purpose: when a customer uses MainSearch AI and is matched with a business (including unclaimed listings), we forward the customer's enquiry details (issue description, device information, photos if provided, and postcode) to the business via email so they can respond with a quote.
  • Lawful basis: legitimate interests. The email contains a genuine customer enquiry only and does not contain marketing material or promotional content for MainSearch AI.
  • First contact transparency: the first email to an unclaimed business includes a notice explaining who we are, what data we hold, its source, and how the business can request removal of their listing.
5.8 Automated decision-making and profiling

MainSearch AI uses automated systems to match customer enquiries with relevant businesses based on factors such as postcode, service type, and business profile. This is not solely automated decision-making with legal or similarly significant effects on you under Article 22 UK GDPR; the platform simply presents options for you to choose from, and you remain in control of whether to engage any business. Final decisions about engaging services remain with you.

AI chat conversations may be reviewed by us or processed by third-party AI providers to generate responses, improve service quality, and identify technical issues. We do not currently use your conversations to train third-party foundation models.

5.9 Marketing

If we send marketing communications, we will do so only where permitted by law (for example, to existing customers under the “soft opt-in” rule, or with your consent). You can opt out at any time by contacting us or using an unsubscribe option in our emails.

6. Who we share personal data with

We may share personal data with trusted service providers (“processors”) who help us run the Services. We do not sell personal data.

Infrastructure and operational providers:
  • Hosting: Vercel Inc. (website hosting, edge delivery, basic logs)
  • Email delivery: IONOS (business email) and transactional email providers
  • Domain and DNS: IONOS
  • Payment processing: Stripe (for paid MainSearch AI subscriptions)
  • Authentication: Google (where you sign in with Google OAuth)
  • AI processing: third-party AI providers (such as OpenAI or Anthropic) may process your MainSearch AI chat messages to generate responses. These providers act as sub-processors under data protection agreements.
  • Analytics: Microsoft Clarity and similar tools for site analytics and session insights
  • Customer support tools: email and messaging platforms used to handle enquiries
Other recipients:
  • Professional advisers: legal, accounting, and tax advisers where necessary.
  • Technicians/contractors: involved in your service request (only what's needed to complete the job).
  • Independent businesses listed on MainSearch AI: when a customer submits an enquiry through MainSearch AI, the enquiry details (issue description, device type, photos, and postcode) are shared with the matched business so they can provide a quote or respond. Customer email addresses and phone numbers are shared where necessary for the business to contact the customer about the enquiry.

When a business receives your enquiry details, they act as an independent data controller for how they subsequently use that information. We recommend reviewing each business's own privacy policy if you engage their services.

Where a provider processes data on our behalf, they are contractually required to keep it secure and follow our instructions.

7. International transfers

Some service providers may process data outside the UK. Where this happens, we use appropriate safeguards to protect personal data, including:

  • UK adequacy regulations (for transfers to the European Economic Area and other adequate jurisdictions);
  • UK International Data Transfer Agreement (IDTA) or the EU Standard Contractual Clauses with the UK Addendum (for transfers to other jurisdictions);
  • Supplementary measures such as encryption and access controls where appropriate.

Notable providers outside the UK may include Vercel (United States), Stripe (United States), Google (United States), OpenAI (United States), Anthropic (United States), and Microsoft (United States/European Union). All of these operate under UK GDPR-compliant transfer mechanisms.

You can request details of our transfer safeguards by contacting privacy@onmain.co.uk.

8. Data retention

We keep personal data only for as long as necessary for the purposes described in this policy, including legal, accounting, and dispute resolution requirements.

Data typeRetention period
General enquiriesUp to 24 months
Service/repair recordsUp to 6 years (for warranty and legal record-keeping)
Security/technical logsUp to 12 months
Marketing preferencesUntil you opt out/unsubscribe
MainSearch AI customer accounts and chat historyDuration of the account plus up to 24 months after deletion
MainSearch AI business accountsDuration of the account plus up to 24 months after closure
Unclaimed business listingsUntil the business requests removal, or until the listing is no longer relevant (reviewed periodically)
Forwarded enquiry recordsUp to 24 months
Payment transaction recordsUp to 6 years (for accounting and tax compliance)

Retention may vary depending on the service, legal requirements, or ongoing disputes. Where retention periods have expired, data is securely deleted or anonymised.

9. Security

We use reasonable technical and organisational measures to protect personal data, including:

  • encrypted data transmission (HTTPS/TLS);
  • password hashing (we do not store plain-text passwords);
  • access controls and role-based permissions;
  • secure hosting infrastructure;
  • regular security monitoring and patching.

No transmission or storage method is 100% secure, but we work to minimise risk.

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours where required, and notify affected individuals without undue delay where the breach poses a high risk.

10. Rights for businesses listed on MainSearch AI

If your business appears on MainSearch AI as an unclaimed listing, you have the following options:

  • Claim your listing: create a free account on MainSearch AI to take control of your business profile, manage your pricing, and access the full platform features. Visit ai.onmain.co.uk or use the “Claim this business” link on your listing.
  • Request removal: request that your business be removed from MainSearch AI at any time. Use the “Request removal” link on your listing, or contact us at privacy@onmain.co.uk. We will process valid removal requests within 72 hours.
  • Access the data we hold: request a copy of the information we hold about your business by contacting privacy@onmain.co.uk.
  • Object to processing: you have the right to object to the processing of your business data under Article 21 UK GDPR. Contact us at privacy@onmain.co.uk.
  • Correct inaccurate information: email privacy@onmain.co.uk with the specific corrections and supporting evidence.

11. Your rights

Under UK GDPR, you have rights including:

  • Access: obtain a copy of your personal data.
  • Correction: have inaccurate or incomplete data corrected.
  • Deletion (“right to be forgotten”): have your data deleted where applicable.
  • Restriction: have processing restricted in certain circumstances.
  • Data portability: receive your data in a structured, commonly used format.
  • Objection: object to processing based on legitimate interests or for direct marketing.
  • Withdrawal of consent: where we rely on your consent, you may withdraw it at any time.
  • Automated decision-making: the right to not be subject to solely automated decisions with legal or similarly significant effects.

To exercise your rights, contact us at privacy@onmain.co.uk. We will respond within one month of receiving your request. In complex cases, we may extend this period by up to two further months, and will inform you of any extension with reasons. We may need to verify your identity before actioning a request.

Exercising these rights is free of charge. We may charge a reasonable fee or refuse to act where a request is manifestly unfounded or excessive.

12. Complaints

If you have concerns, please contact us first at privacy@onmain.co.uk and we will try to resolve them.

You also have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire
SK9 5AF
United Kingdom

  • Helpline: 0303 123 1113
  • Website: ico.org.uk

13. Children

Our Services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, contact us at privacy@onmain.co.uk and we will take appropriate steps to delete it.

14. Changes to this policy

We may update this policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The “Last updated” date at the top of this policy indicates when it was most recently revised. Significant changes may be communicated directly to registered users by email.

15. Contact

For any privacy-related questions, requests, or complaints:

  • Privacy enquiries: privacy@onmain.co.uk
  • General enquiries: support@onmain.co.uk
  • Legal entity: ONMAIN LIMITED (Company number: 14844512)
  • ICO Registration: ZC127665
  • Location: London, United Kingdom
Note: This page is provided for general transparency and is not legal advice.