Phone: 03301 333 013 Mobile: 07798 693 285 Email: info@ltcsoftware.co.uk

Privacy Policy

For Business Customers of LTC Software Ltd

Overview

Last Updated: December 14, 2025 | Effective Date: December 14, 2025

LTC Software Ltd ("we", "our", or "us") operates the LTC Software Ltd CRM web application and mobile application (collectively, the "Services"). This privacy policy explains how we collect, use, disclose, and safeguard your business information when you, as a business customer, use our Services.

Important: This policy is designed for our business customers (B2B). For information about data retention, account deletion procedures, and GDPR compliance for your end customers, please see our Data Retention & GDPR Policy.

Quick Navigation

Jump to section:

1. Information We Collect | 2. Mobile App Permissions | 3. How We Use Your Information | 4. Data Storage and Security | 6. Your Rights and Choices | 12. Contact Information | Data Retention & GDPR Policy

1. Information We Collect

As a business customer of LTC Software Ltd, we collect various types of information to provide you with a comprehensive and effective customer relationship management solution. This information enables us to deliver, maintain, and improve our Services while ensuring a secure business environment. We are committed to transparency regarding the data we collect and how it is utilized.

Business Account Information

When your business registers for and uses our Services, we collect information necessary to create and maintain your business account, authenticate authorized users, and provide your organization with access to our platform's features. This information forms the foundation of our business relationship.

  • Account Registration Data: Your full name, email address, business name, company details, and secure login credentials (passwords are encrypted and never stored in plain text)
  • User Profile Information: Professional details including job title, department, contact telephone numbers, business address, and any additional profile information you choose to provide
  • Business Contact Information: Details about your organization, including registered business address, VAT number (if applicable), and primary business contact details
  • Payment and Billing Information: When you subscribe to premium features, we collect payment card details (processed securely through our payment provider), billing address, and transaction history

Customer and Business Data

As a CRM platform, you entrust us with your valuable business data. We collect and process the information you input into our system to help you manage your customer relationships effectively. This data remains your property, and we act as a processor of this information on your behalf.

  • Customer Contact Records: Information about your customers and contacts, including names, email addresses, phone numbers, company affiliations, and any custom fields you create
  • Communication History: Records of emails sent through our platform, communication logs, notes, and interaction timestamps to help you track customer engagement
  • Email Templates and Campaigns: Custom email templates you create, campaign data, and associated analytics regarding open rates, click-through rates, and recipient engagement
  • Business Documents and Files: Any documents, contracts, proposals, or files you upload to our platform for storage or sharing with your team members
  • Task and Activity Data: Information about tasks, appointments, meetings, reminders, and calendar events you create within the system

Device and Technical Information

To ensure optimal performance, security, and compatibility across different devices and platforms, we automatically collect certain technical information when you access our Services. This data helps us identify and resolve technical issues, prevent unauthorized access, and improve our application's functionality.

  • Device Information: Device type and model, operating system and version, unique device identifiers, mobile network information, and hardware specifications
  • Network and Connection Data: IP address, internet service provider, network operator, connection type (WiFi, cellular), and approximate geographic location based on IP address
  • Browser and Application Data: Browser type and version, language preferences, time zone settings, and referring website information
  • Location Information: With your explicit permission, we may collect precise GPS location data when you use location-based features such as check-ins, territory management, or route planning

Usage and Analytics Data

We collect information about how you interact with our Services to understand usage patterns, identify popular features, and make data-driven improvements to enhance your experience. This analytics data is typically aggregated and anonymized.

  • Feature Usage Statistics: Information about which features you use, how frequently you access them, and the duration of your sessions
  • Performance Metrics: Application load times, error reports, crash data, and system performance indicators to help us optimize our Services
  • User Interaction Data: Click patterns, navigation paths, search queries within the application, and feature adoption rates
  • Cookies and Similar Technologies: We use cookies, session tokens, and local storage to maintain your login state, remember your preferences, and provide a seamless user experience

2. Mobile App Permissions

Our mobile application is designed to provide you with powerful CRM capabilities on the go. To deliver this functionality effectively, the app requests certain permissions from your device. We believe in transparency and user control, which is why we clearly explain each permission, its purpose, and whether it is required or optional for app operation.

You maintain full control over optional permissions and can grant or revoke them at any time through your device settings. The app will continue to function with reduced capabilities if you choose not to grant optional permissions. Required permissions are essential for basic app functionality and must be granted for the app to operate.

Permission Purpose Status
Internet Connect to CRM servers and sync data Required
Network State Monitor network connectivity for reliable operation Required
Camera Scan business cards, capture documents, take profile photos Optional
Storage Access documents for upload and export, attach files to records Optional
Contacts Integrate with device contacts for quick customer data import Optional
Calendar Schedule meetings and sync CRM activities with device calendar Optional
Location Track customer visits and enable location-based features Optional
Phone Enable click-to-call functionality for quick customer contact Optional
Notifications Send important CRM alerts, task reminders, and appointment notifications Optional

Note: Optional permissions can be granted or denied. You can revoke permissions at any time through device settings.

3. How We Use Your Information

The information we collect serves specific, legitimate purposes that are essential to delivering and improving our Services. We are committed to using your data responsibly, transparently, and only in ways that benefit your experience with our platform. We do not use your personal information for purposes unrelated to our Services without your explicit consent.

Core Service Delivery and Functionality

The primary purpose of collecting your information is to provide you with a fully functional, reliable, and effective CRM platform. Every piece of data we collect directly supports your ability to manage customer relationships, streamline business processes, and achieve your organizational goals.

  • Account Creation and Authentication: We use your registration information to create and maintain your user account, verify your identity during login, and ensure that only authorized users can access your data
  • CRM Platform Operations: Your business data enables core CRM functionality including customer contact management, communication tracking, email campaign execution, task management, and reporting capabilities
  • Feature Provisioning: We process your data to deliver the specific features and tools you request, including email templating, customer segmentation, analytics dashboards, and integration with third-party services
  • Data Synchronization: When you access our Services across multiple devices, we use your information to synchronize your data and preferences, ensuring a consistent experience regardless of how you access the platform
  • Personalization: We tailor your user interface, recommend relevant features, and customize your experience based on your usage patterns and preferences to make the platform more efficient for your specific needs

Security, Fraud Prevention, and Account Protection

Protecting your account and data is paramount. We use the information we collect to detect, prevent, and respond to security threats, fraudulent activity, and unauthorized access attempts. This ensures the integrity and confidentiality of your business information.

  • Security Monitoring: We analyze login patterns, device information, and access locations to identify suspicious activity and potential security breaches
  • Fraud Detection: Payment information and transaction data are monitored to prevent fraudulent charges and protect against unauthorized subscription changes
  • Access Control: User authentication data ensures that only you and authorized team members can access your account and sensitive business information
  • Incident Response: In the event of a security incident, we use contact information to notify affected users promptly and provide guidance on protective measures

Communication and Customer Support

We use your contact information to communicate with you about your account, respond to your inquiries, and provide technical support. These communications are essential for maintaining your service and keeping you informed about important updates.

  • Service Notifications: We send essential communications regarding your account status, subscription renewals, payment confirmations, and service-related updates
  • Technical Support: When you contact our support team, we use your information to verify your identity, understand your issue, and provide effective assistance
  • Product Updates: We inform you about new features, improvements, security patches, and important changes to our Services or policies
  • Educational Content: With your permission, we may send tips, best practices, and guidance to help you maximize the value of our platform

Analytics, Research, and Service Improvement

We analyze usage data to understand how our Services are being used, identify areas for improvement, and develop new features that meet your evolving needs. This analysis typically uses aggregated, anonymized data that cannot be traced back to individual users.

  • Performance Optimization: We monitor system performance, load times, and error rates to identify and resolve technical issues quickly
  • Feature Development: Usage statistics help us understand which features are most valuable and where we should focus our development efforts
  • User Experience Research: We analyze navigation patterns and user interactions to improve interface design and streamline workflows
  • Quality Assurance: Testing and validation processes use anonymized data to ensure new features work correctly before release

Legal Compliance and Business Operations

We process certain information to comply with legal obligations, enforce our terms of service, protect our rights and property, and conduct legitimate business operations.

  • Regulatory Compliance: We maintain records and process data as required by applicable laws, including GDPR, data protection regulations, and financial reporting requirements
  • Billing and Accounting: Payment and subscription information is used for invoicing, payment processing, tax compliance, and financial record-keeping
  • Terms Enforcement: We may use account data to investigate violations of our terms of service and take appropriate action
  • Legal Proceedings: When legally required, we may use or disclose information in connection with legal claims, regulatory investigations, or court proceedings

4. Data Storage and Security

The security and integrity of your data is our highest priority. We employ industry-leading security measures, robust infrastructure, and comprehensive policies to protect your information from unauthorized access, disclosure, alteration, or destruction. Our security framework is designed to meet and exceed international standards for data protection.

Data Storage Infrastructure

Your data is hosted on enterprise-grade cloud infrastructure provided by Microsoft Azure, one of the world's most trusted and secure cloud platforms. All data is stored in data centers located within the United Kingdom, ensuring compliance with UK and European data protection regulations.

  • Geographic Location: All primary data storage occurs in Microsoft Azure data centers within the United Kingdom, with redundant backups maintained in geographically separate UK locations for disaster recovery
  • Infrastructure Security: Azure data centers feature physical security measures including 24/7 monitoring, biometric access controls, and environmental safeguards against fire, flood, and power failures
  • High Availability: Our infrastructure is designed for 99.9% uptime with automatic failover capabilities and redundant systems to ensure continuous service availability
  • Data Isolation: Each customer's data is logically isolated and segregated to prevent unauthorized cross-customer access

Security Measures and Protocols

We implement multiple layers of security controls to protect your data throughout its lifecycle. These measures are continuously monitored, tested, and updated to address emerging threats and maintain the highest security standards.

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using industry-standard TLS 1.2 or higher (Transport Layer Security), preventing interception or eavesdropping during transmission
  • Encryption at Rest: All stored data, including databases, file storage, and backups, is encrypted using AES-256 encryption, ensuring that data remains protected even in the unlikely event of physical storage compromise
  • Secure Authentication: We employ JWT (JSON Web Token) based authentication with secure token generation, validation, and expiration mechanisms. Passwords are hashed using bcrypt with salt, making them computationally infeasible to reverse
  • Role-Based Access Control (RBAC): Access to data and features is controlled through granular permission systems, ensuring users can only access information appropriate to their role and authorization level
  • Multi-Factor Authentication (MFA): Optional two-factor authentication adds an additional security layer, requiring both password and verification code for account access
  • API Security: All API endpoints are protected with authentication requirements, rate limiting, and input validation to prevent abuse and injection attacks
  • Regular Security Audits: We conduct periodic security assessments, penetration testing, and vulnerability scans to identify and remediate potential security weaknesses
  • Security Monitoring: Automated systems continuously monitor for suspicious activity, unauthorized access attempts, and potential security incidents, with alerts triggering immediate investigation

Compliance and Certifications

We maintain compliance with relevant data protection regulations and industry standards to ensure your data is handled according to legal requirements and best practices.

  • GDPR Compliance: Our data processing practices fully comply with the General Data Protection Regulation (GDPR), including requirements for lawful processing, data minimization, and individual rights
  • UK Data Protection Act: We adhere to the UK Data Protection Act 2018 and maintain registration with the Information Commissioner's Office (ICO)
  • ISO Standards: Our cloud infrastructure provider maintains ISO 27001 certification for information security management
  • Regular Compliance Reviews: We conduct periodic reviews of our data protection practices to ensure ongoing compliance with evolving regulations

Data Retention and Deletion

We retain your data only for as long as necessary to fulfill the purposes outlined in this privacy policy, comply with legal obligations, and resolve disputes. You have control over your data and can request deletion at any time.

  • Active Account Retention: While your account remains active, we retain your data to provide continuous service and maintain your business records
  • Account Deletion: When you delete your account, we will permanently delete or anonymize your personal data within 30 days, unless retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing agreements)
  • Backup Retention: Deleted data may persist in encrypted backups for up to 90 days before being permanently purged from all systems
  • Legal Hold: In cases where we are legally required to preserve data (such as during litigation or regulatory investigation), retention may be extended until the legal obligation is satisfied
  • Anonymized Analytics: Aggregated, anonymized usage statistics may be retained indefinitely for research and service improvement purposes, as this data cannot be linked back to individual users

Security Incident Response

Despite our comprehensive security measures, no system is completely immune to security incidents. We maintain a detailed incident response plan to quickly detect, contain, and remediate any security breaches.

  • Incident Detection: Automated monitoring systems and security tools continuously scan for potential breaches or unauthorized access
  • Rapid Response: Our security team is prepared to respond immediately to confirmed incidents, containing threats and minimizing potential impact
  • User Notification: In the event of a data breach affecting your personal information, we will notify you within 72 hours as required by GDPR, providing details about the incident and recommended protective actions
  • Regulatory Reporting: We will report qualifying security incidents to relevant authorities, including the ICO, in accordance with legal requirements
  • Post-Incident Review: Following any security incident, we conduct thorough analysis to identify root causes and implement additional safeguards to prevent recurrence

5. Data Sharing and Disclosure

Your privacy is of utmost importance to us. We want to be absolutely clear: we do not sell, trade, rent, or otherwise monetize your personal information to third parties for marketing purposes. Your data is yours, and we respect that. However, there are limited circumstances where we may need to share certain information to provide our Services, comply with legal obligations, or protect our users and business.

When we do share data, we ensure that appropriate safeguards are in place, including contractual obligations requiring third parties to protect your information and use it only for specified purposes. Below, we detail the specific circumstances under which data sharing may occur.

Service Providers and Business Partners

To deliver our Services effectively, we work with carefully selected third-party service providers who perform functions on our behalf. These providers have access only to the information necessary to perform their specific tasks and are contractually obligated to maintain confidentiality and security.

  • Cloud Infrastructure Providers: Microsoft Azure hosts our application and stores your data in secure UK data centers. Azure is bound by strict data processing agreements and maintains industry-leading security certifications
  • Payment Processors: When you subscribe to premium features, payment card information is processed by PCI-DSS compliant payment providers (such as GoCardless). We do not store complete payment card details on our servers
  • Email Delivery Services: To send transactional emails (such as password resets, account notifications, and service updates), we use email delivery services that process recipient email addresses and message content
  • Analytics and Monitoring Tools: We use analytics services to understand application performance and usage patterns. These services receive anonymized or aggregated data that cannot identify individual users
  • Customer Support Tools: When you contact our support team, your communications may be processed through customer service platforms to help us provide efficient assistance

Legal Requirements and Compliance

We may be required to disclose your information to comply with applicable laws, regulations, legal processes, or governmental requests. We will only disclose the minimum information necessary to satisfy the legal requirement.

  • Legal Obligations: When required by law, regulation, legal process, or enforceable governmental request, we will disclose information to relevant authorities
  • Court Orders and Subpoenas: We will comply with valid court orders, subpoenas, and other legal demands for information, while seeking to protect your rights to the extent possible
  • Regulatory Investigations: Information may be shared with regulatory bodies conducting investigations or audits related to our business operations
  • Tax and Financial Reporting: We may share billing and payment information with tax authorities as required by applicable tax laws and regulations
  • User Notification: Where legally permitted, we will notify you before disclosing your information in response to legal requests, giving you an opportunity to challenge the request

Protection of Rights and Safety

We may disclose information when we believe, in good faith, that disclosure is necessary to protect the rights, property, or safety of our company, our users, or the public.

  • Terms of Service Enforcement: To investigate and enforce violations of our terms of service, acceptable use policies, or other agreements
  • Fraud Prevention: To detect, prevent, and address fraud, security breaches, or other potentially illegal or harmful activities
  • Safety Threats: When we believe disclosure is necessary to prevent physical harm, financial loss, or other serious threats to individuals or the public
  • Intellectual Property Protection: To protect our intellectual property rights and those of our users from infringement or misappropriation

Business Transfers and Corporate Transactions

In the event of a corporate transaction such as a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will ensure that any acquiring entity continues to honor the commitments made in this privacy policy.

  • Mergers and Acquisitions: If LTC Software Ltd is acquired by or merged with another company, your information may be transferred to the new entity
  • Asset Sales: In connection with the sale of business assets, customer information may be included as part of the transferred assets
  • Bankruptcy or Insolvency: In the unlikely event of bankruptcy or insolvency proceedings, user data may be considered a business asset subject to transfer
  • User Notification: We will notify affected users of any such transaction and provide information about how their data will be handled by the new entity
  • Privacy Policy Continuity: We will require any successor entity to honor the privacy commitments made in this policy or provide you with notice and choice regarding any changes

With Your Consent

We may share your information with third parties when you have given us explicit consent to do so. This consent can be withdrawn at any time.

  • Third-Party Integrations: If you choose to connect our Services with third-party applications or services, we will share necessary information to enable that integration
  • Marketing Communications: With your explicit opt-in consent, we may share your contact information with selected partners for marketing purposes (you can withdraw this consent at any time)
  • Research and Surveys: If you participate in research studies or surveys, we may share anonymized or aggregated data with research partners

Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you. This data is used for industry analysis, demographic profiling, marketing, and other business purposes.

  • Usage Statistics: Aggregated statistics about feature usage, user demographics, and platform performance may be shared publicly or with partners
  • Industry Benchmarks: Anonymized data may be used to create industry benchmarks and reports that benefit the broader business community
  • Research and Development: De-identified data may be used for research purposes to improve CRM technologies and business practices

6. Your Rights and Choices

You have significant control over your personal information and how it is used. Under applicable data protection laws, including the GDPR and UK Data Protection Act, you possess specific rights regarding your data. We are committed to facilitating the exercise of these rights and will respond to your requests promptly and in accordance with legal requirements.

Your Data Protection Rights (GDPR)

Under the General Data Protection Regulation (GDPR) and UK Data Protection Act 2018, you have comprehensive rights regarding your personal data. These rights empower you to control how your information is collected, used, and shared.

  • Right of Access (Subject Access Request): You have the right to request a copy of all personal data we hold about you. We will provide this information in a structured, commonly used, and machine-readable format within one month of your request. This includes information about how we process your data, who we share it with, and how long we retain it
  • Right to Rectification: If you believe any of your personal information is inaccurate or incomplete, you have the right to request correction. We will update your information promptly and notify any third parties with whom we have shared the data
  • Right to Erasure ("Right to be Forgotten"): You can request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, you withdraw consent, you object to processing, or the data was unlawfully processed. Note that we may retain certain information if required by law or for legitimate business purposes
  • Right to Restriction of Processing: You can request that we limit how we use your data in certain circumstances, such as when you contest the accuracy of the data or object to processing. During the restriction period, we will store the data but not actively process it
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another service provider. This applies to data you provided to us with your consent or under a contract
  • Right to Object: You can object to processing of your personal data based on legitimate interests, direct marketing, or for research and statistical purposes. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests
  • Right to Withdraw Consent: Where we process your data based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before the withdrawal
  • Right to Lodge a Complaint: You have the right to lodge a complaint with the Information Commissioner's Office (ICO) or your local supervisory authority if you believe we have violated your data protection rights

Account and Privacy Settings

You can manage many aspects of your privacy and data usage directly through your account settings. These controls give you immediate access to modify your preferences without needing to contact support.

  • Profile Management: Update your personal information, business details, and contact preferences directly in your account settings
  • Communication Preferences: Choose which types of emails you wish to receive, including product updates, newsletters, and marketing communications. Note that you cannot opt out of essential service communications
  • Security Settings: Enable or disable two-factor authentication, manage trusted devices, and review recent login activity
  • Data Export: Request an export of your account data and customer information in standard formats (CSV, JSON) for backup or migration purposes
  • Account Deletion: Permanently delete your account and associated data through the account settings page. This action is irreversible and will result in loss of all your data

Mobile App Permissions and Controls

Our mobile application requests various device permissions to provide enhanced functionality. You have complete control over these permissions and can modify them at any time through your device settings.

  • Permission Management: Grant or deny individual permissions (camera, location, contacts, etc.) based on your comfort level and needs. The app will continue to function with reduced capabilities if you deny optional permissions
  • Location Services: Control when the app can access your location (always, only while using the app, or never) through your device's location settings
  • Notification Preferences: Manage which types of push notifications you receive, including task reminders, appointment alerts, and system notifications
  • Offline Data: Clear locally cached data from your device through the app settings to free up storage space

Marketing and Communications

You have control over the marketing communications you receive from us. We respect your preferences and make it easy to opt out of non-essential communications.

  • Email Unsubscribe: Every marketing email includes an unsubscribe link that allows you to opt out immediately. Your preference will be honored within 48 hours
  • Preference Center: Access our email preference center to choose which types of communications you wish to receive (product updates, tips and tutorials, company news, etc.)
  • Essential Communications: Note that you cannot opt out of essential service communications such as security alerts, billing notifications, and critical system updates

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us using the details provided in the "Contact Information" section below. We will respond to your request within one month, though this may be extended by two additional months for complex requests.

  • Verification: To protect your privacy, we may need to verify your identity before processing requests. This may involve confirming your email address or answering security questions
  • No Fee: Exercising your rights is generally free of charge. However, we may charge a reasonable fee for manifestly unfounded or excessive requests
  • Response Time: We aim to respond to all requests within one month. For complex requests, we may extend this period by up to two months and will inform you of the extension

7. Third-Party Services and Links

To provide you with a comprehensive and reliable service, we utilize carefully selected third-party service providers. These providers assist us with various aspects of our operations, from hosting infrastructure to payment processing. We ensure that all third-party providers maintain appropriate security standards and data protection practices.

Our Services are built on trusted, enterprise-grade platforms that meet international security and compliance standards. Each third-party provider is bound by contractual obligations to protect your data and use it only for the specific purposes we authorize.

  • Cloud Infrastructure (Microsoft Azure): All application hosting and data storage is provided by Microsoft Azure, with data centers located in the United Kingdom. Azure maintains ISO 27001, SOC 2, and other industry certifications
  • Payment Processing (GoCardless): Subscription payments are processed through GoCardless, a PCI-DSS Level 1 certified payment provider. We do not store complete payment card details on our servers
  • Email Delivery Services: Transactional and service emails are sent through secure email delivery platforms that comply with anti-spam regulations and maintain high deliverability standards
  • Analytics and Performance Monitoring: We use analytics services to monitor application performance, identify errors, and understand usage patterns. These services receive anonymized or aggregated data that cannot identify individual users
  • Customer Support Tools: Support communications may be processed through customer service platforms to help us provide efficient, organized assistance to our users

Third-Party Links: Our Services may contain links to third-party websites, applications, or services that are not operated by us. We are not responsible for the privacy practices or content of these third parties. We encourage you to review the privacy policies of any third-party services you access through our platform. When you click on third-party links, you leave our Services and are subject to the privacy policies and terms of those external sites.

8. Children's Privacy

Our Services are designed for business use and are not intended for, nor directed to, children under the age of 16 years. We do not knowingly collect, use, or disclose personal information from children under 16 without verifiable parental consent.

As a business-focused CRM platform, our Services are designed for use by adults in professional contexts. We recognize the importance of protecting children's privacy online and take our responsibilities seriously under applicable child protection laws, including the Children's Online Privacy Protection Act (COPPA) and GDPR provisions regarding children's data.

  • Age Restriction: By using our Services, you represent and warrant that you are at least 16 years of age. If you are under 16, you must not use our Services or provide any personal information to us
  • No Intentional Collection: We do not intentionally collect personal information from individuals under 16. Our registration processes, marketing materials, and service features are designed for adult business users
  • Parental Notification: If you are a parent or guardian and believe your child under 16 has provided us with personal information, please contact us immediately using the contact details provided in this policy
  • Prompt Deletion: If we become aware that we have collected personal information from a child under 16 without appropriate parental consent, we will take immediate steps to delete that information from our systems
  • Account Termination: Accounts found to belong to users under 16 will be promptly terminated, and all associated data will be deleted in accordance with our data retention policies

9. International Data Transfers

While our primary data storage is located in the United Kingdom, the global nature of internet services means that your data may occasionally be transferred to, stored in, or processed in countries outside of your country of residence. We ensure that appropriate safeguards are in place for all international data transfers to protect your personal information.

When we transfer personal data outside the UK or European Economic Area (EEA), we comply with applicable data protection laws and implement appropriate safeguards to ensure your data receives an adequate level of protection equivalent to that provided within the UK/EEA.

  • Primary Data Location: All customer data is primarily stored and processed in Microsoft Azure data centers located within the United Kingdom, ensuring compliance with UK and EU data protection standards
  • Standard Contractual Clauses: When we transfer data to third-party service providers outside the UK/EEA, we use Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection
  • Adequacy Decisions: We may transfer data to countries that have been deemed by the UK or EU to provide an adequate level of data protection, such as countries with adequacy decisions in place
  • Data Processing Agreements: All third-party processors are bound by comprehensive data processing agreements that include appropriate technical and organizational security measures
  • Transfer Impact Assessments: We conduct transfer impact assessments to evaluate the legal framework and practical security measures in destination countries before transferring data
  • User Rights: Regardless of where your data is processed, you retain all the rights described in this privacy policy, including the right to access, correct, and delete your personal information

10. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We are committed to keeping you informed about how we protect your privacy, and we will notify you of any material changes to this policy.

When we make changes to this privacy policy, we will update the "Last Updated" date at the top of this page. For significant changes that materially affect your rights or how we process your data, we will provide more prominent notice and, where required by law, obtain your consent.

  • Policy Updates: We will post the updated privacy policy on this page, making it accessible to all users. The revised policy will indicate the date it was last updated
  • Email Notifications: For material changes that significantly affect your privacy rights or our data processing practices, we will send email notifications to the address associated with your account
  • In-App Notifications: When you log into our Services after a policy update, you may see a notification informing you of the changes and providing a link to review the updated policy
  • Advance Notice: Where feasible, we will provide advance notice of significant changes, giving you time to review the updated policy before it takes effect
  • Consent for Material Changes: If required by applicable law, we will obtain your explicit consent before implementing material changes that affect how we process your personal data
  • Continued Use: Your continued use of our Services after the effective date of an updated privacy policy constitutes your acceptance of the changes. If you do not agree with the updated policy, you should discontinue use of our Services
  • Version History: We maintain records of previous versions of this privacy policy. If you would like to review a previous version, please contact us using the details provided below

We encourage you to review this privacy policy periodically to stay informed about how we are protecting your information. If you have questions about changes to this policy, please contact our privacy team.

11. Data Safety Summary

For your convenience, we provide this summary table showing the types of data we collect, whether they are shared with third parties, and their primary purposes. This summary is intended as a quick reference and should be read in conjunction with the detailed information provided throughout this privacy policy.

Data Type Collected Shared with Third Parties Primary Purpose
Email Address Yes No Account authentication, service communications
Name Yes No User profile, personalization
Password Yes No Account authentication (encrypted with bcrypt)
Business & Customer Data Yes No CRM functionality, customer relationship management
Device Identifiers Yes No Security monitoring, fraud prevention, analytics
Usage Data Yes No Service improvement, feature development
Payment Information Yes Yes* Subscription billing
Location Data Optional No Location-based features (with permission)

Key Security Highlights

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher
  • Encryption at Rest: All stored data is encrypted using AES-256 encryption
  • No Data Sales: We do not sell, trade, or rent your personal information to third parties
  • Data Deletion: You can request account and data deletion at any time by contacting support or through your account settings
  • UK Data Storage: All primary data is stored in Microsoft Azure data centers within the United Kingdom
  • GDPR Compliant: Our data processing practices fully comply with GDPR and UK Data Protection Act 2018

12. Contact Information

We are committed to addressing your privacy concerns and answering your questions about how we collect, use, and protect your personal information. If you have any questions, concerns, or requests regarding this privacy policy or our data practices, please do not hesitate to contact us.

How to Reach Us

Response Times

We aim to respond to all privacy-related inquiries within 5 business days. For formal data subject requests (such as access requests, deletion requests, or other rights under GDPR), we will respond within one month as required by law, though we may extend this period by up to two additional months for complex requests.

13. Complaints and Regulatory Authority

We take your privacy rights seriously and strive to handle your personal information in accordance with all applicable data protection laws. However, if you believe we have not complied with this privacy policy or applicable data protection regulations, you have the right to lodge a complaint.

Filing a Complaint

If you have concerns about our data processing practices, we encourage you to contact us first using the contact information provided above. We will investigate your concerns and work with you to resolve any issues promptly.

However, you also have the right to lodge a complaint directly with your local data protection supervisory authority. In the United Kingdom, the relevant authority is:

Information Commissioner's Office (ICO)

  • Website: www.ico.org.uk
  • Helpline: 0303 123 1113
  • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
  • Online Reporting: You can report concerns online through the ICO website

If you are located outside the United Kingdom, you may contact your local data protection supervisory authority. You can find a list of EU data protection authorities at https://edpb.europa.eu.

Questions about our Privacy Policy?

By using nuclyo CRM, you acknowledge that you have read and understood this privacy policy.