Privacy Policy

1. Information We Collect

We collect information you provide directly (business details, customer data, job information), automatically (usage data, device information), and from third parties (payment information from Stripe).

2. How We Use Your Information

We use your data to provide and improve the Service, process payments, send notifications, provide customer support, and comply with legal obligations.

3. Data Sharing

We share data with service providers (AWS, Stripe, Twilio, SendGrid), as required by law, and with your consent. We never sell your personal data.

4. Data Security

We implement industry-standard security measures including encryption, secure authentication, regular backups, and access controls.

5. Your Rights (GDPR)

• Right to access your data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing

6. Data Retention

We retain your data for as long as your account is active plus 90 days after deletion, or as required for legal compliance (e.g., HMRC tax records for 6 years).

7. Cookies and Tracking

We use essential cookies for authentication and functionality, analytics cookies (with consent) to improve the Service, and no advertising cookies.

8. International Transfers

Your data is stored in the UK/EU (AWS eu-west-2). Any transfers outside the EEA are protected by appropriate safeguards.

9. Children's Privacy

UPGIX is not intended for users under 18. We do not knowingly collect data from children.

10. Contact & Complaints

Data Protection Officer: privacy@upgix.com
You have the right to lodge a complaint with the ICO (Information Commissioner's Office).