Privacy Policy

We collect information you provide directly to us, such as when you create an account, use our services, or contact us for support.

**Account Information:** Name, email address, phone number, company name, and billing information.

**Service Data:** Job details, customer records, invoices, quotes, and other business data you input into Gaffer.

**Usage Data:** Information about how you interact with our services, including features used, pages visited, and actions taken.

**Device Information:** Device type, operating system, browser type, IP address, and general location data.

We use the information we collect to:

- Provide, maintain, and improve our services - Process transactions and send related information - Send technical notices, updates, and support messages - Respond to your comments, questions, and customer service requests - Monitor and analyze trends, usage, and activities - Detect, investigate, and prevent fraudulent transactions and abuse - Personalize and improve your experience

Your data is stored securely in UK and EU data centres with enterprise-grade encryption.

**Encryption:** All data is encrypted in transit (TLS 1.3) and at rest (AES-256).

**Access Controls:** Strict role-based access controls limit who can access your data.

**Backups:** Automated daily backups with 30-day retention ensure data recovery capability.

**Compliance:** We comply with GDPR and UK data protection regulations.

Under GDPR and UK data protection law, you have the right to:

- **Access:** Request a copy of your personal data - **Rectification:** Request correction of inaccurate data - **Erasure:** Request deletion of your data ("right to be forgotten") - **Portability:** Receive your data in a portable format - **Objection:** Object to certain processing of your data - **Restriction:** Request limited processing of your data

To exercise these rights, contact us at privacy@getgaffer.com.

We use cookies and similar technologies to:

**Essential Cookies:** Required for basic functionality like authentication and security.

**Analytics Cookies:** Help us understand how visitors use our website and services.

**Preference Cookies:** Remember your settings and preferences.

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect functionality.

We may share data with trusted third parties who assist in operating our services:

- **Payment Processors:** Stripe for secure payment processing - **Email Services:** For transactional and marketing communications - **Analytics Providers:** For usage analysis and improvements - **Cloud Infrastructure:** AWS and similar providers for hosting

All third parties are contractually bound to protect your data and use it only for specified purposes.

We retain your data for as long as your account is active or as needed to provide services.

**Account Data:** Retained while your account is active, plus 30 days after deletion request.

**Transaction Records:** Retained for 7 years for legal and tax compliance.

**Usage Logs:** Retained for 12 months for security and analysis.

You can request data deletion at any time, subject to legal retention requirements.

For privacy-related questions or to exercise your rights:

**Email:** privacy@getgaffer.com **Address:** Gaffer Ltd, Edinburgh, UK

**Data Protection Officer:** For GDPR-related inquiries, contact dpo@getgaffer.com

We aim to respond to all requests within 30 days.