← PSA Reps

Privacy Policy

DRAFT TEMPLATE — this policy is a working skeleton and must be reviewed and completed by a data-protection professional before customers are onboarded.

Last updated: [DATE]

1. Who we are

PSA Reps ("we") is operated by [LEGAL ENTITY NAME], registered in England and Wales [COMPANY NUMBER]. Contact: [SUPPORT EMAIL]. We are registered with the Information Commissioner's Office under reference [ICO REGISTRATION NUMBER].

2. Our role

For the case records you create in the app (client details, attendance notes, declarations, invoices), you (or your firm) are the data controller and we act as a data processor. We process that data solely to provide the service, on your instructions, under our Terms of Service and Data Processing Addendum [LINK]. For your account data (name, email, billing), we are the controller.

3. What we process

Account data: email address, authentication identifiers, subscription status. Service data: the attendance records, declarations and invoices you create — which may include special category data (health) and criminal-offence data relating to your clients. Technical data: [LOGS / ANALYTICS — SPECIFY OR STATE NONE].

4. Where data is stored

Service data is stored in Google Cloud Firestore in the London region (europe-west2), encrypted in transit and at rest. Sub-processors: Google LLC (Firebase — hosting, authentication, database) [+ STRIPE WHEN BILLING LAUNCHES].

5. Retention

You control retention of case records, including the optional auto-delete of submitted forms. Account data is retained while your account is active and for [PERIOD] after closure.

6. Your rights / your clients' rights

[UK GDPR RIGHTS SECTION — ACCESS, ERASURE, PORTABILITY, COMPLAINTS TO ICO]

7. Breach notification

[72-HOUR PROCESS SUMMARY]