Legal

Privacy Policy

Last updated:

Note: This is a starting template aligned with UK GDPR. Before publishing, have a solicitor review it against your actual data flows. Replace all TODO markers with your specifics.

Taggit ("we", "us", "our") is a product of KLM Design & Prints Ltd, registered in England and Wales, operating from Chester, UK. This policy explains how we collect, use, store and protect personal data when you use Taggit (the web dashboard at taggitapp.com, the iOS app, and any related services).

1. Who we are

The data controller is KLM Design & Prints Ltd, contactable at [email protected]. We are registered with the Information Commissioner's Office under registration number .

2. What we collect

Account data: name, email address, organisation name, role.
Asset data: the asset records, certificates, scan history, GPS location data and inspection schedules you create within Taggit.
Usage data: device type, IP address, log data, feature interactions — used to improve the service.
Billing data: we use Stripe to process payments. We never store full card details on our servers.

3. Why we collect it

We process data to provide the Taggit service, deliver compliance reporting, send service notifications (e.g. inspection due reminders), process payments, support your account, and improve the product. Legal basis: contract performance, legitimate interests, and consent where applicable.

4. Who has access

Only authorised members of your organisation can see your asset data, scoped by role (Owner, Admin, Manager, Member). We do not sell or share your data with advertisers. We use the following sub-processors:

Google Cloud / Firebase (data hosting in europe-west2, London)
Stripe (payment processing)
SendGrid (transactional email)

5. Where it's stored

All Taggit data is hosted in UK / EU data centres (Firebase europe-west2, London region). Backups are encrypted at rest.

6. How long we keep it

For active accounts, data is retained as long as your subscription is active. After cancellation, we retain data for 30 days to allow export, then permanently delete it. Billing records are retained for 7 years as required by HMRC.

7. Your rights

Under UK GDPR you have the right to access, rectify, erase, restrict, port, or object to processing of your personal data. To exercise any of these rights, email [email protected]. We will respond within 30 days.

8. Cookies

Taggit uses strictly necessary cookies for authentication and session management. We do not use third-party advertising cookies.

9. Security

All connections to Taggit use TLS encryption. Data is encrypted at rest in our database. Access to production systems is restricted and logged. We will notify affected users and the ICO within 72 hours of any breach affecting personal data.

10. Complaints

If you're not satisfied with how we handle your data, you can complain to the Information Commissioner's Office (ico.org.uk) or call 0303 123 1113.

11. Changes

We may update this policy from time to time. We'll notify account holders by email of any material changes.

12. Contact

Questions about this policy: [email protected]
KLM Design & Prints Ltd, Chester, UK.