Privacy Policy

This Privacy Policy explains how Engineer App Ltd (“we”, “us”, “our”) collects, uses, stores, and shares personal data when you use Gas Engineer App, GasEngineerApp.co.uk, and our mobile applications, together referred to as the “Service”.

Who we are

Engineer App Ltd is a UK company.

For most business users:

• We act as controller for account, billing, communications, security, and usage data about your use of the Service.
• We act as processor for the customer, job, certificate, photo, attachment, and document data you upload or enter into the Service, where you, our business customer, are the controller.

You own your data

The Service stores information that is entered by you or imported at your instruction.

Customer Data remains your property. We do not use or make available personally identifiable Customer Data for any purpose other than providing, maintaining, securing, and supporting the Service, unless:

• you instruct us to do so;
• you give permission;
• it is necessary to provide the Service;
• it is necessary to investigate or resolve a technical, security, or support issue; or
• we are required by law.

What data we collect

A) Account and contact data

We may collect:

• name;
• email address;
• phone number, if provided;
• business or company details;
• login and authentication information, such as password data, stored securely and hashed where applicable.

B) Customer Data you upload, enter, or create in the Service

This may include:

• customer names;
• customer addresses;
• customer phone numbers and email addresses;
• job records and notes;
• certificates and compliance documents;
• photos, attachments, and documents;
• signatures;
• invoice and billing documents you generate or record in the Service.

C) Camera and photo library data

Photos or images may contain personal data, such as images of properties, appliances, documents, people, addresses, signatures, or other identifying information. You are responsible for ensuring that you have the appropriate permission or lawful basis to capture and upload such images, especially where they relate to your own customers or third parties.

D) Device and usage data

We may collect:

• device identifiers, including device ID, where used for analytics, security, or account-related functionality;
• IP address;
• device type;
• operating system;
• browser or app version;
• timestamps;
• pages, features, or screens viewed;
• diagnostic logs and crash reports to keep the Service secure and functioning.

E) Payment and billing data

We do not store your credit or debit card details. Payments are handled by third-party payment providers, such as Stripe and/or GoCardless.

We may store billing-related metadata, such as:

• subscription status;
• invoice records;
• payment references;
• plan type;
• payment status.

How we use data

We use personal data to:

• provide, operate, and maintain the Service;
• create and manage accounts and user access;
• allow users to create, upload, store, and manage job records, certificates, photos, documents, invoices, and customer records;
• provide customer support and troubleshoot issues;
• back up and restore data;
• ensure correct operation of systems and databases;
• secure the Service;
• prevent fraud, abuse, or unauthorised access;
• monitor reliability and performance;
• improve the Service, including through product analytics;
• send service communications, billing notices, product information, service updates, and notifications;
• produce aggregated and anonymised insights that do not identify individuals.

Legal bases under UK GDPR

Where we act as controller, we rely on one or more of the following legal bases:

• Contract: to provide the Service to you.
• Legitimate interests: for security, service improvement, support, diagnostics, fraud prevention, and business administration.
• Consent: where required, such as for non-essential cookies, advertising tools, or device permissions where applicable.
• Legal obligation: where we must retain or process information for legal, tax, accounting, or regulatory reasons.

Where we act as processor for Customer Data, we process that data under your instructions and our agreement with you.

Who can access your data

Engineer App Ltd, our staff, and approved partners or sub-processors may access data only where necessary to:

• assist with resolution of a system issue or error;
• provide customer support;
• enable backup, restore, hosting, storage, and proper operation of the Service;
• ensure correct operation and maintenance of systems and databases;
• maintain security and prevent misuse;
• produce aggregated anonymous averages or insights;
• comply with legal obligations.

We do not sell your personal data.

Third-party service providers

We may use trusted third-party providers to help us operate the Service. These may include providers for:

• hosting and cloud infrastructure;
• payment processing;
• email delivery;
• analytics;
• diagnostics and crash reporting;
• customer support;
• data backup and storage.

Where required, these providers process personal data under contract and only for the purposes of providing their services to us.

Security

Your data is sent securely across the internet using TLS/SSL encryption in transit.

We take appropriate technical and organisational measures to protect personal data. However, the internet and electronic storage systems are not completely secure, and we cannot guarantee absolute security.

You are responsible for:

• keeping your password safe;
• using strong and unique passwords;
• keeping your devices and software up to date;
• maintaining reasonable malware and virus protection;
• ensuring that only authorised users access your account.

Cookies and similar technologies

The Service may use cookies and similar technologies to operate effectively, remember preferences, maintain security, and understand usage patterns.

You can manage cookies through your browser settings and, where applicable, through our consent banner.

Email communications

We may send emails relating to:

• billing;
• account administration;
• product information;
• service updates;
• security notices;
• support messages;
• notifications.

Where appropriate, emails include opt-out instructions for non-essential communications. Service, billing, legal, and security messages may still be sent where necessary to deliver or protect the Service.

Data access, export, and deletion

Provided you have met your obligations under the Service Terms of Use, you can download or export your data via the Service where this functionality is available.

Retention after cancellation

Customer Data may be permanently deleted 60 days after you stop paying for the Service or earlier at your request.

Backups

Backups may persist for a limited period after deletion or cancellation and are overwritten on a rolling basis. Backup retention periods may vary depending on operational, security, and technical requirements.

We may retain limited information where required for legal, accounting, tax, security, fraud prevention, dispute-resolution, or compliance purposes.

Your rights

Depending on the context and applicable law, you may have rights to:

• access your personal data;
• rectify inaccurate personal data;
• request erasure of personal data;
• restrict processing;
• object to processing;
• request data portability;
• withdraw consent where processing is based on consent.

For Customer Data you control, such as your own customer and job data, you are typically the controller and responsible for handling data subject requests. We will assist where required under our agreement with you.

You may complain to the UK regulator, the Information Commissioner’s Office.

Responsibilities of business users

If you use the Service for your business, you are responsible for ensuring that your use of the Service complies with applicable data protection laws.

This includes ensuring that you have a lawful basis or appropriate permission to collect, upload, store, and process:

• customer details;
• job records;
• property information;
• photos;
• signatures;
• certificates;
• invoices;
• documents;
• any other personal data you add to the Service.

You should provide your own privacy information to your customers where required by law.

Children’s data

The Service is intended for business and professional use. It is not intended for use by children.

Users should not knowingly upload children’s personal data unless it is necessary for a lawful business purpose and they have the appropriate legal basis to do so.

International transfers

Where our service providers process data outside the UK or European Economic Area, we will take appropriate steps to protect personal data in accordance with applicable data protection laws. This may include using recognised transfer safeguards, such as standard contractual clauses or equivalent protections.

Changes to this policy

We may update this Privacy Policy from time to time.

Updates take effect when posted in the Service or on our website. Where changes are significant, we may take additional steps to notify users.

Terms of Use

Use of the Service is subject to our Terms of Use.

If there is a conflict between the Terms of Use and this Privacy Policy, the Terms of Use will prevail unless applicable law requires otherwise.