This Privacy Policy explains how Gleam (BD SE App) ("Gleam", "we", "our", "us") collects, uses, and protects your personal data when you use our website at gleam-jobflow.co.uk and our mobile application (collectively, "the Service"). We are committed to handling your data responsibly and in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who we are
Gleam (BD SE App) is the data controller for personal data collected through this Service. Our contact email is contact-us@gleam-jobflow.co.uk. We will publish our registered address and ICO registration number prior to public launch.
2. What data we collect
Data you give us directly
- Account data: your name, email address, and password when you register.
- Business data: your business name, address, and any information you add to jobs, customers, and invoices within the app.
- Payment data: when processing payments, your payment details are handled by our payment processor (not stored by Gleam directly).
- Waitlist data: your email address if you sign up to our waitlist.
- Support communications: any messages you send to us via email or support channels.
Data collected automatically
- Usage data: which features you use, how often, and when — to help us improve the product.
- Device data: device type, operating system version, and app version.
- Log data: IP address, browser type, and pages visited on our website.
3. How we use your data
We use your personal data for the following purposes:
- To provide and improve the Gleam service
- To process payments and manage your subscription
- To send you service-related communications (e.g. invoices, receipts, security alerts)
- To send product updates and marketing emails — only with your explicit consent, which you can withdraw at any time
- To respond to support requests
- To comply with legal obligations
4. Legal basis for processing
We process your personal data on the following legal bases under UK GDPR:
- Contract: to provide the Service you've signed up for
- Legitimate interests: to improve our service, detect fraud, and maintain security
- Consent: for marketing communications — you can withdraw consent at any time
- Legal obligation: where required by law (e.g. tax records)
5. How we share your data
We do not sell your personal data. We share it only with:
- Service providers: third-party processors who help us deliver the Service (hosting, payments, email delivery). They are contractually bound to keep your data confidential and to process it only on our instructions.
- Legal authorities: when required by law, court order, or to protect the rights and safety of our users.
6. Data retention
We keep your account data for as long as your account is active. If you cancel your account, your data is retained for 30 days so you can export it, then permanently deleted. Backup copies are purged within 90 days. Certain financial records (invoices) may be retained for up to 7 years to comply with HMRC requirements.
7. Your rights
Under UK GDPR, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate personal data
- Delete your personal data ("right to be forgotten")
- Restrict or object to our processing of your data
- Portability — receive your data in a machine-readable format
- Withdraw consent at any time for marketing communications
To exercise any of these rights, email contact-us@gleam-jobflow.co.uk. We'll respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
8. Security
All data is encrypted in transit using TLS 1.3 and at rest using AES-256. We use UK-based hosting infrastructure that meets ISO 27001 standards. We conduct regular security audits and maintain a responsible disclosure policy.
9. Cookies
Our website uses strictly necessary cookies only — for session management and security. We do not use tracking or advertising cookies. If this changes, we will update this policy and request your consent.
10. Third-party links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to read their privacy policies before providing any personal data.
11. Children's privacy
Gleam is intended for use by adults (18+) running a business. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
12. Changes to this policy
We may update this Privacy Policy from time to time. We'll notify registered users by email and update the "last updated" date at the top of this page. Continued use of the Service after changes constitutes acceptance of the revised policy.
13. Contact us
Questions about this policy or your data? Contact us at contact-us@gleam-jobflow.co.uk. We aim to reply within 2 business days.