Privacy Policy

1. Introduction

Crivata ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our business management platform designed for UK trade professionals.

We are committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. By using Crivata, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Name and email address
• Company/business name and contact details
• Authentication data provided through our login provider
• Business address and VAT registration details (if provided)

2.2 Business Data

To provide our services, we store data you enter including:

• Customer/client contact information and records
• Lead and project information
• Quotes, estimates, and invoices
• Job schedules and calendar events
• Messages and communication history
• Financial information including pricing and payment records

2.3 Payment Information

Payment processing is handled by Stripe. We do not store complete credit card numbers on our servers. Stripe's privacy policy governs their handling of payment data. We store only transaction references and payment status information.

2.4 Technical Data

We automatically collect certain technical information including:

• IP address and browser type
• Device information and operating system
• Pages visited and features used
• Date and time of access

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain our platform
• Process transactions and send related information
• Send administrative messages, updates, and security alerts
• Respond to your enquiries and provide customer support
• Enable communication between you and your customers
• Improve and personalise your experience
• Monitor usage and analyse trends to enhance our services
• Detect, investigate, and prevent fraudulent or unauthorized activities
• Comply with legal obligations

4. Legal Basis for Processing (UK GDPR)

Under UK GDPR, we process your personal data based on the following legal grounds:

• Contract: Processing necessary to perform our contract with you (providing the Crivata service)
• Legitimate interests: Processing necessary for our legitimate business interests, such as improving our services and preventing fraud
• Legal obligation: Processing necessary to comply with legal requirements
• Consent: Where you have given explicit consent for specific processing activities

5. Data Sharing and Third Parties

We may share your information with third-party service providers who assist in operating our platform:

• Stripe: Payment processing and subscription management
• Replit: Hosting infrastructure and authentication services
• Email/SMS providers: Communication delivery services (when enabled)
• Google: Calendar integration (when connected by you)

We do not sell, trade, or rent your personal information to third parties for marketing purposes. We may disclose information if required by law, court order, or to protect our rights and safety.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to:

• Comply with legal obligations (e.g., tax records for 7 years)
• Resolve disputes and enforce our agreements
• Maintain business records as required by law

Upon account deletion request, we will delete or anonymise your data within 30 days, except where we are required to retain it by law.

7. Your Rights Under UK GDPR

Under UK data protection law, you have the following rights:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your personal data ("right to be forgotten")
• Right to restrict processing: Request limitation of how we use your data
• Right to data portability: Request transfer of your data in a machine-readable format
• Right to object: Object to processing based on legitimate interests
• Rights related to automated decision-making: Right not to be subject to solely automated decisions

To exercise any of these rights, please contact us at privacy@slategrey-dolphin-221064.hostingersite.com. We will respond within one month.

8. Cookies and Tracking

We use essential cookies to maintain your session and provide core functionality. These cookies are necessary for the platform to function properly and cannot be disabled.

We do not use third-party tracking cookies for advertising purposes.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes:

• Encryption of data in transit using TLS/SSL
• Secure hosting infrastructure
• Regular security assessments
• Access controls and authentication requirements

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

10. International Data Transfers

Our services are hosted on infrastructure that may involve data processing outside the UK. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including standard contractual clauses approved by the UK Information Commissioner's Office (ICO).

11. Children's Privacy

Crivata is a business management tool. While we do not specifically prohibit users under 18, the platform is designed for trade professionals running businesses. We do not knowingly collect data from children under 13. If you believe a child under 13 has provided us with personal information, please contact us.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this page periodically.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe your data protection rights have been breached. Visit ico.org.uk for more information.