Privacy Policy

1. Introduction

HygieneLog ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our digital hygiene logging platform and related services (the "Service").

By using HygieneLog, you agree to the collection and use of information in accordance with this policy. We comply with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the Data Protection Act 2018.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, phone number, job title, and organisation details
• Business Data: Site locations, forms, logs, signatures, photos, and compliance records you create within the Service
• Payment Information: Billing address and payment card details (processed securely through Stripe)
• Communication Data: Messages sent through our contact forms or support channels

2.2 Automatically Collected Information

• Usage Data: Pages visited, features used, timestamps, and interaction patterns
• Device Information: IP address, browser type, device type, operating system, and screen resolution
• Location Data: Approximate geographic location derived from IP address (for compliance and security purposes)
• Cookies and Tracking: See our Cookie Policy for details

3. How We Use Your Information

We use collected information for the following purposes:

• To provide, operate, and maintain the Service
• To process transactions and manage subscriptions
• To authenticate users and enforce security measures
• To send service-related notifications, updates, and support communications
• To improve, analyse, and optimise Service performance and user experience
• To comply with legal obligations and respond to regulatory requests
• To detect, prevent, and address technical issues, fraud, or security threats
• To send marketing communications (with your consent, where required)

4. Legal Basis for Processing

Under GDPR, we process your personal data based on:

• Contractual Necessity: To fulfil our service agreement with you
• Legitimate Interests: To improve our Service, prevent fraud, and ensure security
• Legal Obligation: To comply with applicable laws and regulations
• Consent: For optional analytics, marketing communications, and non-essential cookies

5. Data Sharing and Disclosure

We do not sell your personal data. We may share information with:

• Service Providers: Third-party vendors who assist with hosting, payment processing, email delivery, and analytics (under strict data processing agreements)
• Legal Authorities: When required by law, court order, or regulatory request
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to affected users)
• With Your Consent: When you explicitly authorise disclosure

6. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS/SSL), encryption at rest, regular security audits, access controls, and secure authentication. However, no method of transmission over the internet is 100% secure.

7. Data Retention

We retain your personal data for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Compliance logs and audit trails are retained for a minimum of three years as required by regulatory standards. You may request deletion of your account and associated data at any time, subject to legal retention requirements.

8. Your Rights

Under GDPR, you have the right to:

• Access: Request copies of your personal data
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your personal data (subject to legal requirements)
• Restriction: Request limitation of processing in certain circumstances
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for processing that relies on consent

To exercise these rights, contact us at [email protected]. We will respond within one month.

9. Site Isolation and Multi-Tenancy

HygieneLog uses strict site isolation to ensure that each business location only accesses its own data. Data segregation is enforced at the database and application level to meet GDPR requirements and prevent unauthorised cross-site access.

10. International Data Transfers

Your data is primarily stored and processed within the United Kingdom and European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

11. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us: