Privacy Policy

1. Who We Are

GRAFTER APP is operated as a sole trader business based in the United Kingdom. GRAFTER APP is the data controller for the personal data collected through this service.

For any data-related enquiries, please contact us at: support@grafterapp.co.uk

2. What Data We Collect

We collect the following personal data when you use GRAFTER APP:

• Your name, business name, phone number, and email address
• Your business address
• Bank account details you choose to store for invoicing purposes
• VAT number (if applicable)
• Profile photo (if uploaded)
• Payment information processed via Stripe (we do not store card details directly)
• Job, quote, customer, and invoice data you create within the app
• Usage data and log information

3. How We Use Your Data

We use your personal data to:

• Provide and operate the GRAFTER APP service
• Process payments and manage your subscription via Stripe
• Generate quotes, invoices, and job reports on your behalf
• Send service-related notifications (e.g. account updates)
• Improve and maintain the platform
• Comply with legal obligations

4. Legal Basis for Processing

We process your data on the following legal bases under UK GDPR:

• Contract performance — to provide the service you have signed up for
• Legitimate interests — to operate, improve, and secure the platform
• Legal obligation — where required by law
• Consent — where you have explicitly provided it

5. Who We Share Your Data With

We use the following third-party services to operate GRAFTER APP. Each acts as a data processor on our behalf:

• Supabase — database and file storage (supabase.com)
• Stripe — payment processing (stripe.com)
• Vercel — hosting and infrastructure (vercel.com)
• Resend — email delivery (resend.com)

We do not sell your data to third parties. We do not use your data for advertising purposes.

6. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where we are required to retain it for legal or financial compliance purposes.

7. Your Rights

Under UK GDPR, you have the following rights:

• Right of access — request a copy of the data we hold about you
• Right to rectification — ask us to correct inaccurate data
• Right to erasure — ask us to delete your data
• Right to restriction — ask us to limit how we use your data
• Right to data portability — request your data in a portable format
• Right to object — object to certain types of processing

To exercise any of these rights, please email support@grafterapp.co.uk. We will respond within 30 days.

8. Cookies

GRAFTER APP uses essential session cookies for authentication via Supabase Auth. We do not use tracking cookies or third-party advertising cookies.

9. Security

We take reasonable technical and organisational measures to protect your data, including encrypted data storage via Supabase and secure payment processing via Stripe. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify users of significant changes via the app or by email. The date at the top of this page will always reflect the most recent update.

11. Complaints

If you have concerns about how we handle your data, please contact us at support@grafterapp.co.uk. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.