Privacy Policy

Your privacy matters to us. This policy explains how we collect, use, and protect your personal information in compliance with UK GDPR and data protection laws.

Last updated: April 29, 2026

1. Introduction

Welcome to GetKonnected. We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our all-in-one operations management platform for facilities-management and field-service companies.

GetKonnected operates as a data controller under UK GDPR (General Data Protection Regulation) and the Data Protection Act 2018. We are committed to ensuring that your privacy is protected in accordance with UK data protection legislation.

Data Controller: GetKonnected, United Kingdom

Contact: admin@getkonnected.dev

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

  • Identity Data: Name, job title, company name
  • Contact Data: Email address, telephone number, business address
  • Authentication Data: Username, password (encrypted), multi-factor authentication details
  • Profile Data: User preferences, feedback, and survey responses

2.2 Technical and Device Information

  • IP address and browser type
  • Device information (model, operating system, OS version, language, time zone)
  • Mobile device identifiers (Vendor Identifier on iOS, Android ID, install ID) used for session management and security only - we do not access the IDFA or AAID for advertising
  • Push notification tokens (used solely to deliver in-app notifications you have enabled)
  • Crash logs and diagnostic data
  • Session information, cookies, and similar technologies
  • Usage analytics (feature interactions, performance metrics) used to improve the platform

2.3 Mobile-Specific Data (When Granted by Permission)

Where you grant the relevant device permission within the GetKonnected mobile app, we may also process:

  • Camera and Photos: Images you capture or select to attach to jobs, incident reports, asset records, or compliance documents
  • Location Data: Approximate or precise location, used only when actively logging job activity, recording site visits, or tagging incident locations. Location is captured only when the relevant feature is in use; we do not track location in the background
  • Files and Documents: Files you select to upload as evidence, safety documentation, or job attachments
  • Microphone: Audio captured if you record voice notes attached to a job (only when actively used)

You can revoke any of these permissions at any time in your device settings. The platform will continue to function with reduced capability where a permission is declined.

2.4 Business and Operational Data

  • Job and project information, scheduling and workforce coordination data
  • Safety documentation (RAMS, COSHH, SSOW, POWRA documents)
  • Team member, supplier, and client records
  • Financial tracking data linked to jobs and projects
  • Asset and vehicle registers, incident reports, and compliance records
  • Communication data and integration with Microsoft 365 and email systems

3. How We Use Your Information

We process your personal data under the following lawful bases as defined by UK GDPR:

Contractual Necessity

To provide you with our health and safety management services, maintain your account, process payments, and deliver customer support.

Legal Obligation

To comply with health and safety regulations, maintain statutory records, and respond to legal requests from authorities.

Legitimate Interests

To improve our services, ensure platform security, prevent fraud, and conduct analytics to enhance user experience.

Consent

For marketing communications and optional features. You can withdraw consent at any time.

4. How We Share Your Information

We do not sell your personal data and we do not share it for cross-context behavioural advertising. We share information only with the categories and providers listed below.

4.1 Service Providers (Sub-processors)

We use a limited set of trusted providers, each bound by a written data processing agreement and required to apply security measures equivalent to ours:

ProviderPurposeRegion
Amazon Web Services (AWS Cognito)Authentication and identity managementEU (eu-west-2)
Amazon Web Services (AWS S3)File and document storageEU
NeonManaged PostgreSQL database hostingEU
OpenAIAI-assisted document generation and analysisEU / Contractually-bound region
Microsoft 365Optional email and calendar integration (only if you enable it)EU
Pusher BeamsPush notification deliveryEU / Global
PostHogCrash reporting and diagnosticsEU
StripeSubscription billing and payment processingEU / UK

The provider names listed above are the sub-processors currently used by GetKonnected, and the list is updated if those providers change. You may also request the current list at admin@getkonnected.dev.

4.2 Your Organisation

Data you create within the platform is accessible to authorised users within your company account based on the role and permission settings configured by your account administrator.

4.3 Legal Requirements

We may disclose information when required by law, court order, or a competent regulatory authority (for example, the HSE or ICO).

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, subject to the same protections set out in this Privacy Policy.

5. Mobile App Permissions

The GetKonnected mobile app may request the following device permissions. Each is requested only when needed for a specific feature, and you can grant, deny, or later revoke each one independently in your device settings.

PermissionWhy We Request It
CameraTo capture photos and videos for incident reports, job evidence, asset condition records, and on-site documentation
Photo LibraryTo allow you to attach existing images to jobs, incidents, and compliance records
Location (While Using App)To tag jobs and incidents with the correct site location and to verify on-site activity. We do not access location in the background
MicrophoneTo record voice notes attached to jobs or incident reports (only when the feature is actively used)
Push NotificationsTo deliver job assignments, approval requests, and incident alerts. You can disable these at any time
Files and DocumentsTo allow you to upload supporting documentation (datasheets, certificates, drawings)
Face ID / Touch ID / Biometric AuthenticationTo allow optional biometric sign-in. Biometric data never leaves your device - we only receive a success/failure signal from the operating system

We do not request access to your contacts, calendar, SMS messages, call logs, or background location.

6. Account and Data Deletion

We provide multiple ways for you to delete your account and the personal data associated with it.

6.1 In-App Deletion

You can request deletion of your user account directly within the GetKonnected mobile app or web platform by navigating to Settings -> Account -> Delete Account. The in-app flow will confirm your identity before processing the request.

6.2 If You Cannot Access the App

If you no longer have access to the app, use our public deletion request page at getkonnected.dev/policies/delete-my-account, or email admin@getkonnected.dev from the email address registered to your account.

6.3 What Gets Deleted

  • Your user identity and authentication credentials
  • Your profile data, preferences, and personal contact information
  • Personal data linked specifically to your individual user account

6.4 What May Be Retained

  • Customer Data owned by your organisation (jobs, safety documentation, compliance records, incident reports) - this belongs to your employer's account and will be retained or deleted in line with their account-level decisions, not your individual deletion request
  • Financial and transaction records - retained for 7 years to comply with HMRC and statutory accounting requirements
  • Audit logs and security records - retained for a limited period to meet our legal and regulatory obligations
  • Anonymised or aggregated data that no longer identifies you

6.5 Timeline

We will action verified deletion requests within 30 days of receipt. We will confirm completion by email.

6.6 Account-Level Deletion (Organisations)

If you are the account administrator and wish to delete the entire company account and all associated Customer Data, please contact admin@getkonnected.dev. Account-level deletion follows the process described in our Terms of Service.

7. International Data Transfers

Our primary infrastructure and that of our key sub-processors is located within the United Kingdom and the European Union. Some of our service providers (notably OpenAI and certain operational tools) may process data in other jurisdictions, including the United States.

Where personal data is transferred outside the UK or European Economic Area, we rely on one or more of the following safeguards:

  • The UK or EU's adequacy decisions for the relevant country, where available
  • The UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses
  • Standard Contractual Clauses approved by the European Commission, with a transfer impact assessment

You can request a copy of the safeguards in place for any specific transfer by contacting admin@getkonnected.dev.

8. Children's Privacy

GetKonnected is a workplace operations platform intended for use by professional adults in field-service and facilities-management businesses. The Services are not directed at, and not intended for, children under the age of 16.

We do not knowingly collect personal data from children under 16. If we learn that we have collected personal data from a child under 16 without verified parental consent, we will delete that data promptly. If you believe a child has provided personal data to us, please contact admin@getkonnected.dev.

9. California Residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA"), gives you the following additional rights:

  • Right to Know - request details of the categories and specific pieces of personal information we have collected about you, the sources, the purposes for collection, and the categories of recipients
  • Right to Delete - request deletion of personal information, subject to legal exceptions
  • Right to Correct - request correction of inaccurate personal information
  • Right to Opt Out of Sale or Sharing - we do not "sell" personal information for money, and we do not "share" it for cross-context behavioural advertising as those terms are defined under the CCPA. There is therefore nothing to opt out of, but we honour Global Privacy Control signals where applicable
  • Right to Limit Use of Sensitive Personal Information - we only use sensitive personal information (such as authentication credentials and precise geolocation when granted) for the purposes permitted under the CCPA without further consent
  • Right to Non-Discrimination - we will not discriminate against you for exercising any of these rights

To exercise any of these rights, contact admin@getkonnected.dev. We will verify your request using your account credentials or other reasonable methods and respond within 45 days.

10. Data Breach Notification

We maintain technical and organisational measures designed to prevent unauthorised access to, or disclosure of, personal data. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms:

  • We will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware, where required by UK GDPR
  • We will notify affected users and account administrators without undue delay where the breach is likely to result in a high risk to their rights and freedoms
  • We will provide details of the nature of the breach, the categories and approximate number of data subjects affected, the likely consequences, and the measures taken or proposed

11. Data Security

We implement comprehensive security measures to protect your data:

Encryption

TLS/SSL encryption in transit, AES-256 encryption at rest

Access Control

Role-based permissions, multi-factor authentication (MFA)

Audit Logging

Comprehensive activity logs and security monitoring

Regular Backups

Automated backups with secure storage and disaster recovery

12. Data Retention and Ownership

Data Ownership

All business data created within your account (including risk assessments, safety records, documents, and any other content) belongs entirely to your company. You retain full ownership and control of your data at all times.

Data Isolation

Each company that creates an account with us has a completely separate database. Your data is isolated from other companies and cannot be accessed by any other organization using our platform. This ensures maximum security and privacy for your business information.

We retain platform operational data for:

Active account data Duration of account
Financial records 7 years (tax requirements)
Marketing data Until consent withdrawn

You are responsible for managing retention periods for your own business data (such as health and safety records) in accordance with your legal and regulatory requirements. You can export or delete your data at any time. After account closure, data is securely deleted or anonymised according to your instructions.

13. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right to Access

Request a copy of all personal data we hold about you (Subject Access Request).

Right to Rectification

Correct any inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your data (subject to legal obligations and legitimate interests).

Right to Restrict Processing

Limit how we use your data in certain circumstances.

Right to Data Portability

Receive your data in a structured, machine-readable format and transfer it to another service.

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.

Automated Decision Making

Request human review of automated decisions that significantly affect you.

To exercise any of these rights, please contact us at admin@getkonnected.dev. We will respond within one month.

14. Cookies and Tracking

We use cookies and similar technologies to improve your experience:

Essential Cookies

Required

Authentication, security, and core functionality. Cannot be disabled.

Performance Cookies

Optional

Analytics to understand usage patterns and improve our service.

Functional Cookies

Optional

Remember your preferences and settings for a better experience.

You can manage cookie preferences in your browser settings. Note that disabling essential cookies may affect platform functionality.

15. AI Processing and Automated Tools

Our platform uses artificial intelligence and automation to streamline operations and enhance productivity:

How We Use AI Technology

  • Generate professional documents including risk assessments, method statements, and compliance documentation
  • Extract and process information from safety datasheets and technical documents
  • Analyze performance data and provide insights for job management and resource allocation
  • Automate routine tasks and streamline approval workflows

Important Notes:

  • • All AI-generated content requires human review and approval
  • • Data sent to AI providers is protected by strict data processing agreements
  • • No personal data is used to train AI models
  • • You retain full control and responsibility for final documents
  • • All AI processing is performed within secure EU data centers

All AI processing is performed by OpenAI under a written data processing agreement. Inputs and outputs are processed only to fulfil your request and are not used to train OpenAI's general models. We do not share your Customer Data with AI providers for any purpose other than performing the specific request you initiate.

16. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations.

  • • Material changes will be notified via email or platform announcement
  • • The "Last updated" date at the top will reflect changes
  • • Continued use after changes constitutes acceptance of the updated policy
  • • Previous versions are available upon request for reference

17. Contact Us and Complaints

Privacy Enquiries

admin@getkonnected.dev

For questions about this policy or your data rights.

Lodge a Complaint

ICO

If unresolved, contact the Information Commissioner's Office (ICO) at ico.org.uk

Your Privacy Matters

We are committed to protecting your privacy and handling your data responsibly. If you have any concerns or questions about how we process your information, please don't hesitate to reach out. We're here to help and will respond to your enquiry promptly.

GetKonnected - Every Task, Every Team, Konnected.​

Registered in United Kingdom | Compliant with UK GDPR and Data Protection Act 2018

About | Terms of Service | Privacy Policy | Last Updated: April 29, 2026