EWIProFlow

Polityka Prywatności

Ostatnia aktualizacja: Kwiecień 2026

1. Introduction

EWI ProFlow ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal data when you use our mobile application and website. By using EWI ProFlow you agree to the practices described in this policy.

2. Data We Collect

We collect the following categories of data:

  • Account data: name, email address, phone number, company name, TrustMark number
  • Worker data: installer names, NVQ levels, trade types, timesheet hours assigned to jobs
  • Job data: property addresses, postcodes, client information, documents, and survey details
  • Photos: site photographs uploaded through the app, stored securely in AWS S3 with GPS metadata where you grant location permission
  • Financial data: invoice amounts, payment records, CIS deductions (we do not store card numbers)
  • Usage and crash data: crash reports and diagnostic information collected via Sentry to help us fix bugs; general feature engagement analytics
  • Device data: device type, operating system, push notification tokens
  • Location data: GPS coordinates for photo geotagging (with your explicit permission only)

3. How We Use Your Data

  • To provide and improve the EWI ProFlow service
  • To send transactional emails via Brevo (invoices, quotes, notifications)
  • To deliver push notifications via Apple Push Notification Service (APNs) and Firebase Cloud Messaging (FCM)
  • To provide weather forecasts for your job sites via Open-Meteo
  • To look up postcode coordinates for weather lookups via Postcodes.io (postcode only, no personal data)
  • To manage subscriptions via RevenueCat
  • To diagnose errors and crashes via Sentry
  • To sync accounting data with Xero or QuickBooks (when connected by you)

4. Third-Party Services

We share data with the following third-party services as necessary to provide our service:

  • Supabase: database hosting and authentication (EU region, PostgreSQL)
  • AWS S3: secure photo and document storage
  • RevenueCat: in-app subscription management (iOS and Android)
  • Brevo: transactional email delivery
  • Open-Meteo: weather forecast data (no personal data shared)
  • Postcodes.io: postcode-to-coordinate lookup (postcode only, no personal data)
  • Apple Push Notification Service (APNs) / Firebase Cloud Messaging (FCM): push notification delivery
  • Sentry: crash reporting and error diagnostics
  • TrustMark: warranty registration (where applicable)

5. Data Retention

We retain your data for as long as your account is active. Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law. Job records and financial documents may be retained for up to 7 years as required by UK tax law (HMRC).

6. Account Deletion

You may request deletion of your account and associated personal data at any time by:

  • Using the "Delete Account" option within the app settings
  • Emailing privacy@ewiproflow.com with your account email address

On deletion, all personal data (account details, worker records, client information, photos) will be permanently removed within 30 days. Financial records required for UK tax compliance (invoices, payment records) will be retained for up to 7 years and then deleted. Active subscriptions must be cancelled through the App Store or Google Play before account deletion to avoid further billing.

7. Your Rights (GDPR)

Under the UK GDPR and Data Protection Act 2018, you have the right to:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Request erasure of your data ("right to be forgotten")
  • Export your data in a portable format
  • Object to or restrict certain processing
  • Withdraw consent at any time (where processing is based on consent)
  • Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk

To exercise any of these rights, email privacy@ewiproflow.com. We will respond within 30 days.

8. Cookies

Our website (ewiproflow.com) uses essential cookies only — these are required for the site to function and cannot be disabled. We do not use advertising or tracking cookies. A separate Cookie Policy is available on our website.

9. Children's Privacy

EWI ProFlow is a professional business tool intended for users aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18. If you believe a minor has provided us with personal data, please contact us immediately at privacy@ewiproflow.com and we will delete it promptly.

10. International Data Transfers

Some of our third-party service providers (including AWS and Sentry) may process data outside the UK or European Economic Area. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the UK ICO or equivalent mechanisms, to protect your data to the same standard as required under UK GDPR.

11. Security

All data is encrypted in transit (TLS 1.2+) and at rest. We use Supabase Row Level Security (RLS) to ensure users can only access their own company's data. Photos are stored in private AWS S3 buckets with access-controlled signed URLs. Regular automated backups are performed. We conduct periodic security reviews.

12. Contact

For privacy-related enquiries, data subject access requests, or complaints, contact us at: privacy@ewiproflow.com