BOSHED.
Get started
Privacy

Privacy policy.

How Boshed handles your data and your customers’ data.

Last updated: placeholder — set on legal sign-off

Draft. This policy is a working document and has not yet been reviewed by a UK data-protection lawyer. Do not rely on it for compliance. A real policy will replace this before the product is offered to paying customers.

1. Who we are

Boshed Ltd ("Boshed", "we", "us") is the controller of personal data collected through this website and the Boshed application. Registered in England and Wales. Contact: privacy@boshed.co.uk.

2. What we collect

When you sign up and use Boshed, we collect:

  • Account data — your name, email, company name, password hash, role.
  • Customer data you enter — your customers’ names, addresses, phone numbers, emails, job notes, photos. You are the data controller for this; Boshed is the processor.
  • Operational data — jobs, schedules, status changes, invoices, payments.
  • Technical data — IP address, user agent, session timestamps, error logs.

We do not use behavioural advertising or third-party tracking on the application. The marketing site uses minimal first-party analytics.

3. Why we use it

  • To provide the service you signed up for.
  • To send service-related emails and notifications (job status, billing, password reset).
  • To investigate abuse, fraud, and security incidents.
  • To comply with legal obligations (e.g. responding to lawful requests).

4. Lawful basis

We process account and operational data on the basis of contract performance. We process technical data on the basis of legitimate interest in operating a secure service. Where we ever process data for any other purpose, we’ll ask for consent.

5. Who we share data with

We use a small number of third-party processors:

  • DigitalOcean — server hosting (UK / EU region).
  • Cloudflare — DNS, edge caching, and the marketing site.
  • (Future) Twilio or similar — sending customer SMS messages.
  • (Future) Stripe — payment processing for subscriptions.

We never sell your data, and we never share it with advertisers.

6. Where your data lives

All operational data is held on a server in a UK or EU region. Daily off-site backups are encrypted and held for 30 days.

7. How long we keep it

  • Active account data — for as long as the account is active.
  • Cancelled accounts — deleted within 30 days of cancellation, unless you request immediate deletion.
  • Billing records — kept for 6 years to meet HMRC requirements.
  • Backups — overwritten within 30 days.

8. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Have your data deleted (where we don’t need to keep it for legal reasons).
  • Export your data as a CSV — this is built into the product.
  • Object to processing or restrict it.
  • Complain to the Information Commissioner’s Office at ico.org.uk.

9. Cookies

The application uses a single session cookie to keep you signed in. The marketing site uses no third-party cookies. We don’t use ad tracking.

10. Changes to this policy

We’ll email account holders if anything material changes. We won’t change this policy quietly.

11. Getting in touch

Email privacy@boshed.co.uk. We aim to reply within 5 working days.