ClientRecordCards

This Privacy Policy describes how Packetpipe Ltd ("we", "us", or "our"), operating as ClientRecordCards.com, collects, uses, and shares information about you when you use our website, applications, and services (collectively, the "Services").

1. Who We Are

Packetpipe Ltd is a company registered in England and Wales (Company Number: 12105604). We are the data controller responsible for your personal data.

Contact Details:
Email: support@clientrecordcards.com
Company: Packetpipe Ltd
UK Company Number: 12105604

2. Information We Collect

2.1 Information You Provide

Account Information: Name, email address, password, business name, and contact details when you register.
Client Records: Information you input about your clients, including names, contact details, medical history, treatment records, consent forms, and photographs.
Payment Information: Billing details processed through our payment provider (Stripe). We do not store full card details.
Communications: Information you provide when contacting us for support.

2.2 Information Collected Automatically

Device Information: Browser type, operating system, device identifiers.
Usage Data: Pages visited, features used, time spent on the Services.
Log Data: IP address, access times, referring URLs.
Cookies: See our Cookie Policy for details.

3. Special Category Data

Our Services are designed for beauty professionals and may involve processing special category (sensitive) personal data, including:

Health information (allergies, medical conditions, skin conditions)
Treatment history and patch test results
Photographs showing physical appearance

This data is processed on the basis of explicit consent obtained by you (the beauty professional) from your clients, and is necessary for the provision of health-related services.

4. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve our Services
Process transactions and send related information
Send technical notices, updates, and support messages
Respond to your comments and questions
Monitor and analyse trends, usage, and activities
Detect, investigate, and prevent fraudulent transactions and abuse
Comply with legal obligations

5. Legal Basis for Processing (GDPR)

Under UK GDPR, we process your data based on:

Contract: Processing necessary to provide our Services to you.
Legitimate Interests: To improve our Services, prevent fraud, and ensure security.
Consent: Where you have given explicit consent (e.g., marketing communications).
Legal Obligation: To comply with applicable laws and regulations.

6. Data Sharing and Disclosure

We may share your information with:

Service Providers: Companies that help us operate our Services (hosting, payment processing, email delivery).
Legal Requirements: When required by law or to protect our rights.
Business Transfers: In connection with a merger, acquisition, or sale of assets.

We do not sell your personal data to third parties.

6.1 Third-Party Service Providers

Amazon Web Services (AWS): Cloud hosting and data storage (UK region)
Stripe: Payment processing
Clerk: Authentication services
WhatsApp/Meta: Optional messaging services

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide Services. Upon account deletion, your data will be permanently deleted within 7 days.

We may retain certain information as required by law or for legitimate business purposes, such as resolving disputes and enforcing agreements.

8. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

Encryption of data in transit (TLS/SSL) and at rest
Secure authentication mechanisms
Regular security assessments
Access controls and monitoring
Data stored in UK-based servers

9. International Data Transfers

Your data is primarily stored in the United Kingdom. Some of our service providers may process data outside the UK/EEA. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

10. Your Rights

Under UK GDPR, you have the right to:

Access: Request a copy of your personal data.
Rectification: Request correction of inaccurate data.
Erasure: Request deletion of your data ("right to be forgotten").
Restriction: Request limitation of processing.
Portability: Request transfer of your data in a machine-readable format.
Object: Object to processing based on legitimate interests.
Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise these rights, contact us at support@clientrecordcards.com. We will respond within one month.

11. Your Responsibilities as a Data Controller

As a user of our Services, you act as a data controller for the client data you input. You are responsible for:

Obtaining appropriate consent from your clients
Informing clients about how their data is processed
Responding to client data subject requests
Ensuring accuracy of the data you input
Complying with applicable data protection laws

12. Children's Privacy

Our Services are not directed to individuals under 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

14. Complaints

If you have concerns about our use of your personal data, please contact us first at support@clientrecordcards.com. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk
Helpline: 0303 123 1113

15. Contact Us

If you have any questions about this Privacy Policy, please contact us:

Email: support@clientrecordcards.com
Company: Packetpipe Ltd
UK Company Number: 12105604